P
Pramod Adhude
Guest
I am developing one application in which there are multiple tenant and each tenant have their own identity provider configuration means one have azure AD and another have okta.
I have implemented two step login means first user will enter and username/email address through which we will identify tenant and its identity provider If user has identity provider setting we will redirect to authentication endpoint of provider else allow user to do local login.
I have tried to implement above scenario using OpenId Connect. Used OnRedirectToIdentityProvider to override OpenIdConnectAuthenticationOptions to redirect to authentication end point as per tenant
```
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = authority,
RedirectUri = redirectUri,
PostLogoutRedirectUri = PostLogoutUri,
Scope = OpenIdConnectScope.OpenIdProfile,
ResponseType = OpenIdConnectResponseType.IdToken,
TokenValidationParameters = new TokenValidationParameters()
{
ValidateIssuer = false
},
Notifications = new OpenIdConnectAuthenticationNotifications
{
AuthenticationFailed = OnAuthenticationFailed,
RedirectToIdentityProvider = OnRedirectToIdentityProvider,
SecurityTokenValidated = (context) =>
{
return Task.FromResult(0);
}
},
RequireHttpsMetadata = false
});
```
```
private static Task OnRedirectToIdentityProvider(RedirectToIdentityProviderNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> notification)
{
notification.ProtocolMessage.ClientId = "XXXXXXXXXXX";
notification.ProtocolMessage.IssuerAddress = "https://XXX- XXXXX.XXX.com/oauth2/default/v1/authorize";
notification.ProtocolMessage.RedirectUri = "http://localhost:XXXX/Home/Callback";
notification.ProtocolMessage.PostLogoutRedirectUri = "http://localhost:XXXX/";
notification.ProtocolMessage.Scope = OpenIdConnectScope.OpenIdProfile;
notification.ProtocolMessage.ResponseType = OpenIdConnectResponseType.Code;
}
```
Using above code I am able to redirect to authentication endpoint using overridden settings but **SecurityTokenValidated** method not getting fired or I am not getting authentication token.
can any one please guide me whether my approach is correct or any other approach to achieve this?
Continue reading...
I have implemented two step login means first user will enter and username/email address through which we will identify tenant and its identity provider If user has identity provider setting we will redirect to authentication endpoint of provider else allow user to do local login.
I have tried to implement above scenario using OpenId Connect. Used OnRedirectToIdentityProvider to override OpenIdConnectAuthenticationOptions to redirect to authentication end point as per tenant
```
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = authority,
RedirectUri = redirectUri,
PostLogoutRedirectUri = PostLogoutUri,
Scope = OpenIdConnectScope.OpenIdProfile,
ResponseType = OpenIdConnectResponseType.IdToken,
TokenValidationParameters = new TokenValidationParameters()
{
ValidateIssuer = false
},
Notifications = new OpenIdConnectAuthenticationNotifications
{
AuthenticationFailed = OnAuthenticationFailed,
RedirectToIdentityProvider = OnRedirectToIdentityProvider,
SecurityTokenValidated = (context) =>
{
return Task.FromResult(0);
}
},
RequireHttpsMetadata = false
});
```
```
private static Task OnRedirectToIdentityProvider(RedirectToIdentityProviderNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> notification)
{
notification.ProtocolMessage.ClientId = "XXXXXXXXXXX";
notification.ProtocolMessage.IssuerAddress = "https://XXX- XXXXX.XXX.com/oauth2/default/v1/authorize";
notification.ProtocolMessage.RedirectUri = "http://localhost:XXXX/Home/Callback";
notification.ProtocolMessage.PostLogoutRedirectUri = "http://localhost:XXXX/";
notification.ProtocolMessage.Scope = OpenIdConnectScope.OpenIdProfile;
notification.ProtocolMessage.ResponseType = OpenIdConnectResponseType.Code;
}
```
Using above code I am able to redirect to authentication endpoint using overridden settings but **SecurityTokenValidated** method not getting fired or I am not getting authentication token.
can any one please guide me whether my approach is correct or any other approach to achieve this?
Continue reading...