CODEWITHSUNDEEP
jwtazure-active-directoryasp.net-core-2.1
Emy Ferreira
Emy Ferreira

Reputation: 851

IDX20803: Unable to obtain configuration from

I know this question has been answered, but I don't understand what people exactly do (about certificates, ssl) and they all use a localhost but not me.

I used this sample as my example OpenIdConnect

I'm using:

Both are using .Net Core 2.1. The Web App is using the Azure AD connection to get a JwtBearer token, that is sent to the API.

Seeing the route /api/information in the API, a request is sent from the Web App to the API, and the API is returning the error above.

The error is:

System.InvalidOperationException: IDX20803: Unable to obtain configuration from: 'https://.onmicrosoft.com/<big Guid of 72 chars>/.well-known/openid-configuration'.

So I tried to solve this error, by adding certificates, adding the neccessary libraries (System.Net.Http v4.3.3), checked every permission in Azure AD but none of these worked.

If you need more information, I can provide them by adding them in this post.

Upvotes: 32

Views: 119908

Answers (12)

Ramya
Ramya

Reputation: 1

In my case . I had to add "Authority" to appsettings.json . When adding Authority include till . Azure was adding "/v2.0/.well-known/openid-configuration" at the end by default. Make sure overall url matches that is shown as in endpoints. When

"AzureAd": {
    "Instance": "https://XXX.b2clogin.com/",
    "ClientId": "13aead9c-e120-43eb-9b8f-c1eb5d1d2297",
    "CallbackPath": "/signin-oidc",
    "Domain": "xxx.onmicrosoft.com",
    "Scopes": "apidata.read apidata.write",
    "TenantId": "63588920-1bdd-42ee-93e6-6f0f1cc67d8f",
    "EditProfilePolicyId": "B2C_1_ProfileEdit",
    "ResetPasswordPolicyId": "B2C_1_PasswordReset",
    "SignUpSignInPolicyId": "B2C_1_SignUpSignIn",
    "Authority": "https://xxx.b2clogin.com/xxx.onmicrosoft.com/B2C_1_SignUpSignIn/"
  }

Upvotes: 0

Shinoy Babu
Shinoy Babu

Reputation: 1769

If you are using Azure B2C, aAdd the Tenant name properly with the ".b2clogin.com"

enter image description here

Upvotes: 0

Michele mpp Marostica
Michele mpp Marostica

Reputation: 2472

In my case today, I had to restart the app service and then it was working again.

Upvotes: 0

ChrisE
ChrisE

Reputation: 576

In my case I had run the app from a couple of places (VSCode, Rider and console) and some process was still running in the background. Just restarted the PC and it worked.

Upvotes: 0

Ogglas
Ogglas

Reputation: 69928

Adding to the answer from @AmirAli.

My error looked like this after using the tool msidentity-app-sync tool with .NET 6:

https://github.com/AzureAD/microsoft-identity-web/blob/master/tools/app-provisioning-tool/vs2019-16.9-how-to-use.md

System.InvalidOperationException: IDX20803: Unable to obtain configuration from: 'https://login.microsoftonline.com/<myAD>.onmicrosoft.com/B2C_1_signupsignin/v2.0/.well-known/openid-configuration'

Changed AzureAd:Instance in appsettings.json from default https://login.microsoftonline.com/ to https://<myAD>.b2clogin.com/ and then it worked.

Upvotes: 1

Apul
Apul

Reputation: 11

In my case, https://.b2clogin.com was blocked by the firewall, and the error message was exactly the same, so allowing the URL (by modifying firewall rules) allowing the server to access https://xxxx.b2clogin.com solved the issue. I hope it helps

Upvotes: 0

viniciusalvess
viniciusalvess

Reputation: 814

On my case, the Authority key was missing from my appSettings.

