Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Identity server multiple provider

Hi I am trying to add multiple providers

public static AuthenticationBuilder AddIdentityProviders(this AuthenticationBuilder builder, IConfiguration configuration)
{
    var identityProvidersOptions = configuration.GetSection(identityProvidersSectionName)
                                                .Get<IdentityProviderOptions[]>();

    var ipFactory = new IdentityProviderControlFactory();

    foreach (var identityProvider in identityProvidersOptions)
    {
        if ( Enum.TryParse(identityProvider.Discriminator, out IdentityProviderTypes accessControlType) 
            && accessControlType != IdentityProviderTypes.None )
        {
            builder = ipFactory.GetIdentityProviderService(accessControlType)
                                .Register(builder, configuration, identityProvider);
        }
        else
        {
            throw new NotImplementedException();
        }
    }

    return builder;
}

in settings I got two providers and then for each 'register' method is lanuched:

AuthenticationBuilder Register(AuthenticationBuilder builder, IConfiguration configuration, IdentityProviderOptions identityProviderOptions)

which inside creates a singleton like that :

builder.Services.AddSingleton<IConfigureOptions<OpenIdConnectOptions>, ConfigureAzureOptions>();
builder.AddOpenIdConnect(identityProviderOptions.Name, identityProviderOptions.Name, _ => { });

and in the seconds one like that

builder.Services.AddSingleton<IConfigureOptions<OpenIdConnectOptions>, ConfigureIBMOptions>();
builder.AddOpenIdConnect(identityProviderOptions.Name, identityProviderOptions.Name, _ => { });

seems this is a problem because seems only one provider can be registerd and seconds one only overides some values, so how can it be achived to register multiple providers for identity server?

If I add two identityProviders I got exception

System.Security.Cryptography.CryptographicException: 'The payload was invalid.' 
like image 869
kosnkov Avatar asked Nov 06 '22 18:11

kosnkov


1 Answers

I know allready this is related with CallbackPath and SignedOutCallbackPath, for every provider has to be different, and I am looking a way now to override those endpoints.

"The specific CallbackPath and SignedOutCallbackPath you would configure in the target identity provider as allowed sites. So when the target identity provider posts back it would post back to route you have configured in CallbackPath and Oidc middleware will pick the correct configuration to u"

like image 181
kosnkov Avatar answered Nov 14 '22 20:11

kosnkov