Open Closed

API return Unauthorized if multiple servers #3552


0
[email protected] created
  • I Publish my application on - two Servers for API (API-SERVER-ONE , API-SERVER-TWO) and made f5 load balancer with url "API.xyz.com" - two Servers for SSO (SSO-SERVER-ONE , SSO-SERVER-TWO) and made f5 load balancer with url "sso.xyz.com" - two server angular (UI-SERVER-ONE , UI-SERVER-TWO) and made f5 load balancer with url "ui.xyz.com" - one server Redis

if first call F5 transfer request to generate token from API-SERVER-ONE that may be uses (SSO-SERVER-ONE or SSO-SERVER-TWO) and in second request if call F5 transfer request to generate token from API-SERVER-TWO that may be uses (SSO-SERVER-ONE or SSO-SERVER-TWO)

return Unauthorized

  • ABP Framework version: 5.1.3
  • UI type: Angular
  • DB provider: EF Core
  • Tiered (MVC) or Identity Server Separated (Angular): yes

4 Answer(s)
  • 0
    liangshiwei created
    Support Team

    Hi,

    Could you provide a minimal reproduction project? thanks.

  • 0
    [email protected] created

    Hi,

    after we search, we found in IIdentityServer.AddDeveloperSigningCredential Generate different tempkey.jwk for each server,

    and ABP was created as a private method in the module "Volo.Abp.IdentityServer.Domain" but actual not used, private static IIdentityServerBuilder AddAbpDeveloperSigningCredential

    I solve the problem with the following code:

    
    PreConfigure<AbpIdentityServerBuilderOptions>(builder =>
                {
                    builder.AddDeveloperSigningCredential = false;
                });
                
    var certificate = new X509Certificate2(filePath, password);
    services.AddSigningCredential(certificate);
    PreConfigure<IIdentityServerBuilder>(builder =>
    	{
        	builder.AddSigningCredential(certificate);
    	});
    

    Is there any notes can you provide me in publishing Projects? or Is there any Videos to help me publish abp project?

  • 0
    liangshiwei created
    Support Team

    Hi,

    We have a document for this: https://docs.abp.io/en/commercial/latest/guides/identityserver-deployment#signing-certificate

  • 0
    [email protected] created

    Thanks for your support