Hi
We are trying to deploy a multi-tenant angular application with a separate identity server component. It seems like we're not able to get the angular application to use the tenant hostname in the redirectUri parameter.
According to this: https://docs.abp.io/en/abp/latest/UI/Angular/Multi-Tenancy#domain-tenant-resolver we have set the environment config like this:
`
export const environment = {
production: true,
application: {
baseUrl: "https://{0}.app.staging.us.domain.cloud",
name: 'My',
},
oAuthConfig: {
issuer: 'https://identity.staging.us.domain.cloud',
redirectUri: "https://{0}.app.staging.us.domain.cloud",
clientId: 'My_App',
responseType: 'code',
scope: 'offline_access My',
},
apis: {
default: {
url: 'https://ep.staging.us.domain.cloud',
rootNamespace: 'DO.My',
},
},
} as Environment;`
it does seem to resolve the tenant with: https://ep.staging.us.domain.cloud/api/abp/multi-tenancy/tenants/by-name/test
and we get a response: {"success":true,"tenantId":"4035a222-3aaf-d3ec-9ba7-39f9d56a9864","name":"test"}
but the redirect to the identity component is: https://identity.staging.us.domain.cloud/connect/authorize?response_type=code&client_id=My_App&state=randomblah&redirect_uri=https://{0}.app.staging.us.domain.cloud&scope=openid offline_access My&code_challenge=randomblah&code_challenge_method=S256&nonce=randomblah
note that {0} did not get replaced with the tenant name. The URL we're using in the browser is: https://test.app.staging.us.domain.cloud
Any ideas what we're doing wrong?
Thanks & Regards Michel
Hi @Mehmet
Anything new to report here? We have updated to 4.1 final, and see the same issue there.
Thanks Michel
Hi Mehmet
This doesn't look like a public repo/issue?
/Michel
Hello
We are looking into using ABP.IO for our own platform. We would have multiple "products" (applications) which are each multi-tenant, and we are looking into providing a shared identity for them, so we/customers can use a single login (SSO) with all applications.
Is this something that ABP (Commercial) can do? Can you use a single identity server with multiple (ABP) applications?
Thanks MIchel
I am trying out rc-1, as I'm interested in the Impersonation feature. How do I impersonate a user? I haven't found anything.
Angular, separate Identity Server
Thanks
Using Angular with separate IdentityServer. Tenants resolve using subdomain tenant resolver.
I keep running into issues. Current issue: Got subdomain identity server, {0}.identity.domain.com The Http Api however has "identity.domain.com" as Authority, which obviously doesn't work.
I found this that talks about a Wildcard Issuer Validator: https://github.com/abpframework/abp/pull/8884 However the code is not available anymore on Github, only a nuget package (that's not cutting it for me...)
Is there any official guideance on this? Maybe just somehow who creates a new project and configures it that it works with subdomains, angular and separate identity server and documents all the relevant settings in a blog post or so? :) This can't be such an unusual scenario, but I'm really struggling.
Thanks! That looks interesting, I will try it out ASAP. Would you also please consider adding one with Angular and Identity Server separated?
Thanks
Would you also please consider adding one with Angular and Identity Server separated?
I will try to add that.
Thank you!
I have found what I was doing wrong using that sample application. I was missing this in my Configure on the Identity Server which sets the issuer URL to a static URL instead of using the Tenant-specific URL:
Configure<IdentityServerOptions>(options => { options.IssuerUri = configuration["App:SelfUrl"]; });
I'm not sure if I saw this documented somewhere, or if I just missed it, maybe it can be pointed out and clarified in the documentation. Thanks again & Cheers Michel
Hi
We are trying to make the DbMigrator project aware of different environments by using an appsettings.json per environment. This is usually straight forward by just creating appsettings.<Environment>.json file.
Unfortunately in the DbMigrator project this does not seem to work. While troubleshooting I have injected IConfiguration into the DbMigratorHostedService, and I did a Console.WriteLIne(_configuration.GetConnectionString("Default")); in the StartAsync method. Surprisingly, THIS WORKS and it gives the correct connection string! However, strangely it executes the DbMigration on the connection string from the original appsettings.json, instead of the one from IConfiguration..... I can't explain why. I can change the appsettings.json, and it connects to a different database, so it's definitely using that one.
Any ideas?
Thanks Michel
I am having the same issue. The samesite thing from the article did not work for me. Is the samesite thing also required in the IdentityServer project?
The reason to want http is for development in Docker, it makes it easier not having to worry about certs