Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Configure as SP with multiple IDPs #1217

Open
gitdrk opened this issue Jun 23, 2020 · 4 comments
Open

Configure as SP with multiple IDPs #1217

gitdrk opened this issue Jun 23, 2020 · 4 comments
Labels
enhancement

Comments

@gitdrk
Copy link

gitdrk commented Jun 23, 2020

I have configured an instance of IdentityServer4 to act as a SP using this library. I am able to successfully use multiple IDPs by adding multiple Schemes for SP initiated SSO.

Here is the code I use for this which works well but it creates multiple instances of the SP.

        //add IDPs at startup - saml providers comes from DB
        foreach (var samlProvider in samlProviders)
        {               
            authenticationBuilder.AddSaml2(samlProvider.Scheme, samlProvider.Name, options =>
            {                   
                var entityId = new EntityId(my.EntityId);
                options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;
                options.SPOptions.EntityId = entityId;
                options.SPOptions.ModulePath = samlProvider.ModulePath;

                if (samlProvider.MinimumSigningAlgorithm != null)
                    options.SPOptions.MinIncomingSigningAlgorithm = samlProvider.MinimumSigningAlgorithm;

                var idp = new IdentityProvider(entityId, options.SPOptions)
                {
                    Binding = Saml2BindingType.HttpRedirect,
                    LoadMetadata = true
                };

                if (samlProvider.MetaDataLocation != null)
                    idp.MetadataLocation = samlProvider.MetaDataLocation;

                options.IdentityProviders.Add(idp);
            });
        }

  • Is it possible to use the same SP, include multiple IDPs and still redirect the user to the correct IDP based on schemes, or do you have to do custom redirects?

  • Is it possible to programmatically add IDPs outside of startup using either method?

  • Is it possible to access the SPOptions for schemes via an Injected Service?

Thanks in advance for any assistance!
@AlexOliinyk1
Copy link

Any updates here?

@AndersAbel
Copy link
Member

Looks like something to investigate for the v3 work - I am thinking of a redesign with the IdentityProviders vs. schemes architecture.

@ghstahl
Copy link

ghstahl commented Jan 29, 2023

Does anyone have a fork that we can use in the meantime.

@IAMHK90
Copy link

IAMHK90 commented Aug 7, 2023

@gitdrk , Mutiple instances of Identityserver meaning different urls?
did you find a way to create single instance of Identityserver with Mutiple saml IDPs?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@ghstahl @AndersAbel @gitdrk @AlexOliinyk1 @IAMHK90