Click here to Skip to main content
15,867,308 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
I have an application which developed few years back using .netcore 3.1. Now want to implement the SSO using keycloak with open id connect. Currently, when I run the app it can direct to keycloak sign in. But when successfully signed in, it can direct to application page (index) but with error (http error 500). Below is my setup:

What I have tried:

Startup.cs:

public void ConfigureServices(IServiceCollection services)
        {
            IdentityModelEventSource.ShowPII = true;

            services.AddAuthorization(options =>
            {
                options.AddPolicy("Admin", policy => policy.RequireClaim("user_roles", "admin"));
                options.AddPolicy("Contractor", policy => policy.RequireClaim("user_roles", "contractor"));
                options.AddPolicy("Users", policy => policy.RequireClaim("user_roles", "users"));
                options.AddPolicy(
                    "Admin",
                    policyBuilder => policyBuilder.RequireAssertion(
                        context => context.User.HasClaim(claim =>
                                   claim.Type == "admin" && (claim.Value == "contractor" || claim.Value == "users")
                    ))
                );

            });

            services.AddAuthentication(options =>
            {
                options.DefaultScheme = OpenIdConnectDefaults.AuthenticationScheme;
                // We check the cookie to confirm that we are authenticated
                options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                // When we sign in we will deal out a cookie
                options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                //Use this to check if we are alllowed to do something.
                options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
            })
            .AddOpenIdConnect(options =>
            {
                options.CallbackPath = "/Index";
                options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                options.Authority = Configuration["Authentication:oidc:Authority"];
                options.ClientId = Configuration["Authentication:oidc:ClientId"];
                //options.ResponseType = useLoadTest ? "code id_token token" : "code id_token";
                options.RequireHttpsMetadata = false;
                options.GetClaimsFromUserInfoEndpoint = true;
                options.SaveTokens = false;
                options.RemoteSignOutPath = "/protocol/openid-connect/logout";
                options.SignedOutRedirectUri = "Redirect-here";
                //options.SignedOutRedirectUri = callBackUrl.ToString();
                options.ResponseType = "code";
                options.Scope.Add("openid");
                options.Scope.Add("profile");
            })
            .AddCookie(setup =>
            {
                setup.ExpireTimeSpan = TimeSpan.FromMinutes(60);
            });
}


```
appsetting.json

"Authentication": {
    "oidc": {
      "Authority": "http:/keycloak-testing-ip/auth/realms/project",
      "ClientId": "demo"
    }
Posted

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900