Duende Software
PII issue on scaled out instances #485
Replies: 2 comments 5 replies
-
|
The message only indicates that PII is hidden, so it does not show the underlying error. To see the full exception, you can enable the following setting (only in a non-production environment): Since the issue occurs only when running multiple instances, I would first verify the following: 1) ASP.NET Core Data Protection https://docs.duendesoftware.com/identityserver/deployment/#aspnet-core-data-protection Ensure that the Data Protection keys are persisted and shared across all instances. 2) IdentityServer signing keys https://docs.duendesoftware.com/identityserver/deployment/#identityserver-signing-key All instances must use the same signing key material.
In a multi-instance setup, both Data Protection keys and signing keys must be shared. If possible, please also share more detailed error information. Thanks. |
Beta Was this translation helpful? Give feedback.
-
|
Hi @skoruba, We have already (months ago) implemented the following interfaces:
All instances of the app service use the same configuration therefore use the same shared data store. I have turned set IdentityModelEventSource.ShowPII = true; Thoughts? I continue to investigate Thanks |
Beta Was this translation helpful? Give feedback.
-
|
At the moment, the log message does not provide enough context. Could you please clarify:
Since this only happens when running multiple instances, it is important to understand exactly where in the flow it fails. Thanks. |
Beta Was this translation helpful? Give feedback.
-
|
Hi @skoruba, Configuration is as follows // Class1 implements IXmlRepository; this class writes to a datastore for all instances of this service
services.AddSingletonWithAsyncInitAction<IXmlRepository, Class1>();
services.AddDataProtection()
.SetApplicationName(appName)
.Services.AddSingleton<IConfigureOptions<Microsoft.AspNetCore.DataProtection.KeyManagement.KeyManagementOptions>>(serviceProvider =>
{
return new ConfigureOptions<Microsoft.AspNetCore.DataProtection.KeyManagement.KeyManagementOptions>(options =>
{
options.XmlRepository = serviceProvider.GetRequiredService<IXmlRepository>();
});
});Context is a user signing in to an application that is backed but a service (above mentioned service) that hosts IdentityServer. Thoughts? Thanks Sanjeev |
Beta Was this translation helpful? Give feedback.
-
|
Hi @sanjeev-saxena-us, would you be able to contact us via the priority support channel regarding the issue you're experiencing? For obvious reasons, we can't share details on how to contact priority support here, but the license owner should know. You can find out who the license owner is by decoding your Duende IdentityServer license using a JWT decoder like https://jwt.me/ |
Beta Was this translation helpful? Give feedback.
-
|
Hi @wcabus , I am listed on the contact_info token in the enterprise license key however where do I find the priority support channel information? |
Beta Was this translation helpful? Give feedback.
-
|
Hi @sanjeev-saxena-us - did you manage to resolve your issue? |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Hi
We are running a .net 8 app service (deployed in Azure) that uses Duende.IdentityServer v7.3.0.
When this service is running as a single instance, it runs just fine.
However, when this service scales out to two instances, we are seeing the following error in the service logs:
PII of type 'System.String' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]
Any thoughts on what might be the issue and resolution?
Thanks
Beta Was this translation helpful? Give feedback.
All reactions