Docker + OIDC Issue

rachsngltn · October 5, 2021, 8:52pm

I am attempting to set up OIDC w/ Azure in a Docker set up and I cannot get any variation of it to work. I’ve even stripped my dockerfile to the bare minimum. I get the following error in the browser:

And the following error in the logs:
An unhandled exception was thrown by the application. System.FormatException: String ‘= true’ was not recognized as a valid Boolean.

I have tried:

True
“true”
$true
‘true’

Here’s my dockerfile:

FROM ironmansoftware/universal:2.3.1-windowsserver-1909

LABEL description="PowerShell Universal" 

EXPOSE 5000
VOLUME ["C:/home/PowerShellUniversal"]
ENV Data__RepositoryPath C:/home/PowerShellUniversal/Repository
ENV Data__ConnectionString C:/home/PowerShellUniversal/database.db
ENV UniversalDashboard__AssetsFolder C:/home/PowerShellUniversal/Dashboard 
ENV Logging__Path C:/home/PowerShellUniversal/Logs/log.txt


ENV Authentication__OIDC__Enabled = 'true'
ENV Authentication__OIDC__CallbackPath = '/auth/signin-oidc'
ENV Authentication__OIDC__ClientID = '<>'
ENV Authentication__OIDC__ClientSecret = '<>'
ENV Authentication__OIDC__Resource = 'https://management.azure.com'
ENV Authentication__OIDC__Authority = 'https://login.microsoftonline.com/<>'
ENV Authentication__OIDC__ResponseType = 'id_token token'
ENV Authentication__OIDC__SaveTokens = 'true'
ENV Authentication__OIDC__UseTokenLifetime = 'true'

ENTRYPOINT ["C:/ProgramData/Universal/Universal.Server.exe"]

adam · October 5, 2021, 10:30pm

We’ll have to do some debugging to see what’s up here. What you have looks correct and I wonder if there is some issue within PSU.

I opened an issue for this: Docker and OIDC not working. · Issue #544 · ironmansoftware/issues · GitHub

adam · October 5, 2021, 10:38pm

After looking at the log I got a hunch. What happens when you remove the '= ’ from the ENV in the dockerfile?

FROM ironmansoftware/universal:2.3.1-windowsserver-1909

LABEL description="PowerShell Universal" 

EXPOSE 5000
VOLUME ["C:/home/PowerShellUniversal"]
ENV Data__RepositoryPath C:/home/PowerShellUniversal/Repository
ENV Data__ConnectionString C:/home/PowerShellUniversal/database.db
ENV UniversalDashboard__AssetsFolder C:/home/PowerShellUniversal/Dashboard 
ENV Logging__Path C:/home/PowerShellUniversal/Logs/log.txt


ENV Authentication__OIDC__Enabled 'true'
ENV Authentication__OIDC__CallbackPath '/auth/signin-oidc'
ENV Authentication__OIDC__ClientID '<>'
ENV Authentication__OIDC__ClientSecret '<>'
ENV Authentication__OIDC__Resource 'https://management.azure.com'
ENV Authentication__OIDC__Authority 'https://login.microsoftonline.com/<>'
ENV Authentication__OIDC__ResponseType 'id_token token'
ENV Authentication__OIDC__SaveTokens 'true'
ENV Authentication__OIDC__UseTokenLifetime 'true'

ENTRYPOINT ["C:/ProgramData/Universal/Universal.Server.exe"]

rachsngltn · October 6, 2021, 12:59pm

That did something! I now see the MS login screen, but I’m getting a 500 for the redirect/callback.

        The cookie '.AspNetCore.OpenIdConnect.Nonce.CfDJ8OprJGyFJ2FBtF0sgmrp9SRTz0JFne4N3x9-R_xwvuS2Ag53E5zlBLyr88xptv1QUkjBOGsnFTgl3wua_5itjles7y6Kqsb3aADW9K7RtUt2HRXIWPlTQdR-b_g4elGKLHcfF4sLE3r4elPTRDnWl169ZSXcW-dxkh9vQJfpcoyVw2nb99VJZ3wOqMLtRihTCISaigeMXn9OX7HmunkWQYXBax697LDxvZoI5twhY-Si2jz5wQXbDhjBHB_4pYdjtkGrYD77r4RDZRuMi_g_sZY' has set 'SameSite=None' and must also set 'Secure'.

warn: Microsoft.AspNetCore.Http.ResponseCookies[1]

      The cookie '.AspNetCore.Correlation.q-hkg6J7hILPvUUmXCZtZm70__I9gNNeOKtchVd3T8U' has set 'SameSite=None' and must also set 'Secure'.

warn: Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler[15]

      '.AspNetCore.Correlation.q-hkg6J7hILPvUUmXCZtZm70__I9gNNeOKtchVd3T8U' cookie not found.

fail: Microsoft.AspNetCore.Server.Kestrel[13]

      Connection id "0HMC8P7QM2QJ8", Request id "0HMC8P7QM2QJ8:00000003": An unhandled exception was thrown by the application.

      System.Exception: An error was encountered while handling the remote login.

       ---> System.Exception: Correlation failed.

         --- End of inner exception stack trace ---

         at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler`1.HandleRequestAsync()

         at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)

         at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.ProcessRequests[TContext](IHttpApplication`1 application)

rachsngltn · October 6, 2021, 1:42pm

Seems to be the SameSite cookie flag, but apparently the flag has been taken away: Google Chrome flags for SameSite cookies taken away after update v91

Update: It works after downloading a portable version of Chrome 89.

adam · October 6, 2021, 2:08pm

Ack. Ok. I think I’ll have to remove that from the docs. If you configure HTTPS it should work on the latest.

Topic		Replies	Views
PSU on Synology Docker with OIDC PowerShell Universal	0	235	August 9, 2023
Azure AD OIDC - Resource identifier is not provided PowerShell Universal	3	588	November 3, 2021
Random errors during OIDC signin PowerShell Universal	0	69	March 4, 2024
500 Error using OpenID/Azure AD PowerShell Universal	1	467	September 13, 2021
Cannot Install components from Marketplace PowerShell Universal	14	446	March 18, 2022

Docker + OIDC Issue

Related Topics