IdentityServer3外部OIDC身份验证重定向URL到客户端

时间:2020-04-01 10:25:26

标签: azure-active-directory openid-connect identityserver3

我有一个使用IdentityServer3(IDS3)和自己的用户管理的Web客户端。在我的IDS3中,我重定向到外部提供程序(microsoftonline.com)进行身份验证。身份验证成功后,我需要重定向到客户端(Web)网址。

我能够完成身份验证并提供id_token。但是,我不确定如何重定向到客户端请求的网址。外部重定向返回到IDS3 redirecturi,但不知道如何使其重定向到客户端。

流量应为 客户端-> IDS3->外部(Azure openid connect)-> IDS3->客户端

下面我在IDS3 startup.cs中的代码

    public void Configuration(IAppBuilder app)
    { 
        app.Map("/identity", identity =>
        {
            var idSvrFactory = Factory.Configure("IdServerDB");

            idSvrFactory.ConfigureUserService("UserMgmtDB");

            var options = new IdentityServerOptions
            {
                SiteName = "My Site",
                SigningCertificate = Certificates.Get(),
                Factory = idSvrFactory,
                EnableWelcomePage = false,
                RequireSsl = true,

                AuthenticationOptions = new AuthenticationOptions
                {
                    EnableSignOutPrompt = false,
                    EnablePostSignOutAutoRedirect = true,
                    PostSignOutAutoRedirectDelay = 0,
                    SignInMessageThreshold = 1,
                    // EnableLocalLogin = false,
                    IdentityProviders = ConfigureAzureIdentityProviders,
                    CookieOptions = new IdentityServer3.Core.Configuration.CookieOptions
                    {
                        SecureMode = CookieSecureMode.Always,
                        Path = "/",
                        AllowRememberMe = false, 
                        IsPersistent = true,
                    },
                },
            };

            identity.UseIdentityServer(options);
        });
    } 

    public static void ConfigureAzureIdentityProviders(IAppBuilder app, string signInAsType)
    {
        app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationType = "Cookies"
        });


        string clientId = "client id from azure"; // your client ID as configured in Azure
        string redirectUri = "https://localhost:port/identity/";   // the reply URL as configured in Azure
        string postLogoutRedirectUri = "https://localhost:port/identity/something";  

        OpenIdConnectAuthenticationOptions options = new OpenIdConnectAuthenticationOptions
        {
            AuthenticationType = "AzureAd",
            Caption = "Sign in with Azure AD",
            Scope = "openid",
            ClientId = clientId,
            Authority = "authority url",
            PostLogoutRedirectUri = postLogoutRedirectUri,
             RedirectUri = redirectUri,

            AuthenticationMode = sec.AuthenticationMode.Active,
            TokenValidationParameters = new TokenValidationParameters
            { 
                ValidateIssuer = false,
            }, 

            SignInAsAuthenticationType = signInAsType, //"Cookies",  
            //UseTokenLifetime=false,

            }
        };
        app.UseOpenIdConnectAuthentication(options);
 }

我的IDS3应该连接到用户管理系统,并为我的客户端获取一些角色和bearer_token。

感谢您的帮助。

PS;我们正在对现有的IDS3进行更改,Identity4在未来的计划中。 谢谢, 海军蓝。

0 个答案:

没有答案
相关问题
最新问题