Open skoruba opened 3 years ago
damienbod
commented
3 years ago @skoruba
Hi Jan
The mapping for the external claims are not mapped to the Principal from the "local" user. You can map these as required in the account controller method which handles the callback from the external provider. In this method the external principal is cleaned up, so you can change this, persist this as needed.
Greetings Damien
skoruba
commented
3 years ago Hello @damienbod
thank you for your idea - I probable solved this issue with custom implementation of SignInManager and method SignInWithClaimsAsync - https://github.com/skoruba/IdentityServer4.Admin/blob/dev/src/Skoruba.IdentityServer4.STS.Identity/Helpers/ApplicationSignInManager.cs#L60-L66
I think this issue was connected to this behaviour of idp claim here:
https://github.com/IdentityServer/IdentityServer4/blob/main/src/IdentityServer4/src/Hosting/IdentityServerAuthenticationService.cs#L125-L143
We added in this method - SignInWithClaimsAsync - also id_token for correct signout from External IdP.
Thanks!
Jan
Hi @damienbod
when I want to sign in via external OIDC provider and it is required 2FA, I am redirected to login page with 2FA which works well. But after that I got the claim called
idp, but with valuelocal- the information about external IdP is gone.After attempt to sign out - the redirect to external provider is not execuded because the claim
idpislocal, notoidc. https://github.com/damienbod/IdentityServer4AspNetCoreIdentityTemplate/blob/02eb4ec80904e911843ca1e76fbf28ad0ec4d2b1/content/StsServerIdentity/Controllers/AccountController.cs#L741Do you have any idea how to configure these things for following scenario?
Thanks!
Jan