Open Closed

Docker Deployment with OpenIdDict #4066


User avatar
0
sraptis created

Good evening,

I have a major issue with ABP version 6 and the replacement of the Identity Server the OpenIdDict. The previous installation was running fine with the Identity Server using the workaround found here: https://community.abp.io/posts/patch-for-chrome-login-issue-identityserver4-samesite-cookie-problem-weypwp3n and here https://blog.antosubash.com/posts/abp-deploy-with-docker#identityserver

Now with the OpenIdDict, I had a first obstacle with the access with HTTP and not HTTPS protocol. I have overcome this issue by adding builder.AddServer(options => { options.UseAspNetCore().DisableTransportSecurityRequirement(); }) ; at the PreConfigureServices section

But the problem with the SameSite Cookies still persists even if apply the workaround mentioned earlier. At the interface, I am getting an error message 400 after logging in, and at the log file of the blazor docker container I am getting:

[WRN] '.AspNetCore.Correlation.snwJ5koIUN71dN0WTYcB6WawM_nCoAaDVQVVy0KtEMU' cookie not found. [INF] Error from RemoteAuthentication: Correlation failed.. [ERR] An unhandled exception has occurred while executing the request. System.Exception: An error was encountered while handling the remote login.

and also

[WRN] The cookie 'XSRF-TOKEN' has set 'SameSite=None' and must also set 'Secure'.

Can you please help or even better update the posts with the workarounds so that they cover also the OpenIdDict server?

Thank you in advance,

Stavros Raptis


5 Answer(s)
  • User Avatar
    0
    maliming created
    Support Team

    hi

    I will confirm that.

  • User Avatar
    0
    maliming created
    Support Team

    But the problem with the SameSite Cookies still persists even if apply the workaround mentioned earlier.

    Can you reproduce the problem without docker?

    https://support.abp.io/QA/Questions/3816/How-to-disable-https-in-openiddict#answer-0bea3600-1209-f831-3cbf-3a06f6fa86e0

  • User Avatar
    0
    sraptis created

    You can host the API, OpenIdDict, and Blazor frontend in 3 different servers with 3 different IPs like having them in 3 docker images. Also, change the port of the webserver to something different than the standard 80 & 443. This way you will have the same environment.

    Nevertheless, disregard the support ticket because I solved it myself. I have used HTTPS with real SSL certificates for all docker images and no port translation for the Blazor frontend.

    Best regards,

    Stavros Raptis

  • User Avatar
    0
    alper created
    Support Team

    hi,

    is your issue resolved?

  • User Avatar
    0
    sraptis created

    Yes,

    we resolved it ourselves as I have described in my previous post.

Made with ❤️ on ABP v9.1.0-rc.1. Updated on January 17, 2025, 14:13