Abp: Separate Identity Server: Advantages, disadvantages, when use specific configuration

If you have multiple independent projects, they all need to use the same set of authentication and authorization systems.

It would be a good practice to separate the authentication and authorization system.

Ok. What about transition from integrated to separated (and vice versa)? Is this complicated process?

What about transition from integrated to separated (and vice versa)? Is this complicated process?

Actually not, it is just adding/removing some NuGet packages and some startup configuration. The change is small, but since the topology is changing, you should be careful. It is always hard to configure IdentityServer4 :)

Is there any documentation how to properly run project if you have separated IS (for abp Commercial)?
I have abp Commercial v2.8.0 and connection strings in .HttpApi.ost and .IdentityServer points to the host database.
There are also one tenant database (separated) and I can set this tenant in Angular application (which recognises it).
However, when I amke successful login for admin user, there is still "Login" on the upper-right corner. There is also no menu (except "Home").
The situation is identical when I log in as admin on host.

How can we achieve, that each tenant would also have separated database in IdentityServer application. We want to make sure if one tenant decide to migrate "his system" somewhere else, that we just grab all his databases and restore them to the new final destination (and also establish new API and IdentityServer environment on new application server)?

Thank you.

@maliming Is somehow possible to create such design, that Identity Server is separated and can be used among multiple abp applications?

Requirements:

• Each application (MyApp1, MyApp2,...) have tenant data in separated databases (so if one tenant wants to go on-premise that this is possible to transfer relatively quickly).

• Single-Sign-On (SSO) between multiple abp applications. The business requirement is, that applications have to be separated (not just modules inside one application).

• MyAuthenticationServer is also abp application.
  The main purpose for such system design is that one abp application (let's say "MyApplicationMain") is capable to login to host for each application (MyApp1, MyApp2,...) and retrive some tenant data.

Thank you.

I would like to create a system like @leonkosak. But a tenant can use one or more applications.
Such like google. You have an account, and can use gmail, gg map, ... etc.
So the tenant database should be in one place.
Is it possible to create such design using Abp.io ?

Thank you

@hikalkan, is this possible to implement such identity server in robust and safe way?

I didn't have time to understand the whole discussion. I will check when I have more time.

Do you have time to check it? @hikalkan

Did't have time, I will check in this week, sorry for the delay.

Hi guys,

Short answer: Yes, it should be possible to design such a system.

Designed a topology is not a simple work. We can not create and maintain example solutions for every kind of different system. Real life requirements vary a lot. This could be a "consultancy" work.

If you have a problem with a specific point, we are appreciate to help on it.@leonkosak for the login problem, we can test it. Do you have a sample application or can you write the steps how we can reproduce the problem.

@hikalkan, forget about the issue. I think that this not worked because we commented out redis-related code dfrom Startup.cs. :)