IdentityServer4：无法从“ {servicename} .well-known / openid-configuration”获取配置。码头工人问题

Question

我有一个identityserver4容器（identitymanagement:5003/localhost:5003） 和一个mvc应用（website.com:5000/localhost:5000）。

一旦它们都在docker中运行，而我尝试转到localhost:5000/home/login（将其重定向到identityserver），则会收到错误消息

  

无法从“ https://identitymanagement:5003/.well-known/openid-configuration”获得配置。

这是我所有不同的代码部分

MVC：登录电话

public IActionResult Login()
{
   return Challenge(new AuthenticationProperties
   {
       RedirectUri = "/Manage"
   });
}

MVC：Startup.cs

public static IServiceCollection AddCustomAuthentication(this IServiceCollection services, IConfiguration configuration)
    {

        var callBackUrl = configuration.GetValue<string>("logoutCallbackUrl");

        services.AddAuthentication(options =>
        {
            options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
        })
        .AddCookie(x=>x.ExpireTimeSpan = TimeSpan.FromHours(2))
        .AddOpenIdConnect(options =>
        {
            options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            options.Authority = "https://identitymanagement:5003";
            options.SignedOutRedirectUri = callBackUrl.ToString();
            options.ClientId =  "website";
            options.ClientSecret = "secret";
            options.ResponseType = "code id_token";
            options.SaveTokens = true;
            options.GetClaimsFromUserInfoEndpoint = true;
            options.RequireHttpsMetadata = false;
            options.Scope.Add("openid");
            options.Scope.Add("profile");


        });

        return services;
    }
}

IdentityServer Startup.cs

public class Startup
{
    public Startup(IConfiguration configuration)
    {
        Configuration = configuration;
    }

    public IConfiguration Configuration { get; }

    // This method gets called by the runtime. Use this method to add services to the container.
    public void ConfigureServices(IServiceCollection services)
    {
        services.AddDbContext<ApplicationDbContext>(options =>
            options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection")));


        services.AddIdentity<ApplicationUser, IdentityRole>()
            .AddDefaultUI(UIFramework.Bootstrap4)
            .AddEntityFrameworkStores<ApplicationDbContext>()
            .AddDefaultTokenProviders();


        services.AddIdentityServer()
            .AddDeveloperSigningCredential()
            .AddInMemoryIdentityResources(Config.GetIdentityResources())
            .AddInMemoryApiResources(Config.GetApiResources())
            .AddInMemoryClients(Config.GetClients())
            .AddAspNetIdentity<ApplicationUser>();

    }

    // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
    public void Configure(IApplicationBuilder app, IHostingEnvironment env)
    {
        if (env.IsDevelopment())
        {

            app.UseDeveloperExceptionPage();
            app.UseDatabaseErrorPage();
        }
        else
        {
            app.UseExceptionHandler("/Error");
        }

        app.UseStaticFiles();
        app.UseIdentityServer();
        app.UseMvcWithDefaultRoute();
    }

}

身份服务器：Config.cs

public class Config
{
    public static IEnumerable<ApiResource> GetApiResources()
    {
        return new List<ApiResource>
        {
            new ApiResource("resourceApi", "API Application")
        };
    }

    // scopes define the resources in your system
    public static IEnumerable<IdentityResource> GetIdentityResources()
    {
        return new List<IdentityResource>
        {
            new IdentityResources.OpenId(),
            new IdentityResources.Profile(),
            new IdentityResources.Email()
        };
    }

    public static IEnumerable<Client> GetClients()
    {
        return new List<Client>
        {


            // OpenID Connect implicit flow client (MVC)
            new Client
            {
                ClientId = "website",
                ClientName = "Public Website",
                AllowedGrantTypes = GrantTypes.Hybrid,
                RequireConsent = false,
                ClientSecrets =
                {
                    new Secret("secret".Sha256())
                },

                RedirectUris = { "https://kryptoevents.com:5000/signin-oidc" },
                PostLogoutRedirectUris = { "https://kryptoevents.com:5000/signout-callback-oidc" },
                AllowedScopes =
                {
                    IdentityServerConstants.StandardScopes.OpenId,
                    IdentityServerConstants.StandardScopes.Profile,
                    IdentityServerConstants.StandardScopes.Email,

                }
            }
        };
    }

}

docker-compose.override.yml

  identitymanagement:
    environment:
      - ASPNETCORE_ENVIRONMENT=Development
      - ASPNETCORE_URLS=https://+:443;http://+:80
      - ASPNETCORE_HTTPS_PORT=44378
    ports:
      - "60807:80"
      - "5003:443"

  website.com:
    environment:
      - ASPNETCORE_ENVIRONMENT=Development
      - ASPNETCORE_URLS=https://+:443;http://+:80
      - ASPNETCORE_HTTPS_PORT=44395
    ports:
      - "56530:80"
      - "5000:443"

注意 如果我没有在docker中运行服务，而只是在IIS而不是options.Authority = "https://identitymanagement:5003"上运行它们；将其更改为"https://localhost:5003"，然后一切都会按预期进行。

似乎docker内部存在问题，无法解决identitymanagment

我也尝试使用容器的IP地址而不是identitymanagement，但遇到相同的错误。

在docker内部运行时，关于证书，我需要做些特别的事情吗？

Answer 1

也许在您的docker.Yml中尝试更改

  identitymanagement:
environment:
  - ASPNETCORE_ENVIRONMENT=Development
  - ASPNETCORE_URLS=https://+:443;http://+:80;https://+:5003
  - ASPNETCORE_HTTPS_PORT=5003
ports:
  - "60807:80"
  - "5003:5003"

  website.com:
environment:
  - ASPNETCORE_ENVIRONMENT=Development
  - ASPNETCORE_URLS=https://+:443;http://+:80;https://+:5000
  - ASPNETCORE_HTTPS_PORT=5000
ports:
  - "56530:80"
  - "5000:5000"

因为在您的Identityserver Config.cs和MVC：Startup.cs中，您设置了这些特定端口