多租户身份服务器4 [英] Multitenant Identity Server 4

问题描述

我正在尝试实现一个为多租户应用程序处理SSO的IdentityServer. 我们的系统将只有一个IdentityServer4实例来处理多租户客户端的身份验证.

I'm trying to implement an IdentityServer that handles an SSO for a multitenant application. Our system will have only one IdentityServer4 instance to handle the authentication of a multitentant client.

在客户端，我正在使用acr_value传递租户ID. 来自Startup.cs文件的一段代码如下:

On the client side, I'm using the acr_value to pass the tenant Id. A piece of code from the Startup.cs file is as follows:

public void ConfigureServices(IServiceCollection services)
{
        services.AddMvc();
        services.AddAuthorization();

        services.AddAuthentication(options =>
            {
                options.DefaultScheme = "Cookies";
                options.DefaultChallengeScheme = "oidc";
            })
            .AddCookie("Cookies")
            .AddOpenIdConnect("oidc", options =>
            {
                options.SignInScheme = "Cookies";
                options.Authority = "http://localhost:5000";
                options.RequireHttpsMetadata = false;
                options.ClientId = "Client1";
                options.ClientSecret = "secret";
                options.ResponseType = "code id_token";
                options.SaveTokens = true;
                options.GetClaimsFromUserInfoEndpoint = true;                    
                options.Scope.Add("openid");
                options.Scope.Add("profile");
                options.Scope.Add("offline_access");
                options.Events.OnRedirectToIdentityProvider = n =>
                {
                    if (n.ProtocolMessage.RequestType == 
                          OpenIdConnectRequestType.Authentication)
                    {
                        n.ProtocolMessage.AcrValues = "tenant:clientId1";
                    }
                    return Task.FromResult(0);
                };
            });
}

对于身份服务器，使用具有ASP.NET Core身份的IdentityServer4.为了处理多租户客户端身份验证，我按照本文中Scott Brady针对ASP.NET Identity给出的说明进行操作: https://www.scottbrady91.com/ASPNET-Identity /Quick-and-Easy-ASPNET-Identity-Multitenancy

For the identity server the IdentityServer4 with ASP.NET Core Identity is used. To handle multitenant client authentication I followed the instructions given by Scott Brady for ASP.NET Identity in this post: https://www.scottbrady91.com/ASPNET-Identity/Quick-and-Easy-ASPNET-Identity-Multitenancy

我修改了UserStore以接收承租人ID，但在为AccountController注入UserStore实例的那一刻，我无法检索传递的acr_value.

I modified the UserStore to receive the tenant Id but the moment of the UserStore instance is injected for the AccountController I can't retrieve the passed acr_value.

以前有人遇到过这个问题吗?

Has any one faced this problem before?

推荐答案

如果您还没有弄清楚，这里就是解决方法

if you haven't figure out yet, here is the solution

private readonly IIdentityServerInteractionService _interaction;


 var context = await _interaction.GetAuthorizationContextAsync(model.ReturnUrl);
            var tenant = context.Tenant;

这篇关于多租户身份服务器4的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！