跳过IdentityServer3登录屏幕 [英] Skip IdentityServer3 login screen

问题描述

我们已将客户端应用程序配置为通过OpenID Connect协议使用IdentityServer3身份验证(它是使用OWIN中间件支持OIDC的ASP.NET MVC应用程序.)

We have configured Client App to use IdentityServer3 authentication via OpenID Connect protocol (it's ASP.NET MVC App that uses OWIN middleware to support OIDC).

IdentityServer3本身被配置为同时使用本地登录和外部登录(例如，Azure AD).

The IdentityServer3 itself is configured to use both local login and external login (Azure AD, for instance).

在常规流程中，一旦App需要验证用户身份，它会将其重定向到IdentityServer3登录屏幕-很好.但是在某些情况下，基于每个请求，我想通过某种方式让IdentityServer3知道用户要使用特定的外部身份提供者进行登录，从而绕过登录屏幕.

In the regular flow once App need to authenticate user it redirects him to the IdentityServer3 login screen - it's fine. But in some cases, on per-request basis, I want to bypass login screen by somehow letting IdentityServer3 know that user want to login with specific external identity provider right away.

那有可能吗?

推荐答案

只需在 IdentityServer3的授权/身份验证端点文档！

acr_values(可选)允许通过其他与身份验证相关的信息 提供给用户服务的信息-也有一些特殊的值 含义: idp:name_of_idp绕过登录/家庭领域屏幕，并且 直接将用户转到所选的身份提供者(如果 允许每个客户端配置使用)tenant:name_of_tenant可用于 将租户名称传递给用户服务

acr_values (optional) allows to pass additional authentication related information to the user service - there are also values with special meaning: idp:name_of_idp bypasses the login/home realm screen and forwards the user directly to the selected identity provider (if allowed per client configuration) tenant:name_of_tenant can be used to pass a tenant name to the user service

如何使用OWIN OpenID Connect中间件传递其他参数: https://katanaproject.codeplex.com/workitem /325

How to pass additional parameters using OWIN OpenID Connect middleware: https://katanaproject.codeplex.com/workitem/325

以下是授权请求的示例:

Here is the sample of the authorization request:

这篇关于跳过IdentityServer3登录屏幕的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！