Http Error 500.74 - Unable To Download Openid Connect Configuration
Gunvor Nazarian
System.InvalidOperationException: IDX10803: Unable to obtain configuration from: ' :3926/.well-known/openid-configuration'. ---> System.IO.IOException: IDX10804: Unable to retrieve document from: ' :3926/.well-known/openid-configuration'. ---> System.AggregateException: One or more errors occurred. ---> System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond xx.xx.xx.x:3926 at System.Net.Sockets.Socket.EndConnect(IAsyncResult asyncResult) at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Exception& exception)
http error 500.74 - unable to download openid connect configuration
Download File https://t.co/MHmjVPgrXY
Are your server/computer located behind an outgoing firewall or proxy server? Because this could be a sign that the OpenID middleware has trouble connecting to the OpenID configuration file (at site).
The issue is related to your application not being able to access https://[identity-provider-url]/.well-known/openid-configuration. Can you access the URL in a browser (with correct domain of course)?
I have been able to deploy this application to an azure "dev" and "test" environment. However, under a prod (premium) PLAN environment, I have been unsuccessful. I am unable to use the configuration web.config and application registration / authentication use for DEV and TEST. I reverted back to an older working configuration (for prod only) (different tenant), and still does not work.
As we have came across different scenarios or issues while troubleshooting the error: IDX20807: Unable to retrieve document from: ' -known/openid-configuration .I am summarizing all the issues here to troubleshoot such errors for better understanding to help others in the community.
Solution: OIDC metadata resulting in this case is -known/openid-configuration is not valid due to web configuration has not been correctly configured in the application. In this case, it seems the value configured in authority parameter is not recognized properly.
I am still trying to figure why it is not working in production environment only. You can try to debug and fetch OIDC metadata in other environments to get the flow. As per your configration it should be **common/v2.0**/.well-known/openid-configuration'
To efficiently troubleshoot OpenID Connect issues in Tableau Server, enable enhanced logging by setting the logging level to debug, and full logging for OpenID using the vizportal.openid.full_server_request_logging_enabled configuration key to true using these TSM commands:
But at the same time I am able to access the url:
-#######.okta.com/oauth2/default/.well-known/openid-configuration through my web browser. I dont understand why it is refusing to connect through the spring boot application
As this is a websocket connection, I am not using cURL to test, instead, I use Postman to test. It just returns error code 401 when I try to establish a websocket connection passing access_token query parameter into the ws:// url. Seems like it fails at the handshake process:
I tried your scenario, and it worked for me, except I needed an extra -e INSECURE_COOKIE=true to make one of the services happy to be working on http outside of localhost (without that setting, logins would proceed, but then give a not authorized error). Could you include a screen shot of your environment variables, just to double check? The URL is particularly important.
@loginerror im also having the same issue, my bot tends to connect briefly and then it disconnects. The assitant status turns red and says its connected but unlicensed. Ive tried changing the TLS setting to 1.2 and error still persists.
image954645 21.4 KB
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator at root@localhost to inform them of the time this error occurred, and the actions you performed just before this error.
More information about this error may be available in the server error log.
Hi Jeff.
Updated servername to public DNS name, ssl to self-signed certificate, oidc_provider_metadata_url to https://:5554/.well-known/openid-configuration. But still getting the 500 Internal Server Error.
New /var/log/httpd24/error.log
Hi there! I am attempting exactly the same thing and I was having the same error as you. The provider-url has to be just That is because OpenID will then append /.well-known/openid-configuration to it to find extra configuration parameters.
Hi, did you manage out this error ? I am facing the same issue. Using a valid web certificate but still getting error
javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
We can see in this combination of scopes that one of them is using outlook.office.com (which is meant for non-GCC accounts), and the other one is using outlook.office365.com. When testing the connection for the Oauth 2.0 configuration, Microsoft will return with an error complaining about these scopes because they contain "more than one resource", and the connection test will fail.
In the example code segment from the Diagnosis section for this, you can see that the URL listed in the error is misspelled:"The resource principal named https:\/\/graph.micrsoft.com was not found in the tenant named ...". You will want to update the URL in the applink to the correct one and reattempt the integration.
When I try to connect I get did not receive user profile parameter from the provider
If I connect ESRI to google as the providor I have no issues so it is something I am missing on my APM config.
I have tried a bunch of the configuration guides but not sure what I am missing.
Want to be able to use openid via oauth version 2.0 that will use on prem Active directory idenity to login to a cloud application.
Check the application's log files to see if there are any error messages indicating why the user is unable to access the application. The two most common causes for this issue are missing user profile information or incorrect/missing authorization information.
To use Google's OpenID Connect services, you should hard-code the Discovery-document URI ( -known/openid-configuration) into your application. Your application fetches the document, applies caching rules in the response, then retrieves endpoint URIs from it as needed. For example, to authenticate a user, your code would retrieve the authorization_endpoint metadata value ( in the example below) as the base URI for authentication requests that are sent to Google.
If the Issuer value contains a path component, any terminating / MUST be removed before appending /.well-known/openid-configuration. The RP would make the following request to the Issuer to obtain its configuration information, since the Issuer contains a path component:
The issuer value returned MUST be identical to the Issuer URL that was used as the prefix to /.well-known/openid-configuration to retrieve the configuration information. This MUST also be identical to the iss Claim value in ID Tokens issued from this Issuer.
IdP setup: The settings were imported using the .well-known/openid-configuration endpoint. After the import, I updated the Authorization URL, Token URL and Issuer to use the custom domain (login.company.com) instead of the default auth0 domain.
This error indicates that there were too many unexpected failures trying to synchronize data in the connection or mapping. As a result, Connect backs off in trying to execute synchronization. After the specified period of time, Connect will try again to synchronize data.
This error is caused by intermittent network connectivity issues and can typically be ignored as Connect detects this condition and retry the operation. If you observe frequent occurrences of this error message, we recommend that you contact Heroku Support for assistance.
The read operation timed out error is caused by unstable network connections. These can typically be ignored as Connect detects this condition and retry the operation. If you observe frequent occurrences of this error message, we recommend that you contact Heroku Support for assistance.
Somewhere in the middle of this redirect, the user gets stuck on accounts.cloud.com with a 500 error and sometimes they passed that error and Workspace loads but there are no Desktops or Published apps available. Has anyone seen this before? There have been no changes to the configuration of Citrix Cloud or Okta, this all started on Friday 3-3-2023. Any help is greatly appreciated. I have tickets open with Citrix and Okta but nothing has resolved the issue so far.
The client connectivity support tool incrementally validates the client connection to the Luna Cloud HSM Service. If a validation step fails the check is marked as FAIL and any subsequent connectivity checks are marked as SKIP. To return more detailed errors run the tool with --verbose.
You may encounter the error DPoD:Unable to communicate with the service. Error code:LUNA_RET_XTC_ERROR (80001600) upon launching LunaCM or starting other applications against your Luna Cloud HSM Service. This indicates a problem with the Transferable Token Channel (XTC) connection to the HSM due to clock drift. Synchronize your client host with an NTP server and re-attempt a connection to your service. As part of normal operation, regularly and automatically synchronize to an NTP server as client operations rely on accurate time.
f448fe82f3