I'm trying to use my IAM as external OpenID authentication. I have an website that i need to secure access to. For that i want to use the Thinkwise IAM OpenID as authentication backend.
For testing purposes I created a new IAM database on the 2022.2 platform with the latest indicium (2022.2.12) in the Azure cloud.
In the OpenID -> OpenID clients i created a new record with olly the ClientID populated. In the Configuration tab are values for Redirects, Post logout redirects and Secrets.
When the Azure Web App that hosts the Indicium is restarted it fails to start with “HTTP Error 500.30 - ASP.NET Core app failed to start”.
In the Application Event Logs I see the error message “The process was terminated due to an unhandled exception.
Exception Info: Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: Access is denied.
at Internal.Cryptography.Pal.StorePal.FromSystemStore(String storeName, StoreLocation storeLocation, OpenFlags openFlags)
at System.Security.Cryptography.X509Certificates.X509Store.Open(OpenFlags flags)
at Indicium.Startup.getOrCreateCertificateFromStore(String certificateName) in C:\azp\agent\_work\1\s\src\Indicium\Startup.cs:line 1285
at Indicium.Startup.getIdentityServerCertificate() in C:\azp\agent\_work\1\s\src\Indicium\Startup.cs:line 1137
at Indicium.Startup.createIdentityServerBuilder(IServiceCollection services, IRootApplicationLoader rootApplicationLoader) in C:\azp\agent\_work\1\s\src\Indicium\Startup.cs:line 1034
at Indicium.Startup.ConfigureServices(IServiceCollection services) in C:\azp\agent\_work\1\s\src\Indicium\Startup.cs:line 514
at System.RuntimeMethodHandle.InvokeMethod(Object target, Span`1& arguments, Signature sig, Boolean constructor, Boolean wrapExceptions)
at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
at Microsoft.AspNetCore.Hosting.ConfigureServicesBuilder.InvokeCore(Object instance, IServiceCollection services)
at Microsoft.AspNetCore.Hosting.ConfigureServicesBuilder.<>c__DisplayClass9_0.<Invoke>g__Startup|0(IServiceCollection serviceCollection)
at Microsoft.AspNetCore.Hosting.StartupLoader.ConfigureServicesDelegateBuilder`1.<>c__DisplayClass15_0.<BuildStartupServicesFilterPipeline>g__RunPipeline|0(IServiceCollection services)
at Microsoft.AspNetCore.Hosting.ConfigureServicesBuilder.Invoke(Object instance, IServiceCollection services)
at Microsoft.AspNetCore.Hosting.ConfigureServicesBuilder.<>c__DisplayClass8_0.<Build>b__0(IServiceCollection services)
at Microsoft.AspNetCore.Hosting.StartupLoader.ConfigureServicesDelegateBuilder`1.<>c__DisplayClass14_0.<ConfigureServices>g__ConfigureServicesWithContainerConfiguration|0(IServiceCollection services)
at Microsoft.AspNetCore.Hosting.ConventionBasedStartup.ConfigureServices(IServiceCollection services)
at Microsoft.AspNetCore.Hosting.WebHost.EnsureApplicationServices()
at Microsoft.AspNetCore.Hosting.WebHost.Initialize()
at Microsoft.AspNetCore.Hosting.WebHostBuilder.Build()
at Indicium.Program.Main(String[] args) in C:\azp\agent\_work\1\s\src\Indicium\Program.cs:line 23
When i remove the OpenID client configuration the Indicium runs normal.
Does anybody know what is causing this error and how can i successfully create an OpenID configuration to use as Authentication Back End?
Best answer by Dick van den Brink
View original
