{"id":22786024,"url":"https://github.com/hemantksingh/identity-server","last_synced_at":"2025-10-15T10:49:44.125Z","repository":{"id":46578846,"uuid":"258072147","full_name":"hemantksingh/identity-server","owner":"hemantksingh","description":null,"archived":false,"fork":false,"pushed_at":"2024-04-07T01:07:46.000Z","size":508,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-02-05T17:14:22.316Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hemantksingh.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-04-23T02:20:51.000Z","updated_at":"2021-11-01T15:03:46.000Z","dependencies_parsed_at":"2022-07-20T06:17:10.763Z","dependency_job_id":null,"html_url":"https://github.com/hemantksingh/identity-server","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hemantksingh%2Fidentity-server","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hemantksingh%2Fidentity-server/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hemantksingh%2Fidentity-server/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hemantksingh%2Fidentity-server/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hemantksingh","download_url":"https://codeload.github.com/hemantksingh/identity-server/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246342688,"owners_count":20761938,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-12-11T23:08:59.513Z","updated_at":"2025-10-15T10:49:39.083Z","avatar_url":"https://github.com/hemantksingh.png","language":"C#","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Identity server\n\nAdding identity server to the solution\n\n```sh\n# Install IdentityServer4 templates\ndotnet new -i IdentityServer4.Templates\n\n# Add identity server project\ndotnet new is4empty -n identity-server\ndotnet sln add ./src/identity-server/identity-server.csproj\n\n# Add the Quickstarter UI\ncd ./src/identity-server\ndotnet new is4ui\n```\n\n## Running the application using docker\n\n```sh\n# Build the docker image\ndocker build -t hemantksingh/identity-server -f Dockerfile.identity-server .\n\n# Run in development mode\ndocker run -p 80:5000 -e ASPNETCORE_ENVIRONMENT=Development hemantksingh/identity-server\n\n# Run in production mode\ndocker run -p 80:5000 hemantksingh/identity-server\n\n# or run identity server behind an nginx reverse proxy\ndocker-compose up --build\n```\n\nIdentity server should be accessible at http://localhost/identity and the discovery document at http://localhost/identity/.well-known/openid-configuration on the docker host\n\n\n### Running over HTTPS using docker\n\nFor running identity server with nginx reverse proxy with end to end TLS within docker containers:\n\n1. [Generate a self signed certificate](https://docs.microsoft.com/en-us/dotnet/core/additional-tools/self-signed-certificates-guide) in `.pfx` format, export it to `~/.aspnet/https` directory and ensure it is trusted on the docker host `./generate_certs.ps1`\n2. [Extract the certificate](https://www.ibm.com/docs/en/arl/9.7?topic=certification-extracting-certificate-keys-from-pfx-file) `.crt` and key `.key` using `openssl`\n    * `openssl pkcs12 -clcerts -nokeys -in ~/.aspnet/https/service-identity.pfx  -out service-identity.crt -password pass:\u003cpassword\u003e`\n    * `openssl pkcs12 -nocerts -in ~/.aspnet/https/service-identity.pfx  -out service-identity-encrypted.key -password pass:\u003cpassword\u003e`\n    * `openssl rsa -in service-identity-encrypted.key -out service-identity.key`\n\n3. Run with [HTTPS using docker compose](https://docs.microsoft.com/en-us/aspnet/core/security/docker-compose-https?view=aspnetcore-3.1) `docker compose up --build`\n\n### Known Issues\n\nInter service communication using dev certs fails due to certificate issues. For example client-webapp fails to communicate with identity-server with the following error:\n\n```sh\nThe SSL connection could not be established, see inner exception.\nSystem.Security.Authentication.AuthenticationException: The remote certificate is invalid because of errors in the certificate chain: PartialChain\n```\n\nYou get the same issue while running identity-server with nginx or standalone.\n\n## Deploying to Kubernetes\n\nIn order to route external traffic to [identity server running in a kubernetes cluster](https://medium.com/@christopherlenard/identity-server-and-nginx-ingress-controller-in-kubernetes-7146c22a2466), we use nginx controller for layer 7 routing. To fulfill ingress to your application, the nginx ingress controller deployment provisions a load balancer in your cloud provider e.g. Azure and assigns it a public IP. \n\n```sh\n# deploy nginx ingress controller\nkubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-0.32.0/deploy/static/provider/cloud/deploy.yaml\n\n# deploy identity server with ingress rules\nkubectl apply -f identity-server.yaml\n```\n\nIdentity server should be accessible at `http://{publicIp}/identity` with the discovery document available at `http://{publicIp}/identity/.well-known/openid-configuration`\n\n## Deploying to Azure App Service \n\nYou can [deploy to azure app service as a container](https://docs.microsoft.com/en-us/azure/app-service/containers/tutorial-custom-docker-image) by following the steps below\n\n```sh\n\nappPlan=$1\nresourceGroup=$2\napp=$3\nacrRegistry=$4\nacrUsername=$5\nacrPassword=$6\n\n# create the app service plan\naz appservice plan create --name $appPlan --resource-group $resourceGroup --sku S1 --is-linux\n\n# create the webapp\naz webapp create --resource-group $resourceGroup --plan $appPlan --name $app --multicontainer-config-type compose --multicontainer-config-file docker-compose.yml\n\n# required only if the docker image is stores in ACR\naz webapp config container set --name $app --resource-group $resourceGroup --docker-custom-image-name $acrRegistry.azurecr.io/pmsaas/$app:latest --docker-registry-server-url https://$acrRegistry.azurecr.io --docker-registry-server-user $acrUsername --docker-registry-server-password $acrPassword\n\n# Tell App Service about the port that your contianer uses by using the WEBSITES_PORT app setting. It is required if the docker container runs on a custom port other than 80\naz webapp config appsettings set --resource-group $resourceGroup --name $app --settings WEBSITES_PORT=5000 ASPNETCORE_ENVIRONMENT=Development\n\n# Tail logs\naz webapp log tail --name $app --resource-group $resourceGroup\n```\nFurther info about Azure app service - https://azure.github.io/AppService\n\n### Enable CORS\n\nYou can either [enable CORS via Azure app service](https://docs.microsoft.com/en-us/azure/app-service/app-service-web-tutorial-rest-api#enable-cors) or within the application. To enable it within Azure app service via azcli\n\n```sh\naz webapp cors add --resource-group myResourceGroup --name \u003capp-name\u003e --allowed-origins 'http://localhost:5000'\n```\n\nDon't try to use App Service CORS and your own CORS code together. When used together, App Service CORS takes precedence and your own CORS code has no effect.\n\n### Session Affinity \n\nAzure app service load balances requests using [IIS Application Request Routing (ARR)](https://www.iis.net/downloads/microsoft/application-request-routing). When a request comes in, ARR slaps a \"session affinity cookie\" `ARRAffinity` on the response which it uses on subsequent requests to direct that specific users requests back to the same server.  This cookie is enabled by default. If you're not using any [session state](https://docs.microsoft.com/en-us/aspnet/core/fundamentals/app-state?view=aspnetcore-3.1#session-state) in your application and want the requests to be evenly load balanced (e.g. round robin load balancing) across machines you can [disable session affinity in azure app service](https://dzone.com/articles/disabling-session-affinity-in-azure-app-service-we) by adding a special response header `Arr-Disable-Session-Affinity` in the application and setting it to true.\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhemantksingh%2Fidentity-server","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhemantksingh%2Fidentity-server","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhemantksingh%2Fidentity-server/lists"}