Identityserver4: Correlation failed

Created on 7 Jun 2018 · 9Comments · Source: IdentityServer/IdentityServer4

Hi. I'm trying to connect 2 .NET Core 2.1.0 MVC apps with Identity Server 4.

Identity Server Configuration:
`public void ConfigureServices(IServiceCollection services)
{
services.AddDbContext(options => { options.UseSqlServer(Configuration.GetConnectionString(Constants.ConnectionStrings.Sql)); });
services.AddIdentity>(options =>
{
options.Password.RequireNonAlphanumeric = false;
})
.AddEntityFrameworkStores()
.AddDefaultTokenProviders();
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
services.AddScoped();
services.AddScoped();
services.AddScoped, PrincipalFactory>();
services.AddIdentityServer()
//here should be certificate for prod
.AddDeveloperSigningCredential()
.AddInMemoryPersistedGrants()
.AddInMemoryIdentityResources(IdentityServerConfiguration.GetIdentityResources())
.AddClientStore()
.AddProfileService()
.AddAspNetIdentity();
}

    // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
    public void Configure(IApplicationBuilder app, IHostingEnvironment env)
    {
        if (env.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();
            app.UseDatabaseErrorPage();
        }
        else
        {
            app.UseExceptionHandler("/Home/Error");
        }
        AccountOptions.ShowLogoutPrompt = false;
        AccountOptions.AutomaticRedirectAfterSignOut = true;
        app.UseHsts();
        app.UseStaticFiles();
        app.UseIdentityServer();
        app.UseMvc(routes =>
        {
            routes.MapRoute(
                "default",
                "{controller=Home}/{action=Index}/{id?}");
        });
    }`

MVC Client Configuration
`public void ConfigureServices(IServiceCollection services)
{
services.AddMvc(options =>
{
options.Filters.Add(new RequireHttpsAttribute());
}).SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
//to remove default .net core mappings
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();

        services.AddAuthentication(options =>
            {
                options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme; ;
                options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            })
            .AddCookie()
            .AddOpenIdConnect(options =>
            {
                options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                options.RequireHttpsMetadata = false;
                options.Authority = "https://localhost:44310";
                options.ClientId = "Zebra";
                options.SaveTokens = true;
                options.TokenValidationParameters.NameClaimType = "name";
                options.RemoteAuthenticationTimeout = TimeSpan.FromSeconds(10);
                options.ClientSecret = "secret";
                options.ResponseType = "code id_token";
                options.Scope.Add("offline_access");
                options.GetClaimsFromUserInfoEndpoint = true;
            });
    }

    // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
    public void Configure(IApplicationBuilder app, IHostingEnvironment env)
    {
        if (env.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();
        }
        else
        {
            app.UseExceptionHandler("/Home/Error");

        }
        app.UseHsts();
        app.UseStaticFiles();
        app.UseAuthentication();
        app.UseMvc(routes =>
        {
            routes.MapRoute(
                "default",
                "{controller=Home}/{action=Index}/{id?}");
        });
    }
}`

Everything is OK but when identity server redirects back to client, it throws Correlation failed exception.

question

Source

dfrostpl

Most helpful comment

This is an error coming from the Microsoft providers. I suggest you build a minimal repro without IdentityServer and all that other junk. Once you got this working - it will work the same in your IS host.

leastprivilege on 8 Jun 2018

👍2

All 9 comments

Wild guess add this to your configure in start up.

app.UseForwardedHeaders(new ForwardedHeadersOptions
        {
            ForwardedHeaders = ForwardedHeaders.XForwardedProto
        });

LindaLawton on 7 Jun 2018

@LindaLawton ,
thank you for response. But looks like it's not the case.
screenshot
do you know what this means in general? Maybe it will help me to find root cause.
Actually I downloaded samples with IdentityServer 4 v. 1.5.2 and it worked very fine.
I'm using lates 2.2.0

dfrostpl on 7 Jun 2018

I had this last week. For me it had something to do with the fact that we are running in docker where everything goes around as http but some stuff gets sent back by the load balancer https. I am trying to remember exactly what i did to fix it.

LindaLawton on 7 Jun 2018

leastprivilege on 8 Jun 2018

👍2

All set on this issue -- can we close?

brockallen on 19 Jun 2018

Leaving note here then:

If anyone ever gets a working version of identity server without this error (Correlation failed ) please ping this. I would love to see the solution after three months I have still not found the solution.

LindaLawton on 6 Jul 2018

@LindaLawton yes, we are using identity without Correlation Failed error)
Implement custom DataProtection repository storage, that use one protection key for your nodes

ZOXEXIVO on 23 Apr 2019

@LindaLawton did you ever get this figured out? Running into the same exact situation. Thinking it's related to developer signing credentials running in production but nothing conclusive.