Identityserver4: Multi-tenant or dynamic ClientID - identityServer 4 and ASP.NET Core 2.0

Created on 28 Feb 2018  路  8Comments  路  Source: IdentityServer/IdentityServer4

Hi People.
We have 1 Website (Client), and 1 Identity Server (Authorization Server with IdentityServer4).
Our website it is multi-tenant, then our customers will do something like http://customerName.MyWebsite.com

I would like in the Client side, when I am creating the Authentication, to use as cleintID the URL, so in the Authorization server I will call ClientStore =>FindClientByIdAsync(string clientId) to search in my database the URL to bring the right information.

The problem is this:

`public void ConfigureServices(IServiceCollection services)
{
services.AddAuthentication(options =>
{
options.DefaultScheme = "Cookies";
options.DefaultChallengeScheme = "oidc";
})
.AddCookie("Cookies")
.AddOpenIdConnect("oidc", options =>
{
options.SignInScheme = "Cookies";

                options.Authority = "http://localhost:5000";
                options.RequireHttpsMetadata = false; 

                options.ClientId = CONTEXT IS NULL to bring the URL; 
                options.ClientSecret = "ThisShouldBeAGoodSecret";

etc
});`

Since the Context is always null in the ConfigurationService I cannot read the URL.
Is it possible to create or add or edit the OpenIdConnect after the Startup.cs is called?

I read tons of examples with Core 1 about multi-tenancy, but in Core 2 does not apply those solutions, because many of the solutions are in Core 1, and are deprecated for Core 2.

Any suggestions? Ideas?

Thanks guys.

question
Source
picture mrnewrochelle
👍1

Most helpful comment

My wife just deliver our baby yesterday

Congrats!

picture brockallen on 2 Mar 2018
👍3

All 8 comments

You wouldn't change the client ID dynamically - the client is always the same.

You rather pass some extra parameter in the authorize request to indicate the tenant - this can be done using the OnRedirectingToIdentityProvider event on the handler.

leastprivilege picture leastprivilege on 1 Mar 2018
👍2

Thanks for the tip @leastprivilege I will try today to do that. My wife just deliver our baby yesterday so I wasn't able to code/read anything :) I'll let you know in a while (probably on Monda) if I was able to do your suggestion with OnRedirectingToIdentityProvide. I'm still in the Hospital until Sunday.
Just one silly question, where or how I can find OnRedirectingToIdentityProvide?
Thanks!
--Luis

mrnewrochelle picture mrnewrochelle on 2 Mar 2018
🎉2

My wife just deliver our baby yesterday

Congrats!

brockallen picture brockallen on 2 Mar 2018
👍3

My wife just deliver our baby yesterday

Congrats!

Just one silly question, where or how I can find OnRedirectingToIdentityProvider?

Have a look at this one. While being targeted to IDS3 it still applies to IDS4 https://github.com/IdentityServer/IdentityServer3/issues/841

vdecristofaro picture vdecristofaro on 4 Mar 2018
👍1

All set on this issue -- can we close?

brockallen picture brockallen on 1 Apr 2018

Sorry guys! Yes!! If any is curious I solve it by creating a Controller (I am using Razor Pages, and Core 2) and calling a StartAuthentication method (Login) in the client, and then in the acrValues I send the url.

`public async Task StartAuthentication()
{
//Get the hosting, these are some options
//1) _context.HttpContext.Request.Host.Value = localhost:5002
//2) _context.HttpContext.Request.Host.Host = "localhost"
//3) _context.HttpContext.Request.Host.Port = 5002
var host = _context.HttpContext.Request.Host.Host; // Option 2

        // read discovery document to find authorize endpoint
        var disco = await DiscoveryClient.GetAsync(Constants.Authority);
        var authorizeUrl = new RequestUrl(disco.AuthorizeEndpoint).CreateAuthorizeUrl(
            clientId: "Web.Client",
            responseType: "code id_token",
            scope: "openid profile AspCore.API offline_access",
            redirectUri: "http://localhost:5050/Account/callback",
            state: CryptoRandom.CreateUniqueId(), //"random_state",
            nonce: CryptoRandom.CreateUniqueId(), //"random_nonce",
            responseMode: "form_post",
            acrValues: host);

        return Redirect(authorizeUrl);
    }`

Thanks again.

mrnewrochelle picture mrnewrochelle on 6 Apr 2018

how to deal with tenantid on the id server side?

drowhunter picture drowhunter on 7 Dec 2018
👍2

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

lock[bot] picture lock[bot] on 12 Jan 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

cixonline picture cixonline  路  3Comments
not-good-with-usernames picture not-good-with-usernames  路  3Comments
garymacpherson picture garymacpherson  路  3Comments
osudude picture osudude  路  3Comments
chrisrestall picture chrisrestall  路  3Comments