openid-connect

OAuth2 based SSO

纵然是瞬间 提交于 2021-02-20 19:29:22
问题 Our project consists several sub application, and we are looking for a solution to implement SSO to avoid the authentication for each sub application. Suppose this is the structure of our project: authentication server(call it AS or IdP or something else) order-system product-system data-analysis-system ....... And we found that there are a lot of articles of "SSO implemented based on OAuth2" like this. In that article, we prefer to the SAML strategy because it is simple and clear, however

OAuth2 based SSO

扶醉桌前 提交于 2021-02-20 19:29:09
问题 Our project consists several sub application, and we are looking for a solution to implement SSO to avoid the authentication for each sub application. Suppose this is the structure of our project: authentication server(call it AS or IdP or something else) order-system product-system data-analysis-system ....... And we found that there are a lot of articles of "SSO implemented based on OAuth2" like this. In that article, we prefer to the SAML strategy because it is simple and clear, however

ADB2C refresh token challenge not working on Chrome Android

混江龙づ霸主 提交于 2021-02-20 04:53:32
问题 I am using the standard OIDC .NET library to make a challenge request to ADB2C. From my understanding, this automagically attempts the sign in with the refresh token in cache and gains an authorization without re-asking for credentials. This seems to work absolutely fine, except on 1 browser - Chrome on Android. No matter what I try, this browser seems to to lose the refresh token, so after around 1 hr, it starts asking for credentials again. I have cross checked this on Chrome web/mac, edge,

ADB2C refresh token challenge not working on Chrome Android

本秂侑毒 提交于 2021-02-20 04:52:44
问题 I am using the standard OIDC .NET library to make a challenge request to ADB2C. From my understanding, this automagically attempts the sign in with the refresh token in cache and gains an authorization without re-asking for credentials. This seems to work absolutely fine, except on 1 browser - Chrome on Android. No matter what I try, this browser seems to to lose the refresh token, so after around 1 hr, it starts asking for credentials again. I have cross checked this on Chrome web/mac, edge,

How do I trigger the admin_consent flow using IdentityServer 4 for a multi-tenant app?

半腔热情 提交于 2021-02-20 01:32:36
问题 I'm building a POC multi-tenant app using IdentityServer 4 on asp.net core as the middleman between my client app and Azure Active Directory using openIdConnect. Is there a way to trigger the admin_consent flow when a user logs in from a new AAD tenant which is not yet authorized to use the app? This Azure sample shows how to perform a manual consent using a controller on the client site which builds the AAD Uri from scratch, but I'm shooting for an experience where a user from a new

Store user data in auth server or resource server? Or both?

痞子三分冷 提交于 2021-02-18 11:33:30
问题 This is my first time setting up OpenID Connect with IdentityServer 4 and AspNetIdentity and I was hoping someone could demystify the part about storing user data. What I've read so far is that user data should be stored in the Auth db that is connected to the auth server, but I'd really like to store user data in the resource db too that is connected to the resource server. I currently have a data model that looks like this: I have omitted many of the fields for both User and Event, but you

.Net Core 2 OpenID Connect Authentication and multiple Identities

泪湿孤枕 提交于 2021-02-13 03:51:15
问题 I'm still learning the Identity Framework and am pretty lost in trying to setup authentication in my .Net Core 2 MVC application. Any suggestions are appreciated since I'm not even sure what I'm doing is correct. I have a requirement to integrate an OpenID Connect identity provider for authentication and use a secondary data source for authorization . Inconveniently I cannot use any claim from the OIDC IdP except for the name claim. The rest of the user claims must come from the secondary

.Net Core 2 OpenID Connect Authentication and multiple Identities

 ̄綄美尐妖づ 提交于 2021-02-13 03:50:22
问题 I'm still learning the Identity Framework and am pretty lost in trying to setup authentication in my .Net Core 2 MVC application. Any suggestions are appreciated since I'm not even sure what I'm doing is correct. I have a requirement to integrate an OpenID Connect identity provider for authentication and use a secondary data source for authorization . Inconveniently I cannot use any claim from the OIDC IdP except for the name claim. The rest of the user claims must come from the secondary

.Net Core 2 OpenID Connect Authentication and multiple Identities

喜欢而已 提交于 2021-02-13 03:50:18
问题 I'm still learning the Identity Framework and am pretty lost in trying to setup authentication in my .Net Core 2 MVC application. Any suggestions are appreciated since I'm not even sure what I'm doing is correct. I have a requirement to integrate an OpenID Connect identity provider for authentication and use a secondary data source for authorization . Inconveniently I cannot use any claim from the OIDC IdP except for the name claim. The rest of the user claims must come from the secondary

Cannot redirect back to angular client after login in identity server

元气小坏坏 提交于 2021-02-11 16:28:00
问题 I've got an issue with redirecting after loggin in with identity server. I have the following angular-auth-oidc-client config: export function configureAuth(oidcConfigService: OidcConfigService) { return () => oidcConfigService.withConfig({ stsServer: 'http://localhost:5002', redirectUrl: window.location.origin, postLogoutRedirectUri: window.location.origin, clientId: 'applications-portal', scope: 'openid profile', responseType: 'id_token token', logLevel: LogLevel.Debug, }); } And app