我有一个使用IdentityServer3(IDS3)和自己的用户管理的Web客户端。在我的IDS3中,我重定向到外部提供程序(microsoftonline.com)进行身份验证。身份验证成功后,我需要重定向到客户端(Web)网址。
我能够完成身份验证并提供id_token。但是,我不确定如何重定向到客户端请求的网址。外部重定向返回到IDS3 redirecturi,但不知道如何使其重定向到客户端。
流量应为 客户端-> IDS3->外部(Azure openid connect)-> IDS3->客户端
下面我在IDS3 startup.cs中的代码
public void Configuration(IAppBuilder app)
{
app.Map("/identity", identity =>
{
var idSvrFactory = Factory.Configure("IdServerDB");
idSvrFactory.ConfigureUserService("UserMgmtDB");
var options = new IdentityServerOptions
{
SiteName = "My Site",
SigningCertificate = Certificates.Get(),
Factory = idSvrFactory,
EnableWelcomePage = false,
RequireSsl = true,
AuthenticationOptions = new AuthenticationOptions
{
EnableSignOutPrompt = false,
EnablePostSignOutAutoRedirect = true,
PostSignOutAutoRedirectDelay = 0,
SignInMessageThreshold = 1,
// EnableLocalLogin = false,
IdentityProviders = ConfigureAzureIdentityProviders,
CookieOptions = new IdentityServer3.Core.Configuration.CookieOptions
{
SecureMode = CookieSecureMode.Always,
Path = "/",
AllowRememberMe = false,
IsPersistent = true,
},
},
};
identity.UseIdentityServer(options);
});
}
public static void ConfigureAzureIdentityProviders(IAppBuilder app, string signInAsType)
{
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "Cookies"
});
string clientId = "client id from azure"; // your client ID as configured in Azure
string redirectUri = "https://localhost:port/identity/"; // the reply URL as configured in Azure
string postLogoutRedirectUri = "https://localhost:port/identity/something";
OpenIdConnectAuthenticationOptions options = new OpenIdConnectAuthenticationOptions
{
AuthenticationType = "AzureAd",
Caption = "Sign in with Azure AD",
Scope = "openid",
ClientId = clientId,
Authority = "authority url",
PostLogoutRedirectUri = postLogoutRedirectUri,
RedirectUri = redirectUri,
AuthenticationMode = sec.AuthenticationMode.Active,
TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = false,
},
SignInAsAuthenticationType = signInAsType, //"Cookies",
//UseTokenLifetime=false,
}
};
app.UseOpenIdConnectAuthentication(options);
}
我的IDS3应该连接到用户管理系统,并为我的客户端获取一些角色和bearer_token。
感谢您的帮助。
PS;我们正在对现有的IDS3进行更改,Identity4在未来的计划中。 谢谢, 海军蓝。