and i need to restart IIS before it work again
restart that site on IIS that is
or maybe somewhere there's a deadlock
have fun locating it :)
but is it inside oidc middleware itself you think
then i know somewhere else to go poke people :D
i'd ping in jabbr/owin and see if anyone bites
not sure why I didnt pick it up in the first place
what is the recomended claim for display name? I really dislike this given_name, family_name and name claims. Is one supposed to use name as displayname or a concat of given and family_name
cool stuff you added with the claimsfactory thing for aspnet btw
yea, as for how you produce it... i guess that's up to you.
if you're using MR or AspId, then you can override the virtual for GetDisplayName
actually, sorry, that API is just for the display name on IdSvr.
if you want to tweak the actual token claims, then override GetClaimsFromAccount
@brockallen @leastprivilege I am in a yello screen of death situation due to oidc middleware doing an error (error:invalid_request
error_description:AADSTS16000: Session is invalid due to recent password change.) http://www.cloudidentity.com/blog/2014/05/11/openid-connect-and-ws-fed-owin-components-design-principles-object-model-and-pipeline/ shows how to redirect away. Is there any way to redirect the error into idsrvs views. Maybe we can set some properties on owinctx that idsrv can pickup. Just ideas in case its something more people will run into
error_description:AADSTS16000: Session is invalid due to recent password change.) http://www.cloudidentity.com/blog/2014/05/11/openid-connect-and-ws-fed-owin-components-design-principles-object-model-and-pipeline/ shows how to redirect away. Is there any way to redirect the error into idsrvs views. Maybe we can set some properties on owinctx that idsrv can pickup. Just ideas in case its something more people will run into
AuthenticationFailed = async (notice) =>{
notice.Response.Write(string.Format("Pleanse clear cookies from https://login.windows.net/. Exception: {0}", notice.Exception));
notice.Response.Write(string.Format("Pleanse clear cookies from https://login.windows.net/. Exception: {0}", notice.Exception));
notice.SkipToNextMiddleware();
},
I know this is a TAD out of scope, but @leastprivilege : have you any thoughts on this and the default login-view? (XSS-vuln in Android WebViews) http://arxiv.org/ftp/arxiv/papers/1304/1304.7451.pdf What mechanisms of idsrv makes this safe from XSS?
i have this entry in my logs a few times but havent experienced any issues from the user point of it.: [Thinktecture.IdentityServer.Core.Validation.TokenValidator]: 1/22/2015 10:57:03 AM +00:00 -- Token handle not found
{
"ValidateLifetime": true,
"AccessTokenType": "Reference",
"TokenHandle": "undefined"
}; TraceSource 'w3wp.exe' event
{
"ValidateLifetime": true,
"AccessTokenType": "Reference",
"TokenHandle": "undefined"
}; TraceSource 'w3wp.exe' event
Ahh, i think its because some default bearer token validation kicks in and it ask idsrv to validate it. Using the thinktecture access token validation middleware. Maybe this should not do the request if no token was given
yea, search for UTF8
it's the fine print :)
yes
that's always your job for anything like that
IViewService