Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Jan 22 2015 17:45
    Build #10272 passed
  • Jan 22 2015 17:04
    Build #10271 passed
  • Jan 21 2015 21:27
    Build #10270 passed
  • Jan 21 2015 20:24
    Build #10269 passed
  • Jan 21 2015 20:17
    Build #10268 passed
  • Jan 21 2015 20:09
    Build #10267 passed
  • Jan 20 2015 23:18
    Build #10266 passed
  • Jan 20 2015 19:06
    Build #10265 passed
  • Jan 20 2015 18:38
    Build #10264 passed
  • Jan 20 2015 18:31
    Build #10263 passed
  • Jan 20 2015 03:38
    Build #10262 passed
  • Jan 20 2015 03:06
    Build #10261 passed
  • Jan 19 2015 18:02
    Build #10260 passed
  • Jan 18 2015 10:52
    Build #10259 passed
  • Jan 18 2015 10:38
    Build #10258 passed
  • Jan 18 2015 10:27
    Build #10257 passed
  • Jan 18 2015 10:15
    Build #10256 passed
  • Jan 17 2015 20:43
    Build #10255 passed
  • Jan 17 2015 20:32
    Build #10254 passed
  • Jan 17 2015 20:24
    Build #10251 passed
Dan Johnson
@danjohnso
ah the iframes
John Korsnes
@johnkors
is display=select_account something you consider adding support for?
Poul Kjeldager Sørensen
@s093294
i dont see display=select_account in openid connect spec, where are you reading?
John Korsnes
@johnkors
sorry, it's prompt
http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
not display
Brock Allen
@brockallen
well... you can implement that yourself in your custom view service. we pass you the signin message.
Poul Kjeldager Sørensen
@s093294
since you added the sha hashing of client secrets. The advice for when client creates these is to autogenerate it, show it to the administrator and when he had a chance of seeing it, hash it and store that and never keep the none hashes key ourselfs right
"client administrators creates"
Brock Allen
@brockallen
yes
so the admin ui gens it, shows it to admin, and stores it hashed so you will never be able to reverse it
Poul Kjeldager Sørensen
@s093294
i have so many clientsecrets stored in web.config for 3th party services that we use. would love to try out azure key vault and just keep one secret for that and then add secrets to the vault instead of webconfig. Would mean less encrypting of config file when changed.
or service definition file that is
Brock Allen
@brockallen
or just use a DB that keeps the hashed strings. shrug
Poul Kjeldager Sørensen
@s093294
was not the idsvr client secrets
meant like all those secrets and ids one get from using sendgrid, twilio, 3party id providers and stuff. but ye, those could also go into a db :)
Brock Allen
@brockallen
oh, your client secrets... got ya
Poul Kjeldager Sørensen
@s093294
these weird issues with page just hanging still happens once a while. last trace message is : w3wp.exe Information: 0 : [Thinktecture.IdentityServer.Core.Endpoints.AuthenticationController]: 1/21/2015 9:36:23 PM +00:00 -- Triggering challenge for external identity provider
so far redeploying fixes it
remoted in and restarted the site on iis also helped. tbh i dont think its something with idsrv
Poul Kjeldager Sørensen
@s093294
just found some unhangled exceptions in application log (i am really not familiar with these things, so tell me if its important)
https://gist.github.com/s093294/7c7b8bd02dd328b84c1c
Brock Allen
@brockallen
huh... i didn't look at all of that callstack, but it seems like it might be related to calling back to the idp?
backchannel, i mean
Poul Kjeldager Sørensen
@s093294
when the request end at : https://identity-staging.ascend.xyz:443/external?provider=AzureAD&signin=2d8946c536a0e5655e159cb9fd04c9df its supposed to redirect before it do any backchannel stuff i guess
Brock Allen
@brockallen
so if it dies at that endpoint, then it might be that it's tryign to load the metadata and for some reason connecting to it fails. this would leave the user stuck on that url.
does the end user get an exception? or just the 401 and a blank screen?
Poul Kjeldager Sørensen
@s093294
nothing happens, it just hangs there until i cancel the request
and i need to restart IIS before it work again
restart that site on IIS that is
Brock Allen
@brockallen
so yea, it's lazy loading the metadata from azure and it's just timing out
or maybe somewhere there's a deadlock
have fun locating it :)
Poul Kjeldager Sørensen
@s093294
ye
but is it inside oidc middleware itself you think
then i know somewhere else to go poke people :D
Brock Allen
@brockallen
well, it sort of seems so from the callstack
i'd ping in jabbr/owin and see if anyone bites
Poul Kjeldager Sørensen
@s093294
just saw it also in the callstack
not sure why I didnt pick it up in the first place
Brock Allen
@brockallen
ConfigurationManager`1.<GetConfigurationAsync is the clue, i think
Poul Kjeldager Sørensen
@s093294
thanks
what is the recomended claim for display name? I really dislike this given_name, family_name and name claims. Is one supposed to use name as displayname or a concat of given and family_name
cool stuff you added with the claimsfactory thing for aspnet btw
Poul Kjeldager Sørensen
@s093294
the purpose is that you can take stuff from usertable and put into claims when an identity is created right?
Poul Kjeldager Sørensen
@s093294
i added a custom document receiver to oidc now that only alows 5sec before it fails and writes out log message if so. will know in a few days if it it was the issue.
Brock Allen
@brockallen
the name claim is for the display name
yea, as for how you produce it... i guess that's up to you.
if you're using MR or AspId, then you can override the virtual for GetDisplayName
actually, sorry, that API is just for the display name on IdSvr.