I am trying to integrate with keycloak but I am getting the following error when I am calling “api/TokenAuth/ExternalAuthenticate” api:
"IDX20108: The address specified 'System.String' is not valid as per HTTPS scheme. Please specify an https address for security reasons. If you want to test with http address, set the RequireHttps property on IDocumentRetriever to false. (Parameter 'address')"
Keycloak config:
"OpenId": {
"IsEnabled": "true",
"ClientId": " demo-app",
"ClientSecret": "",
"Authority": "http://localhost:8080/auth/realms/demo-app/",
"LoginUrl": "http://localhost:8080/auth/realms/master/protocol/openid-connect/auth",
"ValidateIssuer": "false",
"ClaimsMapping": [
"claim": "unique_name",
"key": "preferred_username"
Also i have tried the following configuration:
"OpenId": {
"IsEnabled": "true",
"ClientId": "demo-app",
"ClientSecret": "",
"Authority": "http://localhost:8080/auth/realms/master/",
"LoginUrl": "http://localhost:8080/auth/realms/master/protocol/openid-connect/auth",
"ValidateIssuer": "false",
"ClaimsMapping": [
"claim": "unique_name",
"key": "preferred_username"
Also I have added the following code into AuthConfigure:
authenticationBuilder.AddOpenIdConnect(options =>
options.Authority = configuration["Authentication:OpenId:Authority"];
options.MetadataAddress = new Uri(new Uri(options.Authority), ".well-known/openid-configuration").ToString();
options.RequireHttpsMetadata = false;
options.ClientId = configuration["Authentication:OpenId:ClientId"];
options.SignedOutRedirectUri = configuration["Authentication:OpenId:LoginUrl"];
options.ResponseType = OpenIdConnectResponseType.IdToken;
options.ConfigurationManager =
new ConfigurationManager<OpenIdConnectConfiguration>
options.MetadataAddress,
new OpenIdConnectConfigurationRetriever(),
new HttpDocumentRetriever() { RequireHttps = options.RequireHttpsMetadata }
Hi @elcinasyali
By default OpenID Connect is configured in AspNet Zero, see https://github.com/aspnetzero/aspnet-zero-core/blob/dev/aspnet-core/src/MyCompanyName.AbpZeroTemplate.Web.Mvc/Startup/AuthConfigurer.cs#L38.
Why did you need to add your own configuration ? I think the default usage should work for you, can you try using the default implementation which exists in AspNet Zero ?
Thanks,
I have tried it also but I got the same problem. Our keycloak server works on http, do you think it is a problem?
I have added the following code into AuthConfigure:
authenticationBuilder.AddOpenIdConnect(options =>
options.ClientId = configuration["Authentication:OpenId:ClientId"];
options.Authority = configuration["Authentication:OpenId:Authority"];
options.SignedOutRedirectUri = configuration["App:ServerRootAddress"] + "Account/Logout";
options.ResponseType = OpenIdConnectResponseType.IdToken;
options.RequireHttpsMetadata = false;
options.MetadataAddress = new Uri(new Uri(options.Authority), ".well-known/openid-configuration").ToString();
options.TokenValidationParameters = new TokenValidationParameters()
ValidateIssuer = bool.Parse(configuration["Authentication:OpenId:ValidateIssuer"])
options.Events.OnTokenValidated = context =>
var jsonClaimMappings = new List<JsonClaimMap>();
configuration.GetSection("Authentication:OpenId:ClaimsMapping").Bind(jsonClaimMappings);
context.AddMappedClaims(jsonClaimMappings);
return Task.FromResult(0);
var clientSecret = configuration["Authentication:OpenId:ClientSecret"];
if (!clientSecret.IsNullOrEmpty())
options.ClientSecret = clientSecret;
Any advice ?
Thanks.
I seems like it is not related AspNet Zero.
. Our keycloak server works on http, do you think it is a problem?
Might be. See: https://github.com/IdentityServer/IdentityServer4/issues/4645
Can you check it on https server?
