IDX10803: Unable to create to obtain configuration

MADCookie picture MADCookie · Mar 30, 2016 · Viewed 36.5k times · Source

My configuration has 3 sites: Identity Server (Idp), Windows Authentication host and my end-user client site. On the client site, I request a controller decorated with [Authorize] and Identity Server kicks in.

The windows host at port 44305 is apparently throwing an exception and the identity server is receiving a status 500. I can access the windows host site URL without any problem. I get back an XML document

How do I debug and find out what that exception or error is that is stopping this authentication process? I get a 3 part exception with the inner most as the following

InvalidOperationException: IDX10803: Unable to create to obtain configuration from: 'https://localhost:44305/'.

Microsoft.IdentityModel.Protocols.ConfigurationManager`1.<GetConfigurationAsync>d__3.MoveNext() in ConfigurationManager.cs

The Windows Host OWIN startup is using UseWindowsAuthenticationService

The Identity Server OWIN is using AuthenticationOptions = WsFederationAuthenticationOptions

var wsFederationOptions = new WsFederationAuthenticationOptions
            {
                AuthenticationType = "windows",
                Caption = "Windows",
                SignInAsAuthenticationType = signInAsType,
                MetadataAddress = "https://localhost:44305/",
                Wtrealm = "urn:idsrv3"
            };
            app.UseWsFederationAuthentication(wsFederationOptions);
        }

Here are the requests and responses

Request URL:https://localhost:44315/
Request Method:GET
Status Code:302 Found
Response:Location:https://localhost:16433/connect/authorize?client_id=hms2015&redirect_uri=...

Request: https://localhost:16433/connect/authorize?client_id=hms2015&redirect_uri=...
Request Method:GET
Status Code:302 Found
Location:https://localhost:16433/login?signin=fde7508a6634698847c3076c9028604b

Request URL:https://localhost:16433/login?signin=fde7508a6634698847c3076c9028604b
Request Method:GET
Status Code:500 Internal Server Error

I have no visible SSL issues. With my browser, I can open all the pages from the different sites without any warning. I add my localhost IIS Express cert to the Trusted Root Cert.

Answer

Robert Muehsig picture Robert Muehsig · Dec 6, 2016

I had the same problem - it seems that the SSL cert was untrusted. To resolve this I moved the "localhost" IIS Express Cert from the Personal CertStore to the Trusted Root Certification Authorities and the issue was gone.

Cert