我们有一个Identityserver v3,在负载均衡器后面有一个带有2因子身份验证的自定义UserService。它适用于我的机器:-)但部署到负载均衡环境时partialSigninAuthentication失败(我不确定它是否与loadbalaning有关,我只是假设。我们的v2也运行在相同的服务器上 - 没有问题)。
我使用示例impl中的证书,并使用RequireSSL = false(负载均衡器后面的http)
在我的TwoFactorController中,我打印一些调试,也许这有帮助吗?
Trace.WriteLine(JsonConvert.SerializeObject(ctx.Authentication.User));
var authentication = await ctx.Authentication.AuthenticateAsync(Constants.PartialSignInAuthenticationType);
// Problem is that this is null
if (authentication == null)
{
return View("Error");
}
追踪日志:
w3wp.exe Information: 0 : [Thinktecture.IdentityServer.Core.Endpoints.DiscoveryEndpointController]: 20.05.2015 13:24:47 +00:00 -- Start discovery request
w3wp.exe Information: 0 : [Thinktecture.IdentityServer.Core.Endpoints.DiscoveryEndpointController]: 20.05.2015 13:24:48 +00:00 -- Start key discovery request
w3wp.exe Information: 0 : [Thinktecture.IdentityServer.Core.Endpoints.AuthorizeEndpointController]: 20.05.2015 13:24:48 +00:00 -- Start authorize request
w3wp.exe Information: 0 : [Thinktecture.IdentityServer.Core.Validation.AuthorizeRequestValidator]: 20.05.2015 13:24:48 +00:00 -- Start authorize request protocol validation
w3wp.exe Information: 0 : [Thinktecture.IdentityServer.Core.Validation.AuthorizeRequestValidator]: 20.05.2015 13:25:01 +00:00 -- Authorize request validation success
{
"ClientId": "MvcTest1",
"ClientName": "MvcTest1",
"RedirectUri": "https://smi-test.myserver.net/TestMVC/",
"AllowedRedirectUris": [
"https://localhost:44311/TestMVC/",
"https://smi-test.myserver.net/TestMVC/"
],
"SubjectId": "unknown",
"ResponseType": "id_token",
"ResponseMode": "form_post",
"Flow": "Implicit",
"RequestedScopes": "sse_roles smi_profile openid profile",
"State": "OpenIdConnect.AuthenticationProperties=OoZ3B4sAgC2fqGquUN3Nqg4JH1YFJeG8hCzr1D5O_3nFY_KZpUz_bsg8syMLEeYAP5tFt4YtYspJ8nf97VBnHP0YZkXFAuZQtZpdyAlWUY2yOfpLFwndlIlR_HFfiv7M8ztr_WsP7TAS5tLXuqLTbjrN1Yz1I-bTQd8iO-I002oKqksH1riamKagZJt9O-a5gkG4srOqH53yCHUb9bHflbpw_p4A7k8N3LYISpEf26M",
"Nonce": "635677250880977851.NTJkMzlhMDQtZDA0OC00MTRiLTg0NDgtZGI2M2QwOTMzMDE0ODI5YTE1YTktZGY0YS00NTk0LTkwNWItOTEyYmNiMTMwZDk5",
"Raw": {
"client_id": "MvcTest1",
"redirect_uri": "https://smi-test.myserver.net/TestMVC/",
"response_mode": "form_post",
"response_type": "id_token",
"scope": "sse_roles smi_profile openid profile",
"state": "OpenIdConnect.AuthenticationProperties=OoZ3B4sAgC2fqGquUN3Nqg4JH1YFJeG8hCzr1D5O_3nFY_KZpUz_bsg8syMLEeYAP5tFt4YtYspJ8nf97VBnHP0YZkXFAuZQtZpdyAlWUY2yOfpLFwndlIlR_HFfiv7M8ztr_WsP7TAS5tLXuqLTbjrN1Yz1I-bTQd8iO-I002oKqksH1riamKagZJt9O-a5gkG4srOqH53yCHUb9bHflbpw_p4A7k8N3LYISpEf26M",
"nonce": "635677250880977851.NTJkMzlhMDQtZDA0OC00MTRiLTg0NDgtZGI2M2QwOTMzMDE0ODI5YTE1YTktZGY0YS00NTk0LTkwNWItOTEyYmNiMTMwZDk5"
}
}
w3wp.exe Information: 0 : [Thinktecture.IdentityServer.Core.ResponseHandling.AuthorizeInteractionResponseGenerator]: 20.05.2015 13:25:01 +00:00 -- User is not authenticated. Redirecting to login.
