Open Closed

Cluster configuration with IdentityServer4 #3340


0
[email protected] created

I have deployed a dockerized, monolith deployment of ABP to an AKS cluster. When running with 1 pod, everything works. When I have > 1 pods behind a load balancer, I start getting JWT invalid / 401 errors for some requests. I am using IdentityServer4 with the default configuration.

I have enabled Redis by adding the Volo.Abp.Caching.StackExchangeRedis to my .Web csproj and updating appsettings.json to include:

"Redis": { 
 "IsEnabled": "true",
 "Configuration": "xxx.redis.cache.windows.net:6380,password=..."
}

My XXXAppWebModule.cs enables IDS using:

app.UseIdentityServer();

Is there anything else that I need to do to properly enable IDS in a clustered environment or have I completed the necessary steps?

CONFIGURATION:

  • ABP Framework version: v5.2.1
  • UI type: MVC
  • DB provider: EF Core
  • Tiered (MVC) or Identity Server Separated (Angular): no (monolith)

Thanks, Matt


1 Answer(s)
  • 0
    liangshiwei created
    Support Team

    Hi,

    You can try to persist IDS protection keys to the Redis.

    var dataProtectionBuilder = context.Services.AddDataProtection().SetApplicationName("MyProjectName");
    if (!hostingEnvironment.IsDevelopment())
    {
        var redis = ConnectionMultiplexer.Connect(configuration["Redis:Configuration"]);
        dataProtectionBuilder.PersistKeysToStackExchangeRedis(redis, "MyProjectName-Protection-Keys");
    }