All Questions
Tagged with identityserver4 openid-connect
713
questions
0
votes
0
answers
10
views
window.addEventListener('load',... does not trigger on Chrome on iOS (iPad)
We are using identity Server 4.
We are using .NET Core RazorPages web-applications.
They authenticate via openid-connect
While authentificating,the client is redirected to a html page with a hidden ...
0
votes
0
answers
22
views
In Identity Server, How to silently re-sign in an already logged session?
I had a configuration client + handler that worked only with cookies.
I have many users already logged with that cookies
That configuration didn't emit tokens, then I changed the client + handler to ...
0
votes
0
answers
32
views
Identity Server 4 add saml2 client
We have an identity server 4 as our identity provider. It uses openId and we have all the clients configured using the OpenId protocol. We have a portal that uses one of these clients for ...
0
votes
0
answers
43
views
Call Databricks Api from IdentityServer4 client
I am using IdentityServer4 with Microsoft Entra Id as my external login provider. I want to access Databricks api via IdentityServer4.
I have registered IdentityServer4 in Entra and configured ...
0
votes
0
answers
14
views
IdentityServer4 "Unknown location" when redirecting to client
I am using IdentityServer application as an external provider. After redirecting from IdentityServer back to my application I am getting "500 unable to unprotect message state. Unknown location&...
0
votes
0
answers
121
views
IdentityServer 4 - idsrv and idsrv.session cookies blocked on signin-oidc call
I'm working with IDS4 behind a reverse proxy. I find these IdentityServer cookies blocked on the signin-oidc call:
Blocked Cookies
(https://i.sstatic.net/zimtm.png)
The error msg on the cookies is:
&...
0
votes
0
answers
80
views
How can I get the access token from IdentityServer4 for an external login user which does not even have a password?
I am able to call or redirect to IdentityServer endpoint "GoogleLogin" from my SPA using html anchor tag href. And then, I got redirected to Google sign-in screen, on a successful sign-in, ...
0
votes
0
answers
43
views
Does Microsoft.AspNetCore.Authentication.MicrosoftAccount validate claims to mitigate N0Auth?
When using the Nuget package "Microsoft.AspNetCore.Authentication.MicrosoftAccount" (https://www.nuget.org/packages/Microsoft.AspNetCore.Authentication.MicrosoftAccount/), does this follow ...
0
votes
1
answer
312
views
.NET 5 Unable to unprotect the message.State when trying the sign-in callback
We are running an Azure app service (linux) which is used for authentication and authorization. It is using Microsoft Identity to use Azure AD authentication, so we are using Azure ad oidc. Couple of ...
0
votes
2
answers
235
views
Wildcards support for AllowedCorsOrigins in IdentityServer4
I use IdentityServer4 to login to my app using authorization_code flow.
I need to add support of wildcards for AllowedCorsOrigins in IdentityServer4 client configuration. I created my implementation ...
0
votes
2
answers
90
views
How to Get Rid of Unwanted Issued Cookie Claims in IdentityServer4
I am using IdentityServer4 with id_token flow. At the moment, I am only storing about 2 custom claims, but my cookie is already nearing size limit 3623/4093 bytes, because apparently IdentityServer4 ...
0
votes
1
answer
67
views
Client redirect does not work after login due to Bad Request error
I am working on a project that uses login via a IdentityServer 4 authentication server that uses. We have multiple seperately hosted client applications that will access this.
We pull in the allowed ...
0
votes
0
answers
179
views
Set HttpClient Basic Auth Header per client on backchannel logout in IdentityServer4 2.5.4 (.Net Core 2.1)
Remark: I know that .Net Core 2.1 is old, but at this moment I cannot update. It is planned for the future.
Situation:
One client needs a Basic Authentication header to accept the Back-Channel Logout ...
0
votes
1
answer
161
views
Passing response_mode to challenge/redirect for external providers
using Duende i have some external providers configured (they actually come from a store). I noticed using Azure Active Directory the code returned through GET is causing a long url causing a 404 error....
0
votes
0
answers
150
views
Can I determine if I can use postMessage with a targetOrigin without try/catch?
I'm implementing the OIDC's Session feature, which requires the use of window.postMessage to exchange messages between <iframe> elements from different Origins.
My OIDC IdP is IdentityServer4. ...