I have a integration with Idsvr2 and MR with SSO to an application and is working fine with one minor problem. If I write the "IdentityServerUser" claim directly to the database from my application the SSO login doesn't always see it. See the below for the steps to replication,
Customer creates an account via a self registration process using MR (similar to MR example /UserAccount/Register)
The customer tries and logs and gets the "You are currently logged in as , but you requested a resource that you were not authorized for. Either provide credentials that do have access or contact your administrator to grant you access." This is to be expected.
In the mean time some in Customer Service finishes configuring the account created in step 1 in our application. When they click Save&Close it sends a welcome email to the customer and writes the "IdentityServerUser" record directly to the Idsvr/MR database.
The customer tries and log in but continues to get the ""You are currently logged in as , but you requested a resource that you were not authorized for. Either provide credentials that do have access or contact your administrator to grant you access." error message.
If the customer Does Not try to log in before the IdentityServerUser claim is written it works fine (which is what happens 95% of the time).
If I restart the IIS server (or recycle the app pool, I think) the user is able to log in and they no longer get the error message.
It seems like the Idsvr is caching the UserClaims table in the app pool. I verify that the record exists but when MR queries it it is not coming back with that record.
I have a couple work arounds but I think this is a chance for me to learn something so I thought I would thow it out there...
Note - My work arounds,
Don't have the Idsvr check for "IdentityServerUser" and deal with denying logon at the applicaiton
Customize MR/Idsvr to do a lookup directly to the database right where I am having the issue... would rather not do that.
thanks in advance for the help and apologies if this ends up being something really noobish.
I have a integration with Idsvr2 and MR with SSO to an application and is working fine with one minor problem. If I write the "IdentityServerUser" claim directly to the database from my application the SSO login doesn't always see it. See the below for the steps to replication,
During this self registration process it DOES NOT setup a claim "http://schemas.microsoft.com/ws/2008/06/identity/claims/role" and "IdentityServerUser".
If the customer Does Not try to log in before the IdentityServerUser claim is written it works fine (which is what happens 95% of the time).
If I restart the IIS server (or recycle the app pool, I think) the user is able to log in and they no longer get the error message.
It seems like the Idsvr is caching the UserClaims table in the app pool. I verify that the record exists but when MR queries it it is not coming back with that record.
I have a couple work arounds but I think this is a chance for me to learn something so I thought I would thow it out there...
Note - My work arounds,
thanks in advance for the help and apologies if this ends up being something really noobish.