Authentication issue in /orleans area

maxisam · June 29, 2021, 6:27pm

I’m submitting a…

[ ] Regression (a behavior that stopped working in a new release)
[X] Bug report
[ ] Performance issue
[ ] Documentation issue or request

Current behavior

can’t access

Expected behavior

Minimal reproduction of the problem

Environment

[X] Self hosted with docker
[ ] Self hosted with IIS
[ ] Self hosted with other version
[ ] Cloud version

Version: latest commit

Browser:

[X] Chrome (desktop)
[ ] Chrome (Android)
[ ] Chrome (iOS)
[ ] Firefox
[ ] Safari (desktop)
[ ] Safari (iOS)
[ ] IE
[ ] Edge

Others:

I moved the discuss here to fit the topic properly.

I think the problem is there is no cookie or somehow I can’t get cookie set properly.

I can see bear token so api area works fine with angular. I can login do everything just fine except the cluster area, which load an iframe and call /orleans directly.
And it will reject the call because there is no cookie and send it back to /orleans/signin-internal
this is also odd as well. I was expecting it should go to /signin-internal directly. I wonder if it is because of “app.Map(Constants.PrefixOrleans, orleansApp =>”

I will keep digging on this one. I have used identity server 4 before but I didn’t use it with cookie, so I am trying to figure how it should work properly.

Sebastian · June 29, 2021, 6:29pm

I do not have this problem. Cannot reproduce it.

maxisam · June 29, 2021, 6:51pm

It is ok. I will keep digging. Not sure if it is a bug or some setting I mess up. I will keep you post if I find anything.

maxisam · June 29, 2021, 7:17pm

Here is the error log

{
“logLevel”: “Error”,
“message”: “An unexpected exception has occurred.”,
“timestamp”: “2021-06-29T19:14:01Z”,
“app”: {
“name”: “Squidex”,
“version”: “1.0.0.0”,
“sessionId”: “f27ad77e-4a02-4310-91ce-e72685fb22f6”
},
“web”: {
“requestId”: “00-4241f3bf56a1194097c43af23e667ed6-e6c6a9b8decd1b4f-00”,
“requestPath”: “/orleans”,
“requestMethod”: “GET”
},
“exception”: {
“type”: “System.InvalidOperationException”,
“message”: “IDX20803: Unable to obtain configuration from: \u0027https://localhost:5001/identity-server/.well-known/openid-configuration\u0027.”,
“stackTrace”: " at Microsoft.IdentityModel.Protocols.ConfigurationManager\u00601.GetConfigurationAsync(CancellationToken cancel)\r\n at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleChallengeAsyncInternal(AuthenticationProperties properties)\r\n at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleChallengeAsync(AuthenticationProperties properties)\r\n at Microsoft.AspNetCore.Authentication.AuthenticationHandler\u00601.ChallengeAsync(AuthenticationProperties properties)\r\n at Microsoft.AspNetCore.Authentication.AuthenticationService.ChallengeAsync(HttpContext context, String scheme, AuthenticationProperties properties)\r\n at Squidex.Areas.OrleansDashboard.Middlewares.OrleansDashboardAuthenticationMiddleware.InvokeAsync(HttpContext context) in E:\repo\oss\squidex\backend\src\Squidex\Areas\OrleansDashboard\Middlewares\OrleansDashboardAuthenticationMiddleware.cs:line 44\r\n at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)\r\n at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)\r\n at Microsoft.AspNetCore.Builder.Extensions.MapMiddleware.Invoke(HttpContext context)\r\n at Microsoft.AspNetCore.Builder.Extensions.MapMiddleware.Invoke(HttpContext context)\r\n at Microsoft.AspNetCore.Builder.Extensions.MapMiddleware.Invoke(HttpContext context)\r\n at Squidex.Web.Pipeline.LocalCacheMiddleware.InvokeAsync(HttpContext context, ILocalCache localCache) in E:\repo\oss\squidex\backend\src\Squidex.Web\Pipeline\LocalCacheMiddleware.cs:line 27\r\n at Microsoft.AspNetCore.Localization.RequestLocalizationMiddleware.Invoke(HttpContext context)\r\n at Squidex.Web.Pipeline.UsageMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) in E:\repo\oss\squidex\backend\src\Squidex.Web\Pipeline\UsageMiddleware.cs:line 41\r\n at Squidex.Web.Pipeline.UsageMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) in E:\repo\oss\squidex\backend\src\Squidex.Web\Pipeline\UsageMiddleware.cs:line 85\r\n at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.\u003C\u003Ec__DisplayClass6_1.\u003C\u003CUseMiddlewareInterface\u003Eb__1\u003Ed.MoveNext()\r\n— End of stack trace from previous location —\r\n at Squidex.Web.Pipeline.RequestLogPerformanceMiddleware.InvokeAsync(HttpContext context, ISemanticLog log) in E:\repo\oss\squidex\backend\src\Squidex.Web\Pipeline\RequestLogPerformanceMiddleware.cs:line 49\r\n at Squidex.Web.Pipeline.RequestExceptionMiddleware.InvokeAsync(HttpContext context, IActionResultExecutor\u00601 writer, ISemanticLog log) in E:\repo\oss\squidex\backend\src\Squidex.Web\Pipeline\RequestExceptionMiddleware.cs:line 42"
}
}

I think it is possible that it was caused by SSL, I am going to test that later

maxisam · June 29, 2021, 8:42pm

You are right. It is not a bug. It is caused by SSL. I didn’t install certificate locally. In case anyone else has the same issue, to run this locally, you have to generate / install the certificate from dev folder.

emeel

I have the same issue when I run it on k8s locally. I think they are caused by the same issue.

maxisam · June 29, 2021, 9:28pm

It turns out it is a different issue in k8s. In case anyone else might have the same issue.

It is possible that the header is too big.

After setting it like this, everything works now

nginx.ingress.kubernetes.io/proxy-buffer-size: 16k