Skip to content

Docker Dev: Swagger authorization issuer URL doesn't work #200

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
MaxKorlaar opened this issue Jun 17, 2020 · 2 comments · Fixed by #282
Closed

Docker Dev: Swagger authorization issuer URL doesn't work #200

MaxKorlaar opened this issue Jun 17, 2020 · 2 comments · Fixed by #282
Labels
bug Something isn't working infrastructure priority Only assign this label if it's asked to assign this label

Comments

@MaxKorlaar
Copy link
Member

Describe the bug
The authorization URL in Swagger is set to https://172.16.238.3/connect/authorize, which does not respond on my computer.

To Reproduce
Steps to reproduce the behavior:

  1. Clone the backend repo
  2. Execute docker-compose up
  3. Visit Swagger
  4. Click 'Authorize'
    image
  5. Get redirected to https://172.16.238.3/connect/authorize?response_type=token&client_id=Swagger-UI&redirect_uri=https%3A%2F%2Flocalhost%3A5001%2Foauth2-redirect.html&scope=dex-api&state=.... with no response.

Expected behavior
To become authorized in Swagger

Screenshots
See above.

Additional context
The following appears in the Docker logs:

api_1       | Exception occurred while processing message.
api_1       | System.InvalidOperationException: IDX20803: Unable to obtain configuration from: 'https://172.16.238.3/.well-known/openid-configuration'.
api_1       |  ---> System.IO.IOException: IDX20804: Unable to retrieve document from: 'https://172.16.238.3/.well-known/openid-configuration'.
api_1       |  ---> System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
api_1       |  ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
api_1       |    at System.Net.Security.SslStream.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception)
api_1       |    at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
api_1       |    at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
api_1       |    at System.Net.Security.SslStream.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
api_1       |    at System.Net.Security.SslStream.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
api_1       |    at System.Net.Security.SslStream.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
api_1       |    at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
api_1       |    at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
api_1       |    at System.Net.Security.SslStream.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
api_1       |    at System.Net.Security.SslStream.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
api_1       |    at System.Net.Security.SslStream.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
api_1       |    at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
api_1       |    at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
api_1       |    at System.Net.Security.SslStream.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
api_1       |    at System.Net.Security.SslStream.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
api_1       |    at System.Net.Security.SslStream.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
api_1       | --- End of stack trace from previous location where exception was thrown ---
api_1       |    at System.Net.Security.SslStream.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
api_1       |    at System.Net.Security.SslStream.EndProcessAuthentication(IAsyncResult result)
api_1       |    at System.Net.Security.SslStream.EndAuthenticateAsClient(IAsyncResult asyncResult)
api_1       |    at System.Net.Security.SslStream.<>c.<AuthenticateAsClientAsync>b__65_1(IAsyncResult iar)
api_1       |    at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)
api_1       | --- End of stack trace from previous location where exception was thrown ---
api_1       |    at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)
api_1       |    --- End of inner exception stack trace ---
api_1       |    at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)
api_1       |    at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean allowHttp2, CancellationToken cancellationToken)
api_1       |    at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, CancellationToken cancellationToken)
api_1       |    at System.Net.Http.HttpConnectionPool.GetHttpConnectionAsync(HttpRequestMessage request, CancellationToken cancellationToken)
api_1       |    at System.Net.Http.HttpConnectionPool.SendWithRetryAsync(HttpRequestMessage request, Boolean doRequestAuth, CancellationToken cancellationToken)
api_1       |    at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
api_1       |    at System.Net.Http.DiagnosticsHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
api_1       |    at System.Net.Http.HttpClient.FinishSendAsyncBuffered(Task`1 sendTask, HttpRequestMessage request, CancellationTokenSource cts, Boolean disposeCts)
api_1       |    at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel)
api_1       |    --- End of inner exception stack trace ---
api_1       |    at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel)
api_1       |    at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever.GetAsync(String address, IDocumentRetriever retriever, CancellationToken cancel)
api_1       |    at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)
api_1       |    --- End of inner exception stack trace ---
api_1       |    at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)
api_1       |    at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()
api_1       | 
api_1       | [17:19:53 Error] IdentityServer4.AccessTokenValidation.IdentityServerAuthenticationHandler
api_1       | IDX20803: Unable to obtain configuration from: 'https://172.16.238.3/.well-known/openid-configuration'.
api_1       | System.InvalidOperationException: IDX20803: Unable to obtain configuration from: 'https://172.16.238.3/.well-known/openid-configuration'.
api_1       |  ---> System.IO.IOException: IDX20804: Unable to retrieve document from: 'https://172.16.238.3/.well-known/openid-configuration'.
api_1       |  ---> System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
api_1       |  ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
api_1       |    at System.Net.Security.SslStream.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception)
api_1       |    at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
api_1       |    at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
api_1       |    at System.Net.Security.SslStream.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
api_1       |    at System.Net.Security.SslStream.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
api_1       |    at System.Net.Security.SslStream.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
api_1       |    at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
api_1       |    at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
api_1       |    at System.Net.Security.SslStream.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
api_1       |    at System.Net.Security.SslStream.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
api_1       |    at System.Net.Security.SslStream.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
api_1       |    at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
api_1       |    at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
api_1       |    at System.Net.Security.SslStream.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
api_1       |    at System.Net.Security.SslStream.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
api_1       |    at System.Net.Security.SslStream.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
api_1       | --- End of stack trace from previous location where exception was thrown ---
api_1       |    at System.Net.Security.SslStream.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
api_1       |    at System.Net.Security.SslStream.EndProcessAuthentication(IAsyncResult result)
api_1       |    at System.Net.Security.SslStream.EndAuthenticateAsClient(IAsyncResult asyncResult)
api_1       |    at System.Net.Security.SslStream.<>c.<AuthenticateAsClientAsync>b__65_1(IAsyncResult iar)
api_1       |    at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)
api_1       | --- End of stack trace from previous location where exception was thrown ---
api_1       |    at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)
api_1       |    --- End of inner exception stack trace ---
api_1       |    at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)
api_1       |    at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean allowHttp2, CancellationToken cancellationToken)
api_1       |    at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, CancellationToken cancellationToken)
api_1       |    at System.Net.Http.HttpConnectionPool.GetHttpConnectionAsync(HttpRequestMessage request, CancellationToken cancellationToken)
api_1       |    at System.Net.Http.HttpConnectionPool.SendWithRetryAsync(HttpRequestMessage request, Boolean doRequestAuth, CancellationToken cancellationToken)
api_1       |    at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
api_1       |    at System.Net.Http.DiagnosticsHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
api_1       |    at System.Net.Http.HttpClient.FinishSendAsyncBuffered(Task`1 sendTask, HttpRequestMessage request, CancellationTokenSource cts, Boolean disposeCts)
api_1       |    at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel)
api_1       |    --- End of inner exception stack trace ---
api_1       |    at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel)
api_1       |    at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever.GetAsync(String address, IDocumentRetriever retriever, CancellationToken cancel)
api_1       |    at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)
api_1       |    --- End of inner exception stack trace ---
api_1       |    at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)
api_1       |    at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()
api_1       |    at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()
api_1       |    at Microsoft.AspNetCore.Authentication.AuthenticationHandler`1.AuthenticateAsync()
api_1       |    at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme)
api_1       |    at IdentityServer4.AccessTokenValidation.IdentityServerAuthenticationHandler.HandleAuthenticateAsync()
api_1       | 
api_1       | [17:19:53 Information] IdentityServer4.AccessTokenValidation.IdentityServerAuthenticationHandler
api_1       | Bearer was not authenticated. Failure message: IDX20803: Unable to obtain configuration from: 'https://172.16.238.3/.well-known/openid-configuration'.
api_1       |
@MaxKorlaar MaxKorlaar added the bug Something isn't working label Jun 17, 2020
@RensvdLinden
Copy link
Contributor

