Skip to content
This repository has been archived by the owner on Sep 18, 2021. It is now read-only.

External IdPs call AuthenticationController.LoginExternalCallback (core/callback) directly #390

Closed
denniskniep opened this issue Sep 29, 2014 · 2 comments

Comments

@denniskniep
Copy link

A WS-Federation based external IdP might call the "core/callback" endpoint directly without calling "core/connect/authorize" before. There is a problem with this scenario, because the Cookie "idsrv.signin.message" is not set. Would it be possible to set the SignInMessage from Get Parameters in the "core/callback" or a new endpoint? Or is there an other possibility to solve this problem.

Current Scenario:
[External IdP] ----(WsFed - Saml)----> [IdentityServer(core/callback)] ---(Jwt)---> [APP]

External IdP calls the IdentityServer "core/callback" Endpoint with a Saml-Token. The IdentityServer Authenticate it via "Microsoft.Owin.Security.WsFederation.WsFederationAuthenticationMiddleware" and redirect the Jwt to the ReturnUrl from the SignInMessage. This approach works only if I set the Cookie manually by calling core/connect/authorize Endpoint before.

@leastprivilege
Copy link
Member

There is some additional work to do for WS-fed - and we are also reworking the signin message bits right now - stay tuned.

@brockallen
Copy link
Member

We'll address this in #59

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

3 participants