You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I found few problems in newest solution 2409.0 code.
First it contains two new projects, which aren't included in code:
NTN-SNR.IdentityServer.MultiFactor.SMS
Neos.IdentityServer.MultiFactor.SMS.Tapsi
They're probably a leftover from examples sent to discussion about SMS Implementation #349
These projects should probably be removed, however it would be super nice if we have some example of how to work with custom version of sms implementations. If that is not possible general guide what should be implemented or where to should we put our code would be very helpful.
Please consider adding that example, even with no real code but general comments like "// add here your code to connect to your webservice", "// here overwrite this method so it return your sms code" or something like that :)
Second, You upgraded packages System.IdentityModel.Tokens.Jwt, Microsoft.IdentityModel.JsonWebTokens (and others related) from 6.23.1 to 8.0.2 - probably due to github report about moderate vulnerability (I did the same on my version without checking, but later I found it affect only .NET Core ).
This change will cause errors in retrieval and deserialization of blob.db file. Microsoft did some hidded breaking change and changed some internal code in these .NET packages, and now application will return something like this:
Error Initializing WebAuthN Metdata Repository : IDX12729: Unable to decode the header '[PII of type 'System.String' is hidden. For more details, see [https://aka.ms/IdentityModel/PII.]'](https://aka.ms/IdentityModel/PII.]%27) as Base64Url encoded string. /// at System.IdentityModel.Tokens.Jwt.JwtSecurityToken.Decode(String[] tokenParts, String rawData) at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ReadJwtToken(String token) at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateJWS(String token, TokenValidationParameters validationParameters, BaseConfiguration currentConfiguration, SecurityToken& signatureValidatedToken, ExceptionDispatchInfo& exceptionThrown) --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateToken(String token, JwtSecurityToken outerToken, TokenValidationParameters validationParameters, SecurityToken& signatureValidatedToken) at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateToken(String token, TokenValidationParameters validationParameters, SecurityToken& validatedToken) at Neos.IdentityServer.MultiFactor.WebAuthN.Metadata.MDSMetadataRepository.DeserializeAndValidateBlob(BLOBPayloadInformations infos) in C:\Repo\adfsmfa\Neos.IdentityServer 3.1\Neos.IdentityServer.MultiFactor.WebAuthN.Core\Metadata\MDSMetadataRepository.cs:line 158 at Neos.IdentityServer.MultiFactor.WebAuthN.Metadata.MDSMetadataRepository.GetBLOB() in C:\Repo\adfsmfa\Neos.IdentityServer 3.1\Neos.IdentityServer.MultiFactor.WebAuthN.Core\Metadata\MDSMetadataRepository.cs:line 71 at Neos.IdentityServer.MultiFactor.WebAuthN.MFAMetadataService.InitializeRepository(IMetadataRepository repository) in C:\Repo\adfsmfa\Neos.IdentityServer 3.1\Neos.IdentityServer.MultiFactor.WebAuthN.Core\Services\MFAMetadataService.cs:line 70
They say that JwtSecurityTokenHandler should be changed to JsonWebTokenHandler and SecurityToken from output should be cast to JsonWebToken - near Neos.IdentityServer 3.1\Neos.IdentityServer.MultiFactor.WebAuthN.Core\Metadata\MDSMetadataRepository.cs:line 158.
To be honest, I didn't check if this works, I just get back to 6.23.1 on all packages.
Please check if this works correctly for You when restoring deleted blob.db - I get that error when I was messing with configuration, blob.db from version 2405.0 returned error (due to upgraded packages to 8.0.2), so I deleted it and tried to get back fresh version from fidoalliance...
Regards
apr-un
The text was updated successfully, but these errors were encountered:
Hi @redhook62
I found few problems in newest solution 2409.0 code.
First it contains two new projects, which aren't included in code:
They're probably a leftover from examples sent to discussion about SMS Implementation #349
These projects should probably be removed, however it would be super nice if we have some example of how to work with custom version of sms implementations. If that is not possible general guide what should be implemented or where to should we put our code would be very helpful.
Please consider adding that example, even with no real code but general comments like "// add here your code to connect to your webservice", "// here overwrite this method so it return your sms code" or something like that :)
Second, You upgraded packages System.IdentityModel.Tokens.Jwt, Microsoft.IdentityModel.JsonWebTokens (and others related) from 6.23.1 to 8.0.2 - probably due to github report about moderate vulnerability (I did the same on my version without checking, but later I found it affect only .NET Core ).
This change will cause errors in retrieval and deserialization of blob.db file. Microsoft did some hidded breaking change and changed some internal code in these .NET packages, and now application will return something like this:
Error Initializing WebAuthN Metdata Repository : IDX12729: Unable to decode the header '[PII of type 'System.String' is hidden. For more details, see [https://aka.ms/IdentityModel/PII.]'](https://aka.ms/IdentityModel/PII.]%27) as Base64Url encoded string. /// at System.IdentityModel.Tokens.Jwt.JwtSecurityToken.Decode(String[] tokenParts, String rawData) at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ReadJwtToken(String token) at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateJWS(String token, TokenValidationParameters validationParameters, BaseConfiguration currentConfiguration, SecurityToken& signatureValidatedToken, ExceptionDispatchInfo& exceptionThrown) --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateToken(String token, JwtSecurityToken outerToken, TokenValidationParameters validationParameters, SecurityToken& signatureValidatedToken) at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateToken(String token, TokenValidationParameters validationParameters, SecurityToken& validatedToken) at Neos.IdentityServer.MultiFactor.WebAuthN.Metadata.MDSMetadataRepository.DeserializeAndValidateBlob(BLOBPayloadInformations infos) in C:\Repo\adfsmfa\Neos.IdentityServer 3.1\Neos.IdentityServer.MultiFactor.WebAuthN.Core\Metadata\MDSMetadataRepository.cs:line 158 at Neos.IdentityServer.MultiFactor.WebAuthN.Metadata.MDSMetadataRepository.GetBLOB() in C:\Repo\adfsmfa\Neos.IdentityServer 3.1\Neos.IdentityServer.MultiFactor.WebAuthN.Core\Metadata\MDSMetadataRepository.cs:line 71 at Neos.IdentityServer.MultiFactor.WebAuthN.MFAMetadataService.InitializeRepository(IMetadataRepository repository) in C:\Repo\adfsmfa\Neos.IdentityServer 3.1\Neos.IdentityServer.MultiFactor.WebAuthN.Core\Services\MFAMetadataService.cs:line 70This is confirmed there: dotnet/aspnetcore#54321 and there: https://learn.microsoft.com/en-us/dotnet/core/compatibility/aspnet-core/8.0/securitytoken-events
They say that JwtSecurityTokenHandler should be changed to JsonWebTokenHandler and SecurityToken from output should be cast to JsonWebToken - near Neos.IdentityServer 3.1\Neos.IdentityServer.MultiFactor.WebAuthN.Core\Metadata\MDSMetadataRepository.cs:line 158.
To be honest, I didn't check if this works, I just get back to 6.23.1 on all packages.
Please check if this works correctly for You when restoring deleted blob.db - I get that error when I was messing with configuration, blob.db from version 2405.0 returned error (due to upgraded packages to 8.0.2), so I deleted it and tried to get back fresh version from fidoalliance...
Regards
apr-un
The text was updated successfully, but these errors were encountered: