1

ロード バランサーの背後に 2 要素認証を備えたカスタム UserService を備えた Identityserver v3 があります。それは私のマシンで動作します:-)しかし、負荷分散された環境に展開すると、partialSigninAuthenticationが失敗します(負荷分散に関連しているかどうかはわかりませんが、同じサーバーでv2も実行しています-問題はありません)。

サンプル impl の証明書を使用しており、RequireSSL=false (ロードバランサーの背後にある http) を使用しています。

私の TwoFactorController では、デバッグを出力します。

Trace.WriteLine(JsonConvert.SerializeObject(ctx.Authentication.User));
var authentication = await ctx.Authentication.AuthenticateAsync(Constants.PartialSignInAuthenticationType);
// Problem is that this is null
if (authentication == null)
{
   return View("Error");
}

トレースログ:

w3wp.exe Information: 0 : [Thinktecture.IdentityServer.Core.Endpoints.DiscoveryEndpointController]: 20.05.2015 13:24:47 +00:00 -- Start discovery request
w3wp.exe Information: 0 : [Thinktecture.IdentityServer.Core.Endpoints.DiscoveryEndpointController]: 20.05.2015 13:24:48 +00:00 -- Start key discovery request
w3wp.exe Information: 0 : [Thinktecture.IdentityServer.Core.Endpoints.AuthorizeEndpointController]: 20.05.2015 13:24:48 +00:00 -- Start authorize request
w3wp.exe Information: 0 : [Thinktecture.IdentityServer.Core.Validation.AuthorizeRequestValidator]: 20.05.2015 13:24:48 +00:00 -- Start authorize request protocol validation
w3wp.exe Information: 0 : [Thinktecture.IdentityServer.Core.Validation.AuthorizeRequestValidator]: 20.05.2015 13:25:01 +00:00 -- Authorize request validation success
 {
  "ClientId": "MvcTest1",
  "ClientName": "MvcTest1",
  "RedirectUri": "https://smi-test.myserver.net/TestMVC/",
  "AllowedRedirectUris": [
    "https://localhost:44311/TestMVC/",
    "https://smi-test.myserver.net/TestMVC/"
  ],
  "SubjectId": "unknown",
  "ResponseType": "id_token",
  "ResponseMode": "form_post",
  "Flow": "Implicit",
  "RequestedScopes": "sse_roles smi_profile openid profile",
  "State": "OpenIdConnect.AuthenticationProperties=OoZ3B4sAgC2fqGquUN3Nqg4JH1YFJeG8hCzr1D5O_3nFY_KZpUz_bsg8syMLEeYAP5tFt4YtYspJ8nf97VBnHP0YZkXFAuZQtZpdyAlWUY2yOfpLFwndlIlR_HFfiv7M8ztr_WsP7TAS5tLXuqLTbjrN1Yz1I-bTQd8iO-I002oKqksH1riamKagZJt9O-a5gkG4srOqH53yCHUb9bHflbpw_p4A7k8N3LYISpEf26M",
  "Nonce": "635677250880977851.NTJkMzlhMDQtZDA0OC00MTRiLTg0NDgtZGI2M2QwOTMzMDE0ODI5YTE1YTktZGY0YS00NTk0LTkwNWItOTEyYmNiMTMwZDk5",
  "Raw": {
    "client_id": "MvcTest1",
    "redirect_uri": "https://smi-test.myserver.net/TestMVC/",
    "response_mode": "form_post",
    "response_type": "id_token",
    "scope": "sse_roles smi_profile openid profile",
    "state": "OpenIdConnect.AuthenticationProperties=OoZ3B4sAgC2fqGquUN3Nqg4JH1YFJeG8hCzr1D5O_3nFY_KZpUz_bsg8syMLEeYAP5tFt4YtYspJ8nf97VBnHP0YZkXFAuZQtZpdyAlWUY2yOfpLFwndlIlR_HFfiv7M8ztr_WsP7TAS5tLXuqLTbjrN1Yz1I-bTQd8iO-I002oKqksH1riamKagZJt9O-a5gkG4srOqH53yCHUb9bHflbpw_p4A7k8N3LYISpEf26M",
    "nonce": "635677250880977851.NTJkMzlhMDQtZDA0OC00MTRiLTg0NDgtZGI2M2QwOTMzMDE0ODI5YTE1YTktZGY0YS00NTk0LTkwNWItOTEyYmNiMTMwZDk5"
  }
}
w3wp.exe Information: 0 : [Thinktecture.IdentityServer.Core.ResponseHandling.AuthorizeInteractionResponseGenerator]: 20.05.2015 13:25:01 +00:00 -- User is not authenticated. Redirecting to login.
w3wp.exe Information: 0 : [Thinktecture.IdentityServer.Core.Endpoints.AuthorizeEndpointController]: 20.05.2015 13:25:01 +00:00 -- End authorize request
w3wp.exe Information: 0 : [Thinktecture.IdentityServer.Core.Results.LoginResult]: 20.05.2015 13:25:01 +00:00 -- Redirecting to login page
Debug: [Thinktecture.IdentityServer.Core.Configuration.Hosting.MessageCookie`1]: 20.05.2015 13:25:01 +00:00 -- Protecting message: {"ReturnUrl":"http://smi-test.myserver.net/STSv3/connect/authorize?client_id=MvcTest1&redirect_uri=https%3A%2F%2Fsmi-test.myserver.net%2FTestMVC%2F&response_mode=form_post&response_type=id_token&scope=sse_roles%20smi_profile%20openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DOoZ3B4sAgC2fqGquUN3Nqg4JH1YFJeG8hCzr1D5O_3nFY_KZpUz_bsg8syMLEeYAP5tFt4YtYspJ8nf97VBnHP0YZkXFAuZQtZpdyAlWUY2yOfpLFwndlIlR_HFfiv7M8ztr_WsP7TAS5tLXuqLTbjrN1Yz1I-bTQd8iO-I002oKqksH1riamKagZJt9O-a5gkG4srOqH53yCHUb9bHflbpw_p4A7k8N3LYISpEf26M&nonce=635677250880977851.NTJkMzlhMDQtZDA0OC00MTRiLTg0NDgtZGI2M2QwOTMzMDE0ODI5YTE1YTktZGY0YS00NTk0LTkwNWItOTEyYmNiMTMwZDk5","ClientId":"MvcTest1","AcrValues":[],"Created":635677250886418395}
w3wp.exe Information: 0 : [Thinktecture.IdentityServer.Core.Endpoints.AuthenticationController]: 20.05.2015 13:25:01 +00:00 -- Login page requested
Debug: [Thinktecture.IdentityServer.Core.Endpoints.AuthenticationController]: 20.05.2015 13:25:01 +00:00 -- signin message passed to login: {
  "ReturnUrl": "http://smi-test.myserver.net/STSv3/connect/authorize?client_id=MvcTest1&redirect_uri=https%3A%2F%2Fsmi-test.myserver.net%2FTestMVC%2F&response_mode=form_post&response_type=id_token&scope=sse_roles%20smi_profile%20openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DOoZ3B4sAgC2fqGquUN3Nqg4JH1YFJeG8hCzr1D5O_3nFY_KZpUz_bsg8syMLEeYAP5tFt4YtYspJ8nf97VBnHP0YZkXFAuZQtZpdyAlWUY2yOfpLFwndlIlR_HFfiv7M8ztr_WsP7TAS5tLXuqLTbjrN1Yz1I-bTQd8iO-I002oKqksH1riamKagZJt9O-a5gkG4srOqH53yCHUb9bHflbpw_p4A7k8N3LYISpEf26M&nonce=635677250880977851.NTJkMzlhMDQtZDA0OC00MTRiLTg0NDgtZGI2M2QwOTMzMDE0ODI5YTE1YTktZGY0YS00NTk0LTkwNWItOTEyYmNiMTMwZDk5",
  "ClientId": "MvcTest1",
  "IdP": null,
  "Tenant": null,
  "LoginHint": null,
  "DisplayMode": null,
  "UiLocales": null,
  "AcrValues": [],
  "Created": 635677250886418395
}
w3wp.exe Information: 0 : [Thinktecture.IdentityServer.Core.Endpoints.AuthenticationController]: 20.05.2015 13:25:01 +00:00 -- rendering login page
w3wp.exe Information: 0 : [Thinktecture.IdentityServer.Core.Endpoints.AuthenticationController]: 20.05.2015 13:25:29 +00:00 -- Login page submitted
w3wp.exe Information: 0 : [Thinktecture.IdentityServer.Core.Endpoints.AuthenticationController]: 20.05.2015 13:25:29 +00:00 -- Login credentials successfully validated by user service
w3wp.exe Information: 0 : [Thinktecture.IdentityServer.Core.Endpoints.AuthenticationController]: 20.05.2015 13:25:29 +00:00 -- issuing cookie (partial login)
w3wp.exe Information: 0 : [Thinktecture.IdentityServer.Core.Endpoints.AuthenticationController]: 20.05.2015 13:25:29 +00:00 -- redirecting to: http://test.myserver.net/STSv3/TwoFactor/Index
w3wp.exe Information: 0 : TwoFactorController JsonConvert.SerializeObject(ctx.Authentication.User):
{"Claims":[],"Identities":[{"AuthenticationType":null,"IsAuthenticated":false,"Actor":null,"BootstrapContext":null,"Claims":[],"Label":null,"Name":null,"NameClaimType":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name","RoleClaimType":"http://schemas.microsoft.com/ws/2008/06/identity/claims/role"}],"Identity":{"AuthenticationType":null,"IsAuthenticated":false,"Actor":null,"BootstrapContext":null,"Claims":[],"Label":null,"Name":null,"NameClaimType":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name","RoleClaimType":"http://schemas.microsoft.com/ws/2008/06/identity/claims/role"}}

更新 部分ログインを削除しましたが、まだ機能していません。これは IdServer からの最後のログ エントリです

[Thinktecture.IdentityServer.Core.Results.AuthorizeFormPostResult]: 21.05.2015 07:54:35 +00:00 -- Posting to https://smi-test.myserver.net/TestMVC/

ブラウザのコンテンツは空ですが、タイトルには「このフォームを送信してください」と書かれていますブラウザのURLは次のとおりです。

  https://smi-test.myserver.net/STSv3/connect/authorize?client_id=MvcTest1&redirect_uri=https%3A%2F%2Fsmi-test.myserver.net%2FTestMVC%2F&response_mode=form_post&response_type=id_token&scope=sse_roles%20smi_profile%20openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DIxrlCyPTeXy89E1BwspOh64Hu66D0vrJ5T3y8FwdzpWIKQQZY.....

Update2 送信フォームを確認すると、コンテンツセキュリティポリシーによってスクリプトがブロックされているようです

ページhttps://smi-test.myserver.net/STSv3/connect/authorizeがスクリプトをロードします

<script src="http://smi-test.myserver.net/STSv3/assets/app.FormPostResponse.js"></script>

それをhttpsに変更するにはどうすればよいですか?

ラルシ

4

1 に答える 1

0

このプロパティを設定すると解決される問題:

PublicOrigin

この問題に関する詳細情報は、この問題で見つけることができます

于 2015-05-28T11:46:50.947 に答える