Identityserver4: Adjust "Authentication scheme Bearer is configured for IdentityServer, but it is not a scheme that supports signin (like cookies)"

Created on 29 Nov 2018 · 22Comments · Source: IdentityServer/IdentityServer4

I got IdentityServer validation error on startup "Authentication scheme Bearer is configured for IdentityServer, but it is not a scheme that supports signin (like cookies). Either configure the default authentication scheme with cookies or set the CookieAuthenticationScheme on the IdentityServerOptions." from https://github.com/IdentityServer/IdentityServer4/blob/63a50d7838af25896fbf836ea4e4f37b5e179cd8/src/Configuration/IdentityServerApplicationBuilderExtensions.cs#L105

However I don't need signin since I use ROPC flow. Is it possible to disable this validation error?

PS: I'm using IdSrv 2.3, everything works ok despite this error but it pollutes log and error tracking software

enhancement

Source

quanterion

👍8

Most helpful comment

Same question. If this is not necessary, why show this message even fail level?

seanmars on 16 Dec 2018

👍9

All 22 comments

Same problem. I did not have this message with version 2.2.0

alighanem on 29 Nov 2018

Not right now, no. It's just a startup message, as well.

brockallen on 29 Nov 2018

Also, you could set the CookieAuthOptions on our options class and put in a dummy cookie handler.

brockallen on 29 Nov 2018

😕6

Maybe I do not understand but why do we have to set this option? Why do we have this error? Can you explain more?
Thank you in advance,

alighanem on 29 Nov 2018

Also, you could set the CookieAuthOptions on our options class and put in a dummy cookie handler.

@brockallen, Can you explain where should I set it?

quanterion on 30 Nov 2018

services.AddAuthentication().AddCookie("dummy")
services.AddIdentityServer(options=>options.Authentication.CookieAuthenticationScheme="dummy"})

brockallen on 30 Nov 2018

👍3 😕1

Any update on the issue? closing for now - feel free to re-open if it needs further discussion.

leastprivilege on 4 Dec 2018

Same question. If this is not necessary, why show this message even fail level?

seanmars on 16 Dec 2018

👍9

This Fail is very confusing.

artchess on 17 Dec 2018

It is a fail because for 99% of all IS use-cases, this is an invalid configuration.

leastprivilege on 18 Dec 2018

It is a fail because for 99% of all IS use-cases, this is an invalid configuration.

Is there means IIS?

seanmars on 18 Dec 2018

It is a fail because for 99% of all IS use-cases, this is an invalid configuration.
Is there means IIS?

He means co-hosting IdentityServer and your API that's protected by IdentityServer.

brockallen on 18 Dec 2018

👍1

IS = IdentityServer

leastprivilege on 18 Dec 2018

😄2

It is a fail because for 99% of all IS use-cases, this is an invalid configuration.

@leastprivilege Why?, i have this error, need more explenation.

MrGroovy on 27 Dec 2018

I also just experienced this error when updating to 2.3. I agree that the fact that this now indicates an error at startup which signals log monitoring alerts every time the application runs is quite jarring especially since this is just a minor version update. I would not expect to encounter this nor the need to set a dummy cookie value when using a supported use case.

steji113 on 21 Jan 2019

👍2

I also just experienced this error when updating to 2.3. I agree that the fact that this now indicates an error at startup which signals log monitoring alerts every time the application runs is quite jarring especially since this is just a minor version update. I would not expect to encounter this nor the need to set a dummy cookie value when using a supported use case.

think the same.

artchess on 21 Jan 2019

I get the same error message. I don't need signin since my API only supports the OAuth 2.0 client credentials flow. How do I get rid of that error message (without adding a dummy cookie auth)?

@leastprivilege Please reopen this issue.

cremor on 10 Apr 2019

👍6

@leastprivilege @brockallen : This user report is legitimate and points to an incorrect assumption by IS.

Having folks ignore security warnings isn't good and adding unnecessary auth related code adds to confusion, so seems like should be reopened, right? Any reason it's still closed despite multiple confirmations/requests by folks above? Original report even points to the offending line.

Am I missing something?

SidShetye on 11 Jul 2019

👍2

We can change the wording - but since for 90% of the time this is an invalid configuration. Some message will be shown.

leastprivilege on 11 Jul 2019

Changed to Informational.

brockallen on 12 Jul 2019

🎉1

I agree that the most users won't/shouldn't be in this configuration, switching to info or warning seems like a good balance. Thanks

From: Brock Allen notifications@github.com
Sent: Friday, July 12, 2019 6:18:32 AM
To: IdentityServer/IdentityServer4
Cc: Sid; Comment
Subject: Re: [IdentityServer/IdentityServer4] Adjust "Authentication scheme Bearer is configured for IdentityServer, but it is not a scheme that supports signin (like cookies)" (#2846)

Changed to Informational.

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHubhttps://github.com/IdentityServer/IdentityServer4/issues/2846?email_source=notifications&email_token=AATZSEGIUV3EJHZPOWE232DP7CACRA5CNFSM4GHD7F6KYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODZZXIZI#issuecomment-510882917, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AATZSEHPHOWJ6TXUEH6HJGDP7CACRANCNFSM4GHD7F6A.

SidShetye on 12 Jul 2019

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.