Calling all developers! We invite you to provide your input on Feature Experimentation by completing this brief survey.
Calling all developers! We invite you to provide your input on Feature Experimentation by completing this brief survey.
Hi Mahesh
Are your server/computer located behind an outgoing firewall or proxy server? Because this could be a sign that the OpenID middleware has trouble connecting to the OpenID configuration file (at https://login.microsoft.com site).
The issue is related to your application not being able to access https://[identity-provider-url]/.well-known/openid-configuration. Can you access the URL in a browser (with correct domain of course)?
Hi Stefan and Johan,
My computer is not behinde any firewal or proxy server. I am able to acess the identity provider url from browser, I see the json response in browser.
https://login.microsoftonline.com/[myGUIID]/v2.0/.well-known/openid-configuration.
Now I also tried with a fresh Episerver site with Alloy template, I get different errors on each hit
and sometime
Hi Stefan,
yes the issue specifically with Chrome browser, I followed the document link you shared above.
I put below code
public class SameSiteCookieManager : ICookieManager
{
private readonly ICookieManager _innerManager;
public SameSiteCookieManager() : this(new CookieManager())
{
}
public SameSiteCookieManager(ICookieManager innerManager)
{
_innerManager = innerManager;
}
public void AppendResponseCookie(IOwinContext context, string key, string value,
CookieOptions options)
{
CheckSameSite(context, options);
_innerManager.AppendResponseCookie(context, key, value, options);
}
public void DeleteCookie(IOwinContext context, string key, CookieOptions options)
{
CheckSameSite(context, options);
_innerManager.DeleteCookie(context, key, options);
}
public string GetRequestCookie(IOwinContext context, string key)
{
return _innerManager.GetRequestCookie(context, key);
}
private void CheckSameSite(IOwinContext context, CookieOptions options)
{
if (options.SameSite == Microsoft.Owin.SameSiteMode.None
&& DisallowsSameSiteNone(context))
{
options.SameSite = null;
}
}
public static bool DisallowsSameSiteNone(IOwinContext context)
{
var userAgent = context.Request.Headers["User-Agent"];
if (string.IsNullOrEmpty(userAgent))
{
return false;
}
if (userAgent.Contains("CPU iPhone OS 12") ||
userAgent.Contains("iPad; CPU OS 12"))
{
return true;
}
if (userAgent.Contains("Macintosh; Intel Mac OS X 10_14") &&
userAgent.Contains("Version/") && userAgent.Contains("Safari"))
{
return true;
}
if (userAgent.Contains("Chrome/5") || userAgent.Contains("Chrome/6"))
{
return true;
}
return false;
}
}
and in startup file I set
code as
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = aadAuthority,
PostLogoutRedirectUri = postLogoutRedirectUri,
CookieManager = new SameSiteCookieManager(
new SystemWebCookieManager()),
But I am still getting same error, May be I am missing something again.
Could you please help me.
Not sure if Azure AD supports validation of nonce. So as the error message suggest, turn it off.
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
ProtocolValidator = new OpenIdConnectProtocolValidator
{
RequireNonce = false
}
});
Hi Mahesh
I don't recall what exactly fixed the issue last time. But here are some notes.
Found the solution:
My local website was running on HTTPS, I changed it to HTTPS and its started working fine in Google chrome.
Thank you all for your help :)
Hi, I am trying to inegrate Azure openId connect AD authentication, I am following the below links as reference.
https://world.episerver.com/documentation/developer-guides/CMS/security/integrate-azure-ad-using-openid-connect/
https://we.knowit.fi/experience-fi/mixed-mode-authentication-with-azure-ad-and-aspnet-membership-for-episerver-multisites
I completed all mentioned points in above links, but now when I try to access the mysite/CMS section, I get below error on login page, any help please. thank you in Advance!