IDX10803: Unable to create to obtain configuration

openid-connect identityserver3
MADCookie picture MADCookie · Mar 30, 2016 · Viewed 36.5k times · Source

My configuration has 3 sites: Identity Server (Idp), Windows Authentication host and my end-user client site. On the client site, I request a controller decorated with [Authorize] and Identity Server kicks in.

The windows host at port 44305 is apparently throwing an exception and the identity server is receiving a status 500. I can access the windows host site URL without any problem. I get back an XML document

How do I debug and find out what that exception or error is that is stopping this authentication process? I get a 3 part exception with the inner most as the following

InvalidOperationException: IDX10803: Unable to create to obtain configuration from: 'https://localhost:44305/'.

Microsoft.IdentityModel.Protocols.ConfigurationManager`1.<GetConfigurationAsync>d__3.MoveNext() in ConfigurationManager.cs

The Windows Host OWIN startup is using UseWindowsAuthenticationService

The Identity Server OWIN is using AuthenticationOptions = WsFederationAuthenticationOptions

var wsFederationOptions = new WsFederationAuthenticationOptions
            {
                AuthenticationType = "windows",
                Caption = "Windows",
                SignInAsAuthenticationType = signInAsType,
                MetadataAddress = "https://localhost:44305/",
                Wtrealm = "urn:idsrv3"
            };
            app.UseWsFederationAuthentication(wsFederationOptions);
        }

Here are the requests and responses

Request URL:https://localhost:44315/
Request Method:GET
Status Code:302 Found
Response:Location:https://localhost:16433/connect/authorize?client_id=hms2015&redirect_uri=...

Request: https://localhost:16433/connect/authorize?client_id=hms2015&redirect_uri=...
Request Method:GET
Status Code:302 Found
Location:https://localhost:16433/login?signin=fde7508a6634698847c3076c9028604b

Request URL:https://localhost:16433/login?signin=fde7508a6634698847c3076c9028604b
Request Method:GET
Status Code:500 Internal Server Error

I have no visible SSL issues. With my browser, I can open all the pages from the different sites without any warning. I add my localhost IIS Express cert to the Trusted Root Cert.

Answer

Robert Muehsig picture Robert Muehsig · Dec 6, 2016

I had the same problem - it seems that the SSL cert was untrusted. To resolve this I moved the "localhost" IIS Express Cert from the Personal CertStore to the Trusted Root Certification Authorities and the issue was gone.

Cert

Related questions

IdentityServer Flows

IdentityServer supports different OpenId Connect flows that are defined in the Flows enum and set for clients. There's also samples for each type of flow and many references to them in the docs but I could not find a simple …

Read More
OWIN OpenIdConnect Middleware IDX10311 nonce cannot be validated

I have an application using the OWIN middleware for OpenIdConnect. The startup.cs file uses the standard implementation of app.UseOpenIdConnectAuthentication. The cookie is set to the browser, but it errors with: IDX10311: RequireNonce is 'true' (default) but validationContext.Nonce …

Read More
IdentityServer "invalid_client" error always returned

I'm trying to use IdentityServer3, but don't know why I'm getting "invalid_client" error always, always no matter what I do. This is the code I'm using: //Startup.cs (Auth c# project) public void Configuration(IAppBuilder app) { var inMemoryManager = new …

Read More