Closed charettedavid closed 8 years ago
Take a look at the Identity Provider documentation on how to add multiple Identity providers.
In your case you should specify AuthenticationType = "adfs-client1"
and AuthenticationType = "adfs-client2"
to differ between them.
You can then use the AuthenticationType in the Client configuration IdentityProviderRestrictions
You then create a client in your identity server per tenant and specify only their adfs. (e.g. adfs-client1
), if only one identity provider is specified (per identityserver client) they will be redirected immediately.
Thank you, but in the doc i dont see how to add 2 AD FS, and i read somewhere that we cant simply do : app.UseIdentityServer(idsrvOptions1); app.UseIdentityServer(idsrvOptions2);
it use the last one only.
What you told its exactelly what i'm trying, and i did, but as i said, only the last one added worked!
Any idea or sample with 2 ADFS ?
thanks again
You don't think i should configure multiple AD FS with app.Map( ... ) ?
What is should map as mapPath?
Thanks
It's all written down exactly in the docs linked by @svrooij
Sorry for wrong indentation, but this should work.
// Inside startup class
public void Configuration(IAppBuilder app)
{
var options = new IdentityServerOptions
{
SiteName = "FHICT Identity server v2",
SigningCertificate = LoadCertificate(),
Factory = Factory.Get(),
AuthenticationOptions = new AuthenticationOptions
{
EnableLocalLogin = true,
EnableSignOutPrompt = true,
IdentityProviders = ConfigureIdentityProviders,
}
};
app.UseIdentityServer(options);
}
public static void ConfigureIdentityProviders(IAppBuilder app, string signInAsType)
{
var adfs1 = new WsFederationAuthenticationOptions
{
AuthenticationType = "adfs-client1",
Caption = "Displayname ADFS 1",
SignInAsAuthenticationType = signInAsType,
MetadataAddress = "...",
Wtrealm = realm,
CallbackPath = new PathString("/core/adfs1"),
};
app.UseWsFederationAuthentication(adfs1);
var adfs2 = new WsFederationAuthenticationOptions
{
AuthenticationType = "adfs-client2",
Caption = "Display name ADFS 2",
SignInAsAuthenticationType = signInAsType,
MetadataAddress = "...",
Wtrealm = realm,
CallbackPath = new PathString("/core/adfs2"),
};
app.UseWsFederationAuthentication(adfs2);
}
Then you need to set the wsfederation redirect url to https://your.identityserver.com/core/adfs1 or adfs2, this way the identity server knows which ADFS is sending the request.
No this would not work - as explained in the docs, each WS-Fed middleware needs a unique CallbackPath
set.
Ok, is this done via the app.map?
This is the part im trying to get An example.
Thanks
Le 24 févr. 2016 à 02:06, Dominick Baier notifications@github.com a écrit :
No this would not work - as explained in the docs, each WS-Fed middleware needs a unique CallbackPath set.
— Reply to this email directly or view it on GitHub.
Thank you, its working.
Question / Issue
Hi, we are integrating IS3 in an existing multi-tenant portal.
Our use cases are : A) 1 - Internal user will log via our AD, via our AD FS. 2 - External (client users) will log via there AD via there own AD FS
B) 1 - Internal user will log via our AD, via our AD FS. 2 - External (client users) will log via username/password identity custom userstore, managed by us (classic user management)
So far i did test each part separately and so far its ok. But i ran into configuration issues when i try to activate 2 AD FS at the same time but only use one at the time according to witch tenant is invoked.
Questions are:
i did try something like this: ` var adfsClient1 = new WsFederationAuthenticationOptions ... var adfsClient2 = new WsFederationAuthenticationOptions ...
app.Map("/SSO/Login/client1/ADFS/Go", configuration => { configuration.UseWsFederationAuthentication(adfsClient1); });
app.Map("/SSO/Login/client2/ADFS/Go", configuration => { configuration.UseWsFederationAuthentication(adfsClient2); }); `
Thank you
Relevant parts of the log file