Menu
I'm trying to implement an IdentityServer that handles an SSO for a multitenant application. Our system will have only one IdentityServer4 instance to handle the authentication of a multitentant client.
On the client side, I'm using the acr_value to pass the tenant Id.
A piece of code from the Startup.cs file is as follows:
public void ConfigureServices(IServiceCollection services)
{
services.AddMvc();
services.AddAuthorization();
services.AddAuthentication(options =>
{
options.DefaultScheme = "Cookies";
options.DefaultChallengeScheme = "oidc";
})
.AddCookie("Cookies")
.AddOpenIdConnect("oidc", options =>
{
options.SignInScheme = "Cookies";
options.Authority = "http://localhost:5000";
options.RequireHttpsMetadata = false;
options.ClientId = "Client1";
options.ClientSecret = "secret";
options.ResponseType = "code id_token";
options.SaveTokens = true;
options.GetClaimsFromUserInfoEndpoint = true;
options.Scope.Add("openid");
options.Scope.Add("profile");
options.Scope.Add("offline_access");
options.Events.OnRedirectToIdentityProvider = n =>
{
if (n.ProtocolMessage.RequestType ==
OpenIdConnectRequestType.Authentication)
{
n.ProtocolMessage.AcrValues = "tenant:clientId1";
}
return Task.FromResult(0);
};
});
}
For the identity server the IdentityServer4 with ASP.NET Core Identity is used. To handle multitenant client authentication I followed the instructions given by Scott Brady for ASP.NET Identity in this post: https://www.scottbrady91.com/ASPNET-Identity/Quick-and-Easy-ASPNET-Identity-Multitenancy
I modified the UserStore to receive the tenant Id but the moment of the UserStore instance is injected for the AccountController I can't retrieve the passed acr_value.
Has any one faced this problem before?
471
Multi-Tenant – Multi-tenancy means that a single instance of the software and its supporting infrastructure serves multiple customers. Each customer shares the software application and also shares a single database. Each tenant's data is isolated and remains invisible to other tenants.
There are three approaches on how to build a multi-tenant application: Database per tenant — each tenant has its database. Shared database, separate schema — all tenants are using the same database, but each tenant has his schema. Shared database, shared schema — all tenants are using the same schema.
In a single-tenant cloud, each customer lives alone in a single apartment building which has its own security system and facilities and is completely isolated from neighboring buildings. In multi-tenant cloud architecture, tenants live in different apartments inside a single apartment building.
Multitenancy is a software architecture where a single software instance can serve multiple, distinct user groups. Software-as-a-service (SaaS) offerings are an example of multitenant architecture.
if you haven't figure out yet, here is the solution
private readonly IIdentityServerInteractionService _interaction;
var context = await _interaction.GetAuthorizationContextAsync(model.ReturnUrl);
var tenant = context.Tenant;
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
