I have an application which developed few years back using .netcore 3.1. Now want to implement the SSO using keycloak with open id connect. Currently, when I run the app it can direct to keycloak sign in. But when successfully signed in, it can direct to application page (index) but with error (http error 500). Below is my setup: What I have tried: Startup.cs: public void ConfigureServices(IServiceCollection services) { IdentityModelEventSource.ShowPII = true; services.AddAuthorization(options => { options.AddPolicy("Admin", policy => policy.RequireClaim("user_roles", "admin")); options.AddPolicy("Contractor", policy => policy.RequireClaim("user_roles", "contractor")); options.AddPolicy("Users", policy => policy.RequireClaim("user_roles", "users")); options.AddPolicy( "Admin", policyBuilder => policyBuilder.RequireAssertion( context => context.User.HasClaim(claim => claim.Type == "admin" && (claim.Value == "contractor" || claim.Value == "users") )) ); }); services.AddAuthentication(options => { options.DefaultScheme = OpenIdConnectDefaults.AuthenticationScheme; // We check the cookie to confirm that we are authenticated options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme; // When we sign in we will deal out a cookie options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme; //Use this to check if we are alllowed to do something. options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme; }) .AddOpenIdConnect(options => { options.CallbackPath = "/Index"; options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme; options.Authority = Configuration["Authentication:oidc:Authority"]; options.ClientId = Configuration["Authentication:oidc:ClientId"]; //options.ResponseType = useLoadTest ? "code id_token token" : "code id_token"; options.RequireHttpsMetadata = false; options.GetClaimsFromUserInfoEndpoint = true; options.SaveTokens = false; options.RemoteSignOutPath = "/protocol/openid-connect/logout"; options.SignedOutRedirectUri = "Redirect-here"; //options.SignedOutRedirectUri = callBackUrl.ToString(); options.ResponseType = "code"; options.Scope.Add("openid"); options.Scope.Add("profile"); }) .AddCookie(setup => { setup.ExpireTimeSpan = TimeSpan.FromMinutes(60); }); } ``` appsetting.json "Authentication": { "oidc": { "Authority": "http:/keycloak-testing-ip/auth/realms/project", "ClientId": "demo" }
var
This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)