Problem with dockerized applications after updating Siemens Edge (IEM and Virtual edge) to 12/24

0
Hello!   Recently our team updated Siemens Industrial Edge platform to version 12/24. After this update every app created in c# (asp.net, .net version 8.0) stopped working and every application posted this error:   Microsoft.AspNetCore.HttpsPolicy.HttpsRedirectionMiddleware[3]: Failed to determine the https port for redirect.   When running dockerized app localy, everything worked fine. Also, every our asp.net app runs without problem on IE version 12/23. We also have a app that is based on python, which runs without problem on both 12/23 and 12/24 versions.   Details: Our asp.net apps also use angular for frontend development. We also use Microsoft Entra ID (Azure AD) to login visitors to our website.   What we tried so far (and did not work): Forcing app to run on IPv4 address instead of IPv6 (127.0.0.1) Uploading app to IEM with newest version of IE app publisher (1.19.7) Updating docker on local wsl   Did anyone experience this problem? Or were there any important updates (f.e. nginx or docker configuration, .net version)?   I would be thankful for any help.  
asked
4 answers
0

Hi Adam,

Thank you for reaching out to us. We have investigated the issue you mentioned and found that it is related to an adjustment in the reverse proxy involving the Content Security Policy (CSP) in our latest update.

To help expedite our investigation, could you please send us the application and device logs, as well as details about the type of IED you are using and its version? This will assist us in resolving the issue more quickly.

Additionally, we have found a workaround that might help you while we work on a permanent solution. You can try the following:

  1. Log into the IED using the Identity Federation in the IEM.
  2. Access the IEM using Azure as the Identity Provider. This could resolve the Azure login issues while we address the root cause.

Steps to implement the workaround:

  1. Access your IEM > Edge Devices.

  2. Click on "Discover a new experience" and locate the three dots for your IED.

  3. Select "Enable Identity Federation."

  4. Once enabled, assign the necessary roles to the group or user using the IEM User Management system.

    • Guide to assign roles: Assign Roles

    • The required permission will have the format: ie-device-<YourIEDName>

    • Guide on Identity Providers: Identity Providers

If you need any assistance, including implementing the workaround, please don’t hesitate to reach out. We are committed to resolving this issue as quickly as possible.

 

Thank you for your collaboration and patience.

Iván Castro Bernaza

answered
0

Update - when you open the app, it can redirect you to home page. But then it tries to login via azure AD repedately. 

 

When I open Console (F12), i get this error:

https://login.microsoftonline.com/<tentant_ID>/oauth2/v2.0/token' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback.

 

This didn´t appeared in older versions of Siemens Industrial Edge. I also tried uploading new project in asp.net (default home a privacy page) onto newest edge version and everything worked fine (the app is without Azure AD login).

answered
0

Hi Adam!

 

is it your used packages and frameworks updated?

 

Please check it and let me know when you have news,

 

Thanks for your efforts!

answered
0

Hello Ivan!

 

The app was developed in Angular 18 (frontend) and .NET 8.0 (backend api). Before uploading to IEM, docker was updated to newest version. We are also using updates for IE from 12/24.

 

Is that what you meant? Or do you need any other information?

 

Thanks for your help

answered