w3wp.exe Information: 0 : [Thinktecture.IdentityServer.Core.Endpoints.AuthorizeEndpointController]: 20.05.2015 13:25:01 +00:00 -- End authorize request
w3wp.exe Information: 0 : [Thinktecture.IdentityServer.Core.Results.LoginResult]: 20.05.2015 13:25:01 +00:00 -- Redirecting to login page
Debug: [Thinktecture.IdentityServer.Core.Configuration.Hosting.MessageCookie`1]: 20.05.2015 13:25:01 +00:00 -- Protecting message: {"ReturnUrl":"http://smi-test.myserver.net/STSv3/connect/authorize?client_id=MvcTest1&redirect_uri=https%3A%2F%2Fsmi-test.myserver.net%2FTestMVC%2F&response_mode=form_post&response_type=id_token&scope=sse_roles%20smi_profile%20openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DOoZ3B4sAgC2fqGquUN3Nqg4JH1YFJeG8hCzr1D5O_3nFY_KZpUz_bsg8syMLEeYAP5tFt4YtYspJ8nf97VBnHP0YZkXFAuZQtZpdyAlWUY2yOfpLFwndlIlR_HFfiv7M8ztr_WsP7TAS5tLXuqLTbjrN1Yz1I-bTQd8iO-I002oKqksH1riamKagZJt9O-a5gkG4srOqH53yCHUb9bHflbpw_p4A7k8N3LYISpEf26M&nonce=635677250880977851.NTJkMzlhMDQtZDA0OC00MTRiLTg0NDgtZGI2M2QwOTMzMDE0ODI5YTE1YTktZGY0YS00NTk0LTkwNWItOTEyYmNiMTMwZDk5","ClientId":"MvcTest1","AcrValues":[],"Created":635677250886418395}
w3wp.exe Information: 0 : [Thinktecture.IdentityServer.Core.Endpoints.AuthenticationController]: 20.05.2015 13:25:01 +00:00 -- Login page requested
Debug: [Thinktecture.IdentityServer.Core.Endpoints.AuthenticationController]: 20.05.2015 13:25:01 +00:00 -- signin message passed to login: {
"ReturnUrl": "http://smi-test.myserver.net/STSv3/connect/authorize?client_id=MvcTest1&redirect_uri=https%3A%2F%2Fsmi-test.myserver.net%2FTestMVC%2F&response_mode=form_post&response_type=id_token&scope=sse_roles%20smi_profile%20openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DOoZ3B4sAgC2fqGquUN3Nqg4JH1YFJeG8hCzr1D5O_3nFY_KZpUz_bsg8syMLEeYAP5tFt4YtYspJ8nf97VBnHP0YZkXFAuZQtZpdyAlWUY2yOfpLFwndlIlR_HFfiv7M8ztr_WsP7TAS5tLXuqLTbjrN1Yz1I-bTQd8iO-I002oKqksH1riamKagZJt9O-a5gkG4srOqH53yCHUb9bHflbpw_p4A7k8N3LYISpEf26M&nonce=635677250880977851.NTJkMzlhMDQtZDA0OC00MTRiLTg0NDgtZGI2M2QwOTMzMDE0ODI5YTE1YTktZGY0YS00NTk0LTkwNWItOTEyYmNiMTMwZDk5",
"ClientId": "MvcTest1",
"IdP": null,
"Tenant": null,
"LoginHint": null,
"DisplayMode": null,
"UiLocales": null,
"AcrValues": [],
"Created": 635677250886418395
}
w3wp.exe Information: 0 : [Thinktecture.IdentityServer.Core.Endpoints.AuthenticationController]: 20.05.2015 13:25:01 +00:00 -- rendering login page
w3wp.exe Information: 0 : [Thinktecture.IdentityServer.Core.Endpoints.AuthenticationController]: 20.05.2015 13:25:29 +00:00 -- Login page submitted
w3wp.exe Information: 0 : [Thinktecture.IdentityServer.Core.Endpoints.AuthenticationController]: 20.05.2015 13:25:29 +00:00 -- Login credentials successfully validated by user service
w3wp.exe Information: 0 : [Thinktecture.IdentityServer.Core.Endpoints.AuthenticationController]: 20.05.2015 13:25:29 +00:00 -- issuing cookie (partial login)
w3wp.exe Information: 0 : [Thinktecture.IdentityServer.Core.Endpoints.AuthenticationController]: 20.05.2015 13:25:29 +00:00 -- redirecting to: http://test.myserver.net/STSv3/TwoFactor/Index
w3wp.exe Information: 0 : TwoFactorController JsonConvert.SerializeObject(ctx.Authentication.User):
{"Claims":[],"Identities":[{"AuthenticationType":null,"IsAuthenticated":false,"Actor":null,"BootstrapContext":null,"Claims":[],"Label":null,"Name":null,"NameClaimType":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name","RoleClaimType":"http://schemas.microsoft.com/ws/2008/06/identity/claims/role"}],"Identity":{"AuthenticationType":null,"IsAuthenticated":false,"Actor":null,"BootstrapContext":null,"Claims":[],"Label":null,"Name":null,"NameClaimType":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name","RoleClaimType":"http://schemas.microsoft.com/ws/2008/06/identity/claims/role"}}
更新 我删除了部分登录,但仍然无法正常工作。这是IdServer的最后一个日志条目
[Thinktecture.IdentityServer.Core.Results.AuthorizeFormPostResult]: 21.05.2015 07:54:35 +00:00 -- Posting to https://smi-test.myserver.net/TestMVC/
在浏览器中,内容为空,但标题为:'提交此表单' 浏览器的网址是:
https://smi-test.myserver.net/STSv3/connect/authorize?client_id=MvcTest1&redirect_uri=https%3A%2F%2Fsmi-test.myserver.net%2FTestMVC%2F&response_mode=form_post&response_type=id_token&scope=sse_roles%20smi_profile%20openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DIxrlCyPTeXy89E1BwspOh64Hu66D0vrJ5T3y8FwdzpWIKQQZY.....
UPDATE2 检查提交表单,看起来内容安全策略阻止了脚本
页面https://smi-test.myserver.net/STSv3/connect/authorize加载脚本
<script src="http://smi-test.myserver.net/STSv3/assets/app.FormPostResponse.js"></script>
如何将其更改为https?
Larsi