Docker + OIDC Issue

rachsngltn · October 5, 2021, 8:52pm

I am attempting to set up OIDC w/ Azure in a Docker set up and I cannot get any variation of it to work. I’ve even stripped my dockerfile to the bare minimum. I get the following error in the browser:

And the following error in the logs:
An unhandled exception was thrown by the application. System.FormatException: String ‘= true’ was not recognized as a valid Boolean.

I have tried:

True
“true”
$true
‘true’

Here’s my dockerfile:

FROM ironmansoftware/universal:2.3.1-windowsserver-1909

LABEL description="PowerShell Universal" 

EXPOSE 5000
VOLUME ["C:/home/PowerShellUniversal"]
ENV Data__RepositoryPath C:/home/PowerShellUniversal/Repository
ENV Data__ConnectionString C:/home/PowerShellUniversal/database.db
ENV UniversalDashboard__AssetsFolder C:/home/PowerShellUniversal/Dashboard 
ENV Logging__Path C:/home/PowerShellUniversal/Logs/log.txt


ENV Authentication__OIDC__Enabled = 'true'
ENV Authentication__OIDC__CallbackPath = '/auth/signin-oidc'
ENV Authentication__OIDC__ClientID = '<>'
ENV Authentication__OIDC__ClientSecret = '<>'
ENV Authentication__OIDC__Resource = 'https://management.azure.com'
ENV Authentication__OIDC__Authority = 'https://login.microsoftonline.com/<>'
ENV Authentication__OIDC__ResponseType = 'id_token token'
ENV Authentication__OIDC__SaveTokens = 'true'
ENV Authentication__OIDC__UseTokenLifetime = 'true'

ENTRYPOINT ["C:/ProgramData/Universal/Universal.Server.exe"]

adam · October 5, 2021, 10:30pm

We’ll have to do some debugging to see what’s up here. What you have looks correct and I wonder if there is some issue within PSU.

I opened an issue for this: Docker and OIDC not working. · Issue #544 · ironmansoftware/issues · GitHub

adam · October 5, 2021, 10:38pm

After looking at the log I got a hunch. What happens when you remove the '= ’ from the ENV in the dockerfile?

FROM ironmansoftware/universal:2.3.1-windowsserver-1909

LABEL description="PowerShell Universal" 

EXPOSE 5000
VOLUME ["C:/home/PowerShellUniversal"]
ENV Data__RepositoryPath C:/home/PowerShellUniversal/Repository
ENV Data__ConnectionString C:/home/PowerShellUniversal/database.db
ENV UniversalDashboard__AssetsFolder C:/home/PowerShellUniversal/Dashboard 
ENV Logging__Path C:/home/PowerShellUniversal/Logs/log.txt


ENV Authentication__OIDC__Enabled 'true'
ENV Authentication__OIDC__CallbackPath '/auth/signin-oidc'
ENV Authentication__OIDC__ClientID '<>'
ENV Authentication__OIDC__ClientSecret '<>'
ENV Authentication__OIDC__Resource 'https://management.azure.com'
ENV Authentication__OIDC__Authority 'https://login.microsoftonline.com/<>'
ENV Authentication__OIDC__ResponseType 'id_token token'
ENV Authentication__OIDC__SaveTokens 'true'
ENV Authentication__OIDC__UseTokenLifetime 'true'

ENTRYPOINT ["C:/ProgramData/Universal/Universal.Server.exe"]

rachsngltn · October 6, 2021, 12:59pm

That did something! I now see the MS login screen, but I’m getting a 500 for the redirect/callback.

        The cookie '.AspNetCore.OpenIdConnect.Nonce.CfDJ8OprJGyFJ2FBtF0sgmrp9SRTz0JFne4N3x9-R_xwvuS2Ag53E5zlBLyr88xptv1QUkjBOGsnFTgl3wua_5itjles7y6Kqsb3aADW9K7RtUt2HRXIWPlTQdR-b_g4elGKLHcfF4sLE3r4elPTRDnWl169ZSXcW-dxkh9vQJfpcoyVw2nb99VJZ3wOqMLtRihTCISaigeMXn9OX7HmunkWQYXBax697LDxvZoI5twhY-Si2jz5wQXbDhjBHB_4pYdjtkGrYD77r4RDZRuMi_g_sZY' has set 'SameSite=None' and must also set 'Secure'.

warn: Microsoft.AspNetCore.Http.ResponseCookies[1]

      The cookie '.AspNetCore.Correlation.q-hkg6J7hILPvUUmXCZtZm70__I9gNNeOKtchVd3T8U' has set 'SameSite=None' and must also set 'Secure'.

warn: Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler[15]

      '.AspNetCore.Correlation.q-hkg6J7hILPvUUmXCZtZm70__I9gNNeOKtchVd3T8U' cookie not found.

fail: Microsoft.AspNetCore.Server.Kestrel[13]

      Connection id "0HMC8P7QM2QJ8", Request id "0HMC8P7QM2QJ8:00000003": An unhandled exception was thrown by the application.

      System.Exception: An error was encountered while handling the remote login.

       ---> System.Exception: Correlation failed.

         --- End of inner exception stack trace ---

         at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler`1.HandleRequestAsync()

         at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)

         at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.ProcessRequests[TContext](IHttpApplication`1 application)

rachsngltn · October 6, 2021, 1:42pm

Seems to be the SameSite cookie flag, but apparently the flag has been taken away: Google Chrome flags for SameSite cookies taken away after update v91

Update: It works after downloading a portable version of Chrome 89.

adam · October 6, 2021, 2:08pm

Ack. Ok. I think I’ll have to remove that from the docs. If you configure HTTPS it should work on the latest.

Topic		Replies	Views
OIDC issues (docker azure web app) PowerShell Universal	15	359	June 20, 2023
Migrating from 1.5.21 to 2.3.1 OIDC Issue PowerShell Universal	7	774	November 22, 2021
Azure AD OIDC Localhost development PowerShell Universal	1	433	February 8, 2021
PSU on Synology Docker with OIDC PowerShell Universal	0	339	August 9, 2023
Azure AD OIDC - Resource identifier is not provided PowerShell Universal	3	768	November 3, 2021

Docker + OIDC Issue

Related topics