I need help regarding Identity Server on the following:
- Do reference tokens use Signing Certificate?
- On http://localhost application is working fine, on binding to a public URL with https, the login call returns a token, but consecutive WebApi(client) calls return "401 - Authorization has been denied for this request". Is it because of SSL certificate or due to NLB (two different Identity servers are deployed on the backend) - I am using Entity framework for storing the reference tokens. Do multi domain SSL certificate (SAN) work fine for Identity Server?
- Do I need to add machine keys on both Identity server config files to sync or is this requirement only for JWT approach?
Thanks.