stackoom
  简体   繁体   中英

How do you use Thinktecture IdentityServer 3 with Certificate setup

 原文  2016-02-22 20:24:38       iis/ certificate/ thinktecture-ident-server/ identityserver3/ thinktecture

Question

I want to use Thinktecture IdentityServer 3 to provide STS to ASP.NET site but I don't know how to setup the certificates.

How do I use SelfHost (InMem with WS-Fed) Thinktecture Identity Server 3 as STS for a local IIS site?

The problem I have is as follows:

I've used this client in VS Development Server: https://github.com/IdentityServer/IdentityServer3.Samples/tree/master/source/Clients/MvcOwinWsFederation

with the SelfHost (InMem with WS-Fed): IdentityServer3.Samples/tree/master/source/SelfHost%20(InMem%20with%20WS-Fed)

It all works, connects, authenticates and displays claims.

But when I publish the client to local IIS site called WSFedClient and that tries to authenticate against the same self-host STS, but I get this error:

"The remote certificate is invalid according to the validation procedure."

I've followed this: https://github.com/IdentityServer/IdentityServer3/issues/553

...but I'm still confused about what it is I need to do.

3 answers

solution1
 0  2016-02-22 22:50:29

Try installing your cert into the "Trusted Root Certificate Authorities" store.

1) Launch the mmc. At the start menu, enter MMC.exe and hit enter.

2) Press control-M to add a module. Select Certificates, and click Add.

3) Select Computer account, then Next, select Local Computer, and hit Finish. Then hit OK.

4) Expand Certificates. Right-click on "Trusted Root Certificate Authorities", and select "All tasks", then "Import..."

5) Browse out to the cert and select it. You probably will need to check the box to allow it to be exported, which means you'll probably have to enter the password, which you should know, if you created it.

solution2
 0  2016-02-23 02:54:01

Check following things regarding your certificate. Most probably point # 2 below causing this error.

  1. Check if CA's root certificate exists in Trusted Root Certification Authorities store.
  2. Check "Issued To" field of certificate matches with host name of identity server's endpoint url.
  3. Check expiry date of certificate.
  4. Check if certificate is not revoked by CA.

solution3
 0  2016-02-24 05:45:35

It looks like you must configure SSL endpoint for callback URI as well. That is WSFedClient in your sample.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Slow connection at the first connect on MVC Application + Thinktecture IdentityServer How do you access an Azure / IIS certificate directly from Java? How do you setup and retrieve encryption and signing certificates in IIS for OpenIddict? Signing certificate not found: CN=********.server.domain.com in Thinktecture How do you use https / SSL on localhost? How do you modify a Web Setup Project to create a new website, app pool and virtual directory? IdentityServer 4 Https over self signed certificate How do you setup an IIS Web App so it can access a network share without an AD? IIS and SQL on separate servers - how do you setup a user account for .net app? How to setup IIS to verify a client certificate and pass it to the backend as an http header?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM