Skip to main content

I'm trying to connect an IAM (2020.2) test database to Indicium 2020.2.12 at an Azure App Service, but I get stuck at a certain point. When I try to access the root directory of Indicium I get the following.

An error occurred while starting the application.
.NET Framework 4.8.4210.0 X64 v4.0.0.0 | Microsoft.AspNetCore.Hosting version 2.2.0-rtm-35687 | Microsoft Windows 10.0.14393 &

The logs says the following:

2020-11-18T15:13:39.0399438+00:00  [inf] Initiating startup license check (a070e428)
2020-11-18T15:13:39.1962080+00:00 [inf] Reading license from IAM. (d4563d62)
2020-11-18T15:13:39.4790579+00:00 [inf] License successfully read from IAM. (66b06fb5)
um.Startup.getOpenIdSigningCertificate() in C:\azp\agent\_work\1\s\src\Indicium\Startup.cs:line 658
at Indicium.Startup.configureIdentityServer(IServiceCollection services) in C:\azp\agent\_work\1\s\src\Indicium\Startup.cs:line 605
at Indicium.Startup.ConfigureServices(IServiceCollection services) in C:\azp\agent\_work\1\s\src\Indicium\Startup.cs:line 396
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at Microsoft.AspNetCore.Hosting.ConventionBasedStartup.ConfigureServices(IServiceCollection services)
at Microsoft.AspNetCore.Hosting.Internal.WebHost.EnsureApplicationServices()
at Microsoft.AspNetCore.Hosting.Internal.WebHost.Initialize()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at Microsoft.AspNetCore.Hosting.Internal.WebHost.BuildApplication()
2020-11-18T15:13:40.7273167+00:00 [inf] License refresh not required. Current license state: Valid. License valid until 2021-02-16T14:58:47 (9ee3df71)
2020-11-18T15:13:40.7408558+00:00 [inf] License refresh scheduled for 2020-12-18 14:58:47. (b8b05180)

If I change the database name in appSettings to the other IAM database (production), it works as expected.

I have no clue what's happening and why the test IAM database is not accessible via Indicium. It can be accessed via the webgui. What can I do?

Hi René,

Going by that stack trace you’ve posted Indicium seems to have detected an OpenID configuration inside your IAM test database.

When this happens Indicium tries to load/create a certificate, from the user profile of the user that the application pool on IIS is running on, to sign tokens with.

The problem is that when the IIS application pool uses ApplicationPoolIdentity, which is the case on Azure App Services, there is no actual user profile unless the “Load user profile” option is set to true in the pool settings.

According to the Kudu wiki (https://github.com/projectkudu/kudu/wiki/Configurable-settings#add-user-profile-support-for-a-site) this can be achieved by adding a WEBSITE_LOAD_USER_PROFILE app setting to your Azure app and setting it to 1.

As stated in the wiki link this will only work for apps running in a Basic, Standard or Premium tier so make sure you are using one of those.

Alternatively you could of course also remove the OpenID configuration from the test IAM database.