Reputation: 525
Connect two instances of Identity server with openId
Is it possible to login into one instance of Identity server using another one?
Specifically: one is public and the other one is behind company firewall.
Example: user from this company wants to login to the public one using its own company credentials (AD for example) using some sort of secure back-channel between these two IDS.
I know this is possible using "Sign-in with External Identity Providers" but I want this to be dynamically configurable - since the number of companies will be growing over time.
What are the options to achieve this?
Upvotes: 0
Views: 317
Answers (1)
Reputation: 5264
To do this I ended up implementing my own OIDC middleware that could accept additional run-time settings rather than using static settings defined at application startup.
It still uses regular OIDC and thus it's a front-channel operation so the 3rd party provider would have to be exposed to the internet and your provider would need direct line of sight too.
To do this I inherited from OpenIdConnectHandler from the Microsoft.AspNetCore.Authentication.OpenIdConnect package and overrode the following virtual methods, replacing references to static config with my runtime provided ones where necessary:
- HandleUnauthorizedAsync
- HandleRemoteAuthenticateAsync
- HandleSignOutAsync
- HandleSignOutCallbackAsync
Upvotes: 1
Related Questions
- Identity Server 4 OIDC authorization_code flow multi tenancy
- How to use multiple Identity server inside microservices application
- Connect IdentityServer4 to FoxIDs
- Synchronizing identity server 4 instances
- IdentityServer4 - How to Call One ApiResource from Another ApiResource
- IdentityServer - multiple OAuth servers with compatible tokens?
- How to configure multiple Oidc providers in IdentityServer4
- Federated identity between multiple instances of IdSrv3
- identity server 4 using multiple external identity providers
- Link-ing two WSO2 Identity Servers