Will look into this next week

@Brend-Smits Brend-Smits changed the title Swagger authorization issuer URL doesn't work Docker Dev: Swagger authorization issuer URL doesn't work Sep 17, 2020
@Brend-Smits
Copy link
Member

This is still an issue, anyone is free to take a look and fix this.

@matir8 matir8 mentioned this issue Oct 6, 2020
Closed
@Brend-Smits Brend-Smits added the priority Only assign this label if it's asked to assign this label label Oct 11, 2020
Brend-Smits added a commit that referenced this issue Oct 15, 2020
@Brend-Smits
Fix #200 where swagger used the wrong IP to retrieve well-known info
26265ce 
Swagger auth was using the internal docker IP. This won't work as you need to reference localhost:5005. 
Identity and API also weren't running on 5001/5000 and 5004/5005 as aspnetcore_urls were not referencing the ports correctly. 
In addition to that, I removed the part where direct ip's were referenced instead of service names. This change makes things easier to follow and less likely to break in the future, let Docker do it's DNS magic to resolve the IP address from the container.
@Brend-Smits Brend-Smits mentioned this issue Oct 15, 2020
Merged
13 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working infrastructure priority Only assign this label if it's asked to assign this label
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix #200 where swagger used the wrong IP to retrieve well-known info DigitalExcellence/dex-backend
3 participants
@MaxKorlaar @Brend-Smits @RensvdLinden