将Identity Server与SAML 2和其他Identity Providers一起使用的SSO [英] SSO using Identity Server with SAML 2 with other Identity Providers
问题描述
我使用带有OIDC的身份服务器4实现了身份验证和授权,以允许访问我们的应用程序的客户端获得访问我们的资源服务器(Web API)所需的令牌.这是当前的体系结构:
I implemented authentication and authorization using Identity server 4 with OIDC to allow clients accessing our application to get the necessary tokens to access our resource server (web APIs). This is the current architecture :
- Identity Server 4使用我的自定义数据库对用户进行身份验证
- 资源API(ASP.NET Core)
- Angular 2前端
我需要实现SSO,来自其他系统的用户将通过其身份提供者传递SAML2断言,以使他们无需登录我们的应用程序即可访问我们的资源API.
I need to implement SSO, where users from other systems will pass SAML2 assertions from their identity providers to allow them to access our resource APIs without logging in to our application.
我对于此步骤将在哪里发生,工作流程将是什么,我们的身份服务器将参与此过程以及如何使用Identity Server 4实施该过程感到有些困惑.
I have some confusion about where this step will happen, and what will be the workflow, will our identity server be involved in this process and how to implement that using Identity Server 4.
推荐答案
目前,ASP.NET Core不支持SAML2.
Right now there is no SAML2 support for ASP.NET Core.
如果使用的是IdentityServer3,则可以通过Kentor身份验证中间件充当SAML2 SP.这不适用于ASP.NET Core.
If you are using IdentityServer3, you can act as a SAML2 SP via the Kentor authentication middleware. This is not available for ASP.NET Core yet.
通常来说-您不能使用SAML2来保护API-它是基于Web的SSO的协议-不能访问API.
Generally speaking - you cannot use SAML2 to secure APIs - it is a protocol for web based SSO - not API access.
这篇关于将Identity Server与SAML 2和其他Identity Providers一起使用的SSO的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
