leastprivilege
commented
8 years ago Have you tried adding idsrv to the restriction list?
Open pbartos opened 8 years ago
leastprivilege
commented
8 years ago Have you tried adding idsrv to the restriction list?
pbartos
commented
8 years ago Yeah, of course. And it works. Restriction list should be used only for external providers (by @brockallen ). There is no reason to fact that you have to define also idrsv in restriction list. It's nothing critical but it cause confusions and small problems when you try to use restriction list.
steven-hack
commented
7 years ago @pbartos I took the liberty of adding your proposed solution including a unit test in PR #3673
When I enable IdentityProviderRestrictions then I get message "User is logged in with idp: idsrv, but idp not in client restriction list." on local login. This is due to fact that in ProcessClientLoginAsync is checked restriction list even the currentIdp is BuiltInIdentityProvider (idsrv).
Shouldn't be there:
if (currentIdp != Constants.BuiltInIdentityProvider && request.Client.IdentityProviderRestrictions != null && request.Client.IdentityProviderRestrictions.Any())instead of current:
if (request.Client.IdentityProviderRestrictions != null && request.Client.IdentityProviderRestrictions.Any())Thanks.