Asp.net core 2.0 authorization through openidConnect method to IDP made in identityServer3

0
votes

I am trying to connect a in house SSO server, This SSO has been created using IdentityServer3. It works fine with our existing MVC 5 application. recently we are upgrading our product to ASP.net CORE 2.0.

We are running into issue with authentication process. After lot of digging I found that it connecting our authorization end point; however some how it is failing to connect login.

MVC-5 uses OWIN implementation to connect OpenIdConnect. here is URL from MVC-5

identity/connect/authorize?client_id=XXXX
&redirect_uri=XXXXXXXXXXXXXXXXXXX
&response_mode=form_post&response_type=id_token+token&scope=openid+api&state=OpenIdConnect.AuthenticationProperties%3dwFuNqQIdG7E9axIWsGRaxqn8Aikv4B839r1HfWPm57n9RZ5Ig8BK-r2WuNclpcGZr0Ch2GThSpZ53ShE1zBESfxrSHts_I2iLYfTCvBa0Kd-uRueov-NpXDJOh39yh_f-h8TMcCXRe9S3cvE2eWp64dqJLJZM8EqBsW77b-keS3SvTB2KU0X7NqW-VGdI2StBn0y4kiWg9mZseGS4chgsA&nonce=636483566187911271.OTVmNDY1NGQtZDgxZS00ZjllLThjYzQtYjVkNGYxMGM5ZGZhZGI4MzMyYjctMTBiNi00OGQ3LThmOWItNGExNTc5OGFiYTA4

Asp.net Core uses in built OpenId Connect method. Here URL from ASP.net core 2.0 

identity/connect/authorize?
client_id=XXXXX
&redirect_uri=XXXXXXXXXXXXX &response_type=code
&scope=openid%20api
&response_mode=form_post
&nonce=636483740666280555.NDA3ZGRjZDQtNTdjNS00NjFiLTllOTYtMDc0MjE2NzhkMzQ5NmFiMzU0ZTQtMDIxOS00ODI5LWI4NWEtYTRiMDYzMTFmYjJi&state=CfDJ8AqnlI2Cn3FJtTEVow2y5i5Kt7x-JhPHvqlWGUu6jOxJQQiBB53rtgKV7_nXM4zY0MbzFPQUuONdoyEmX61bexqlAmbTmpEnVC5CHkr41q4b6e3_JtWTBaCOa3vT1_vCNNnIS6lQW3RH4nV-SQ5PUyVr2IzMO3feVRrkS-NLnLAuUXyKSR3gk0LtuzESq_xQ0dtdrjnWr5-dbCyOvG0p3vFhlaQeKyT55q2jZyM4sO0T7B524l6ICz2cKEVLdR6VU2RpjqV_UAlwM7i9Mm7yo_kbCBbtaOOZDWjDVj6XDop0YUmYJhMLGnlXWVBjD87vmg
&x-client-SKU=ID_NET&x-client-ver=2.1.4.0

If you notice that ASP.net CORE openIdConnect adding nonce parameters, which is optional as per specification; however, I could not get rid from generating it. Other issue is State parameter is generating differently.

Any help to make it work with Asp.net Core 2.0 to identityServer3. I did not find any help around the blog community.

Rest assured I am passing the right parameters, all parameters work fine if I use with MVC 5.

1
c#asp.net-identityidentityserver3identityserver4asp.net-core-2.0
Hi and welcome! I notice you use a lot of [tag:x] markup in your question text... there's no real need to do that unless your question is specifically about the tag itself, in which case it probably belongs on meta.stackoverflow.com. Cheers!Rich Churcher
Thanks, this is my first post, did not know how things work around here, I am guessing my question is posted and out there to get it answered. or do you think if i have to take any action. I noticed that you removed tag from the post.abhishek

1 Answers

0
votes

So after spending 5 days.. I finally figure out the problem. It was an underlying implementation change in ASP.net CORE in OpenIdConnectOptions class.

Please refer Issue that i have raised with Microsoft Asp.net Security Team.