well... you can implement that yourself in your custom view service. we pass you the signin message.
Poul Kjeldager Sørensen
@s093294
since you added the sha hashing of client secrets. The advice for when client creates these is to autogenerate it, show it to the administrator and when he had a chance of seeing it, hash it and store that and never keep the none hashes key ourselfs right
"client administrators creates"
Brock Allen
@brockallen
yes
so the admin ui gens it, shows it to admin, and stores it hashed so you will never be able to reverse it
Poul Kjeldager Sørensen
@s093294
i have so many clientsecrets stored in web.config for 3th party services that we use. would love to try out azure key vault and just keep one secret for that and then add secrets to the vault instead of webconfig. Would mean less encrypting of config file when changed.
or service definition file that is
Brock Allen
@brockallen
or just use a DB that keeps the hashed strings. shrug
Poul Kjeldager Sørensen
@s093294
was not the idsvr client secrets
meant like all those secrets and ids one get from using sendgrid, twilio, 3party id providers and stuff. but ye, those could also go into a db :)
Brock Allen
@brockallen
oh, your client secrets... got ya
Poul Kjeldager Sørensen
@s093294
these weird issues with page just hanging still happens once a while. last trace message is : w3wp.exe Information: 0 : [Thinktecture.IdentityServer.Core.Endpoints.AuthenticationController]: 1/21/2015 9:36:23 PM +00:00 -- Triggering challenge for external identity provider
so far redeploying fixes it
remoted in and restarted the site on iis also helped. tbh i dont think its something with idsrv
Poul Kjeldager Sørensen
@s093294
just found some unhangled exceptions in application log (i am really not familiar with these things, so tell me if its important)
so if it dies at that endpoint, then it might be that it's tryign to load the metadata and for some reason connecting to it fails. this would leave the user stuck on that url.
does the end user get an exception? or just the 401 and a blank screen?
Poul Kjeldager Sørensen
@s093294
nothing happens, it just hangs there until i cancel the request
and i need to restart IIS before it work again
restart that site on IIS that is
Brock Allen
@brockallen
so yea, it's lazy loading the metadata from azure and it's just timing out
or maybe somewhere there's a deadlock
have fun locating it :)
Poul Kjeldager Sørensen
@s093294
ye
but is it inside oidc middleware itself you think
then i know somewhere else to go poke people :D
Brock Allen
@brockallen
well, it sort of seems so from the callstack
i'd ping in jabbr/owin and see if anyone bites
Poul Kjeldager Sørensen
@s093294
just saw it also in the callstack
not sure why I didnt pick it up in the first place
Brock Allen
@brockallen
ConfigurationManager`1.<GetConfigurationAsync is the clue, i think
Poul Kjeldager Sørensen
@s093294
thanks
what is the recomended claim for display name? I really dislike this given_name, family_name and name claims. Is one supposed to use name as displayname or a concat of given and family_name
cool stuff you added with the claimsfactory thing for aspnet btw
Poul Kjeldager Sørensen
@s093294
the purpose is that you can take stuff from usertable and put into claims when an identity is created right?
Poul Kjeldager Sørensen
@s093294
i added a custom document receiver to oidc now that only alows 5sec before it fails and writes out log message if so. will know in a few days if it it was the issue.
Brock Allen
@brockallen
the name claim is for the display name
yea, as for how you produce it... i guess that's up to you.
if you're using MR or AspId, then you can override the virtual for GetDisplayName
actually, sorry, that API is just for the display name on IdSvr.