5,408 questions
- Bountied 0
- Unanswered
- Frequent
- Score
- Trending
- Week
- Month
- Unanswered (my tags)
6
votes
0
answers
68
views
Migration ID4 to WSO2 IS: Strategy for validating granular permissions in Ocelot Gateway
I am currently migrating my authentication provider from IdentityServer4 (.NET) to WSO2 Identity Server.
Current Architecture:
I use an Ocelot API Gateway to protect my microservices.
For management, ...
0
votes
0
answers
44
views
Pass parameter from Swagger to IdentityServer8 for authentication
I'm using Swagger UI to test APIs that require authentication to IdentityServer8 via OAuth 2.0 implicit flow. Is there any way to pass a custom parameter from Swagger UI to IdentityServer8 during ...
-1
votes
1
answer
96
views
Identity Server 4 redirect url directing to http instead of https
I have a server with multiple docker containers, I'm using nginx as a reverse proxy, and Identity Server 4 for authentication and authorisation.
my /.well-known/openid-configuration has endpoints ...
0
votes
1
answer
66
views
Angular Apps Using Same IdentityServer – Silent Refresh Fails When Redirecting Between Two Apps
I have two independent Angular applications (url1 and url2), both hosted on Azure Kubernetes Service (AKS) and configured to use the same IdentityServer (OIDC-based) for authentication.
Application ...
0
votes
0
answers
33
views
Health checks are logging in application insights when deploying identity server project using AKS
I’m excluding health check logs from the Identity Server application in Application Insights using the code below. The application is deployed on AKS. However, health check logs are still being ...
0
votes
0
answers
56
views
IdentityServer4: How to strictly validate returnUrl parameter against a whitelist?
We are using IdentityServer4 (v4.1.2) for OAuth authentication in an older system and need to strictly validate the returnUrl parameter to prevent open redirect vulnerabilities.
Our security ...
0
votes
0
answers
87
views
How to reuse and extend the existing Refresh Token when using refresh_token grant in OpenIddict without issuing a new one?
I'm using OpenIddict 6.3.0 with ASP.NET Core 8, and I want to customize the behavior when using the refresh_token grant.
✅ Goal:
When a refresh_token is used:
I want to reuse the existing refresh ...
0
votes
0
answers
65
views
IdentityServer 4 on AWS Elastic Beanstalk — OpenID Discovery Returns HTTP Endpoints Instead of HTTPS
I'm deploying an ASP.NET Core 9 Web API using IdentityServer 4 on AWS Elastic Beanstalk with an Application Load Balancer (ALB) and a valid ACM certificate.
What works:
SSL certificate is correctly ...
0
votes
0
answers
88
views
How to extend Client entity in Duende Identity Server v 7
I'm using Duende Identity Server v 7.0.7 and I need to add custom property to Client model. So basically add column to "Clients" table to store client specific value.
I know it is possible ...
0
votes
0
answers
57
views
.NET 8 Blazor web app (web assembly & server) + IdentityServicer
Does anyone have a working template? I tried to pin down such a configuration myself, but couldn't.
I keep getting an http 401 "unauthorized" error when sending a HTTP request from the ...
0
votes
0
answers
58
views
Why does RedirectGet work in place of FormPost for OpenIdConnectRedirectBehavior when redirecting to IdentityServer4 on Windows 11 machines?
I have a Blazor server app that uses IdentityServer4 for authentication. For context, all of the following is occurring on developer machines running the app through the Visual Studio 2022 debugger. ...
0
votes
0
answers
61
views
How to make front channel logout work in C# + IdentityServer4 + Angular?
I need help making front channel logout work in my application that uses C# + IdentityServer4 + Angular.
My client configuration in IdentityServer4:
new Client
{
AccessTokenType = AccessTokenType....
0
votes
0
answers
31
views
APIM and Identity Server not working with eachother
I have a web service that uses our identity server to login. On successful login, we are redirected (302) to POST method on /signin-oidc with the claims.
Apim has a url myapp.azure-api.net that is ...
0
votes
0
answers
64
views
Command Bot generated Azure AD SSO token with Authprompt flow use in Identity server without login
command chat bot in ms teams and with sso authentication using Authprompt dialog.
Azure AD intra id setup completed with redirect uris
https://localhost:44310/signin-oidc
https://.ngrok-free.app/auth-...
-1
votes
1
answer
117
views
IdentityServer Signout not working for all asp.net core MVC application's
this task is very complex to me but using google, chatGPT I done this project but I figure out some issues. In localhost everything working fine but when its come to production server getting issue.
...