"AzureAdB2C": {
    "Instance": "https://login.microsoftonline.com",
    "Authority": "https://login.microsoftonline.com/<your tenant id>",
    "ClientId": "...",
    "TenantId": "...",
    "Domain": "https://<your name>.b2clogin.com",
    "SignedOutCallbackPath": "/signout/B2C_1_susi",
    "SignUpSignInPolicyId": "b2c_1_susi",
    "ResetPasswordPolicyId": "b2c_1_reset",
    "EditProfilePolicyId": "b2c_1_edit_profile",
    "CallbackPath": "/signin-oidc"
  }

Upvotes: 1

Amir Ali
Amir Ali

Reputation: 437

If anyone has this issue and is using the Azure B2C the instance is your root url for your azure b2c tenant. e.g. https://myroot.b2clogin.com/. The domain should be: myroot.onmicrosoft.com/

Make sure there is no https in the domain.

This worked for me.

{
    "AzureADB2C": {
        "CallbackPath": "/signin-oidc",
        "ClientId": "<app-registration-app-client-id>",
        "ClientSecret": "<secret-value>",
        "Domain": "<domain-name>.onmicrosoft.com/",
        "EditProfilePolicyId": "B2C_1_profile",
        "Instance": "https://<domain-name>.b2clogin.com/",
        "ResetPasswordPolicyId": "B2C_1_reset",
        "SignUpSignInPolicyId": "B2C_1_signupsignin"
    }
}

Upvotes: 16

Robert Shattock
Robert Shattock

Reputation: 134

For me the issue was firewall/network related - I could access the /.well-known/openid-configuration URL when I typed it in a browser, but the API itself couldn't (the API and Identity Server are being hosted in the same app). The API was being hosted in Azure and I had created an Outbound Security Rule (for the Network Security Group that was associated with the subnet which was integrated to my app service plan that the API belonged to) which prevented the API from calling any other app services in its app service plan, including itself. Adding a new Outbound Security Rule to allow that fixed my issue (I realise this resulted in a very similar error to the submitter but for a different reason and is more of an edge case - most probably don't have such restrictions setup).

Upvotes: 3

Ramdas Chavan
Ramdas Chavan

Reputation: 199

Resolved the issue by adding below code in Startup-->Configure

ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls 
                                       | SecurityProtocolType.Tls11
                                       | SecurityProtocolType.Tls12
                                       | SecurityProtocolType.Ssl3;

Upvotes: 14

rumi
rumi

Reputation: 3298

As mentioned in one of the comments above by @juunas The authentication handler loads this configuration file at startup to load up its config for validating tokens provided by the identity provider.

The file path end point can also be found in app registration section. If you go to app registration => Overview => Endpoints then look for OpenID Connect configuration endpoint (v2)

enter image description here

Startup.cs code for B2C authentication handler looks like below and I have supplied the values in appsettings

services.AddAuthentication(options =>
        {
            options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
        })
          .AddJwtBearer(jwtOptions =>
          {
              jwtOptions.Authority = $"{Configuration["AzureAdB2C:Instance"]}/{Configuration["AzureAdB2C:Tenant"]}/{Configuration["AzureAdB2C:Policy"]}/v2.0/";
              jwtOptions.Audience = Configuration["AzureAdB2C:ClientId"];
              jwtOptions.Events = new JwtBearerEvents
              {
                  OnAuthenticationFailed = AuthenticationFailed
              };
          });

 "AzureAdB2C": {
         "Tenant": "xxxxxxxxxb2c.onmicrosoft.com",
         "Instance": "xxxxxxxxxxxb2c.b2clogin.com",
         "ClientId": "xxxxxx-764c-4e4a-b0ec-xxxxxxf",
         "Policy": "B2C_1_signin1",
         "ScopeRead": "demo.read",

               },

Upvotes: 3

Emy Ferreira
Emy Ferreira

Reputation: 851

Solved it by replacing, in appsettings.json :

"AzureAd": {
     "Instance": "<APP_Uri_from_Azure_Portal>",
...
}

To

"AzureAd": {
     "Instance": "https://login.microsoftonline.com/",
...
}

Upvotes: 14

Related Questions