Skip to content
This repository has been archived by the owner on Jul 31, 2024. It is now read-only.

IDX20108: The address specified 'System.String' is not valid as per HTTPS scheme. #4645

Closed
rjdebona opened this issue Jul 9, 2020 · 4 comments
Closed

IDX20108: The address specified 'System.String' is not valid as per HTTPS scheme. #4645

rjdebona opened this issue Jul 9, 2020 · 4 comments
Labels
question

Comments

@rjdebona
Copy link

rjdebona commented Jul 9, 2020
edited
Loading

Question

I have a problem with Authotity adress when it come from an AWS load balancer HTTPS/SSL.
I'm running IdentityServer4 in a ECS Fargate Docker, and this service was configured to use Elastic Load Balancing to distribute traffic. A new listener was created to foward the 443 port with a correct certificate. I cant configure this https as Authority server.

Minimal working example

services.AddAuthentication(options =>
    {
        options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
        options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
    })
    .AddCookie(setup => setup.ExpireTimeSpan = TimeSpan.FromHours(2))
    .AddOpenIdConnect(options =>
    {  
        options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
        options.Authority = "https://account-teste.mydomain.com";
        options.ClientId = "WebMVC";
        options.ClientSecret = "mysecret";
        options.ResponseType = "code id_token";
        options.SaveTokens = true;
        options.GetClaimsFromUserInfoEndpoint = true;
        options.RequireHttpsMetadata = true;
        options.Scope.Add(IdentityServerConstants.StandardScopes.Email);
        options.Scope.Add("custom.profile");
        options.TokenValidationParameters = new TokenValidationParameters
        {
            NameClaimType = "name",
            RoleClaimType = "role"
        };
    });

Relevant parts of the log file

An unhandled exception occurred while processing the request.
ArgumentException: IDX20108: The address specified 'System.String' is not valid as per HTTPS scheme. Please specify an https address for security reasons. If you want to test with http address, set the RequireHttps property on IDocumentRetriever to false.
Parameter name: address
Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(string address, CancellationToken cancel)

InvalidOperationException: IDX20803: Unable to obtain configuration from: 'System.String'.
Microsoft.IdentityModel.Protocols.ConfigurationManager<T>.GetConfigurationAsync(CancellationToken cancel)

Stack Query Cookies Headers
ArgumentException: IDX20108: The address specified 'System.String' is not valid as per HTTPS scheme. Please specify an https address for security reasons. If you want to test with http address, set the RequireHttps property on IDocumentRetriever to false. Parameter name: address
Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(string address, CancellationToken cancel)
Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever.GetAsync(string address, IDocumentRetriever retriever, CancellationToken cancel)
Microsoft.IdentityModel.Protocols.ConfigurationManager<T>.GetConfigurationAsync(CancellationToken cancel)

Show raw exception details
InvalidOperationException: IDX20803: Unable to obtain configuration from: 'System.String'.
Microsoft.IdentityModel.Protocols.ConfigurationManager<T>.GetConfigurationAsync(CancellationToken cancel)
Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleChallengeAsync(AuthenticationProperties properties)
Microsoft.AspNetCore.Authentication.AuthenticationHandler<TOptions>.ChallengeAsync(AuthenticationProperties properties)
Microsoft.AspNetCore.Authentication.AuthenticationService.ChallengeAsync(HttpContext context, string scheme, AuthenticationProperties properties)
Microsoft.AspNetCore.Mvc.ChallengeResult.ExecuteResultAsync(ActionContext context)
Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.InvokeResultAsync(IActionResult result)
Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.InvokeAlwaysRunResultFilters()
Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.InvokeFilterPipelineAsync()
Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.InvokeAsync()
Microsoft.AspNetCore.Routing.EndpointMiddleware.Invoke(HttpContext httpContext)
Microsoft.AspNetCore.Routing.EndpointRoutingMiddleware.Invoke(HttpContext httpContext)
Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware.Invoke(HttpContext context)
Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)
@leastprivilege
Copy link
Member

This error is coming from a Microsoft library. Please ask them.

@registecsystem
Copy link

This issue help me to fix : #aspnet/Security#929

Solution:

Include Use at he IdentityServer and Client:

app.Use((context, next) => { context.Request.Scheme = "https"; return next(); });

Thanks all!

@rjdebona
Copy link
Author

This issue help me to fix : #aspnet/Security#929

Solution:

Include Use at he IdentityServer and Client:

app.Use((context, next) => { context.Request.Scheme = "https"; return next(); });

Thanks all!

@github-actions
Copy link

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Nov 26, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@leastprivilege @registecsystem @rjdebona