Identity Server 4 IDP自动重定向到外部提供程序

时间:2018-07-06 06:58:08

标签: identityserver4 idp

如果客户端指定,我需要将用户自动重定向到idp。我实质上是在AuthenticationController的Login方法中检查,如果设置了IDP,则将我重定向到该控制器上的另一个方法,该方法随后向IDP调用Challenge,这有点混乱,因为我真的想创建另一个控制器来处理外部身份验证,而不必与IDP检查/重定向混淆本地登录。

这让我开始思考,如果设置了idp,Identity Server 4是否可以自动重定向您?我已将客户端的EnableLocalLogin设置为false,并在客户端上指定了idp(这将按预期添加ACR)。任何帮助将不胜感激。

Server Startup.cs:

services.AddAuthentication()
        .AddMicrosoftAccount("Microsoft", options =>
        {
            options.ClientId = this.Configuration["Credentials:AzureADClientID"];
            options.SignInScheme = "Identity.External";
            options.ClientSecret = this.Configuration["Credentials:AzureADClientSecret"];
            options.AuthorizationEndpoint = this.Configuration["IdentityServer:AzureADAuthorisationEndpoint"];
            options.TokenEndpoint = this.Configuration["IdentityServer:AzureADTokenEndpoint"];
        })
        .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, options =>
        {
            options.Cookie.Name = defaultSecurityPolicy.AuthenticationCookieName;
            options.Cookie.Expiration = TimeSpan.FromMinutes(defaultSecurityPolicy.CookieValidForMinutes);
            options.LoginPath = "/LogIn";
            options.SlidingExpiration = true;
            options.AccessDeniedPath = "/error/403";
            options.ReturnUrlParameter = CookieAuthenticationDefaults.ReturnUrlParameter;
        });

服务器AuthenticationController.cs

[HttpGet("login")]
public async Task<IActionResult> Login(string username, string returnUrl)
{
        await this.HttpContext.SignOutAsync(IdentityConstants.ExternalScheme);

        var context = await this.interactionService.GetAuthorizationContextAsync(returnUrl);
        if (context?.IdP != null)
        {
            var url = returnUrl;

            var redirectUrl = this.Url.Action(nameof(this.ExternalLoginCallback), new { returnUrl = url });

            var properties = this.signInManager.ConfigureExternalAuthenticationProperties("Microsoft", redirectUrl);
            return this.Challenge(properties, "Microsoft");
        }

        var vm = new LoginViewModel { Username = username, ReturnUrl = returnUrl };

        return this.View(vm);
    }

Client Startup.cs

services.AddAuthentication(options =>
        {
            options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
            options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
        })
        .AddCookie(o =>
        {
            o.Cookie.Name = "CookieName";
            o.Cookie.SecurePolicy = Microsoft.AspNetCore.Http.CookieSecurePolicy.Always;
            o.Cookie.HttpOnly = true;
            o.AccessDeniedPath = "/error/403";
            o.Events.OnRedirectToAccessDenied = x =>
            {
                x.HttpContext.Response.StatusCode = 403;
                return Task.CompletedTask;
            };
        })
        .AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, o =>
        {
            o.Authority = this.Configuration.GetSection("IdentityServer").GetValue<string>("Url");
            o.AuthenticationMethod = OpenIdConnectRedirectBehavior.RedirectGet;
            o.ClientId = this.Configuration.GetSection("IdentityServer").GetValue<string>("ClientId");
            o.ClientSecret = this.Configuration.GetSection("IdentityServer").GetValue<string>("ClientSecret");
            o.RequireHttpsMetadata = true;
            o.SaveTokens = true;
            o.ResponseType = "code id_token";
            o.GetClaimsFromUserInfoEndpoint = true;
            o.Scope.Add("openid profile");
            o.Events.OnRedirectToIdentityProvider = n =>
            {
                if (n.ProtocolMessage.RequestType == OpenIdConnectRequestType.Authentication)
                {
                    n.ProtocolMessage.AcrValues = "idp:Microsoft";
                }
                return Task.FromResult(0);
            };
        });

0 个答案:

没有答案