This repository has been archived by the owner on Sep 18, 2021. It is now read-only.
-
-
Notifications
You must be signed in to change notification settings - Fork 764
Federated IdentityProvider with Passive Login #604
Labels
Comments
Ok, I see you have disabled local login.... so now you are getting back to IdentityServer from AAD, yes? So perhaps your katana middleware in the RP simply isn't monitoring the callback URL being submitted to. |
Ahh I finally figured this out. The issue is in the InMemoryUserService. When authorizing the external user, it looks for a "name" claim. Azure AD only returns givenname and surname claims, so the authorization fails. I got around this by providing my own IUserService implementation that uses the oid claim instead, which I'll then use in GetProfileAsync to query Graph API for the email address and other claims. Thanks for looking! |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Hey, I'm having one hell of a time trying to this scenario to work. I am trying to set up IdentityServer v3 to use Azure AD as the only IdentityProvider, transform and enrich claims (ie, by calling GraphAPI) and then using that token instead.
My setup:
When I issue a request to /SampleApp/api/Values, it redirects to /StsWithAdfs/auto/wsfed?wtrealm... and then to /StsWithAdfs/auth/login?signin=... At no point does it seem to redirect to Azure AD. I always get stuck at an IdentityServer login screen asking for user name and password (ie, not my Azure AD creds). Is it also possible to get this to passively authenticate with Azure AD without any interaction from the user? In case it helps, below is the code I've been cobbling together. Perhaps I'm mixing my "Client" and "RelyingParty" concepts also, but I've tried various combinations to no avail.
Thanks for any help you can provide. I've been bashing my head against the desk for 3 days now!
Code for /StsWithAdfs
Code for /SampleApp
The text was updated successfully, but these errors were encountered: