Posts archive for January, 2022

Expanding RAID 1 pool size on Synology NAS by adding more disks

I just received my first Synology NAS (so far I have used asustor) and decided to set it up. Since so far I got only two disks 18TB each I am sure will be enough for now. The idea was to configure them in Synology Hybrid RAID (SHR) and to add more to the same pool when needed.

First I want to say that the 18TB drives are still not officially supported by Synology, but I saw some websites selling …

Read more

Add custom claims to access token in IdentityServer4

All identity providers are flexible and allow you to add custom claims in the issued access token. IdentityServer4 is no different in this scenario. Here is a short manual how to add custom claims in IdentityServer4 access token response.

You need to implement a ProfileService:

public class ProfileService : IProfileService
	public ProfileService(
		_userManager = userManager;

	public async Task GetProfileDataAsync(ProfileDataRequestContext context)
		var user = await _userManager.GetUserAsync(context.Subject);

		var claims = new List<Claim{
			new Claim("custom_claim1", user.CustomClaim1),
Read more

Issue access token to IdentityServer 4 from IdentityServer 4

You need sometimes IdentityServer 4 to interact with other services and to need information from them. And in many cases the same instance of the IdentityServer is the one that authorizes the access to those other services. Wee need to issue an access token to our-self in order to get/post the necessary information.

In my case I needed to create a corresponding object in another service on new user registration. To get the access token needed I have used IdentityServerTooks …

Read more

Setup PlantUML with docker and Visual Studio Code locally

PlantUML is a great … I will call it tool for creating so many different diagrams – Sequence, Usecase, Class, State, Deployment and more. It allow to be used from the internet server, but today I will talk on setting it up locally.

First you need to start the docker container. Here I am assuming you already have Docker installed and running. You can see the docker hub page here. It is up to you if you want to …

Read more

Fix Unable to unprotect the message.State. exception on Identity Server redirect

After fixing the 502 Bad Gateway issue I hit another one.

Here is the exception I have from the logs

HTTP POST /signin-oidc responded 500 in 77.6515 ms

System.Exception: An error was encountered while handling the remote login. —> System.Exception: Unable to unprotect the message.State. — End of inner exception stack trace — at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler`1.HandleRequestAsync() at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context) at Serilog.AspNetCore.RequestLoggingMiddleware.Invoke(HttpContext httpContext) at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.<Invoke>g__Awaited|6_0(ExceptionHandlerMiddleware middleware, HttpContext context, Task task)

As mentioned in the previous post – when I run from Visual …

Read more

Solve identity server signin-oidc 502 Bad Gateway error

It was time to run the Identity Server 4 with the rest of the microservices in the Kubernetes cluster on a dedicated machine. I am running single node cluster, since this is not production, but just one of my pet projects and it is running locally. Still, it is going through one more Nginx (on top of the Kubernetes ingress) used to expose over the internet and create the certificates through Let’s Encrypt.

When I run the Identity Server 4 …

Read more

Nginx Proxy Manager and Let’s Encrypt certificates


In my previous for Nginx and Nginx Proxy Manager (NPM), I wrote on how to install NPM, but didn’t configure any certificates.

Out of the box Nginx Proxy Manager supports Let’s Encrypt SSL auto creation and renewal.

There is one limitation – you can create certificates only for specific domains/subdomains directly. If you want to create wildcard certificate you will need to use DNS Challenge.

What does that mean? You need to use some DNS server that allows API …

Read more

NginX as a reverse proxy with Nginx Proxy Manager

Lately I have started playing with Kubernetes and wanted to expose some of the locally hosted services on internet. The situation is that I want to expose multiple clusters running on separate machines through the same IP address and port. Checking around it seems nginx is the the best option. Keep in mind that even you want to expose just one service it is still good idea to do it through nginx.

I have installed Ubuntu 20.04.3 on Raspberry Pi …

Read more