Reputation: 1
IdentityServer4 on docker does not work in chrome after upgrading .net core v2.1.13 to v2.1.16
I have an application that worked well using .net core v2.1.13. After upgrading to version v2.1.16, some machines running google chrome are unable to create the .AspNetCore.Correlation.oidc cookie
after the user login he is redirected to https:///signin-oidc where the error is
System.Exception: An error was encountered while handling the remote login.
---> System.Exception: Correlation failed.
--- End of inner exception stack trace ---
at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler`1.HandleRequestAsync()
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Diagnostics.StatusCodePagesMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)
the error can be reproduced on a series of computers running the latest version of google chrome. but it works if used in other browsers like firefox, opera, edge, etc.
Upvotes: 0
Views: 1643
Answers (1)
Reputation: 21
I had the same problem starting earlier this month, searched issues on github and threads on stackoverflow with no luck, until I came across this:
https://devblogs.microsoft.com/aspnet/upcoming-samesite-cookie-changes-in-asp-net-and-asp-net-core/
So it seems Chrome is changing the standard of the "SameSite" property of cookies to enforce it to be set to "Lax", if I understand correctly. By default, when the OIDC middleware middle generates its correlation cookie (and nonce) cookies, it sets the "SameSite" property to "None". So this is what I did in my configuration:
.AddOpenIdConnect(options =>
{
// Other lines were omitted, only these two are useful to fix your problem
options.NonceCookie.SameSite = SameSiteMode.Lax
options.CorrelationCookie.SameSite = SameSiteMode.Lax
});
I don't know that it affects the behavior on other browsers... I tested after that in Chrome, Firefox and Edge with no issues. Someone can correct me on that if it has any side effects that I don't know about.
EDIT: My problem seems to have been resolved by itself, I tried again today in the version without the fix, with the flag clearly turned ON in chrome://flags, and the issue doesn't seem to be happening anymore.
Upvotes: 2
Related Questions
- "InvalidOperationException: IDX20803: Unable to obtain configuration from: '[PII is hidden]'"
- Chrome SameSite: Identity Server 4 (Code flow) + Web API Core 3.1 + Angular 8
- Https required for asp.net core in docker
- IdentityServer4 + Docker: The remote certificate is invalid according to the validation procedure
- OpenId with IdentityServer4
- Authorization Not working with identityserver4 when using docker
- Docker and identity server 4, api, angular : Cannot assign requested address
- Unable to obtain configuration from IdentityServer4
- IdentityServer4 in Docker images running on Linux & Azure repositories & authentication issue
- Identity Server 4 and docker