- ABP Framework version: v6.0
- UI type: Blazor
- DB provider: EF Core / MongoDB
- Tiered (MVC) or Identity Server Separated (Angular): yes
Since the update 6.0 has the IdS replaced with the OpenIddict, I've been thinking how can I use it as a SAML2 Identity Provider since a client required us to use the DUO Single Sign-On and we were about to use the ABP's identity provider as an identity source for DUO SSO. Found this issue that OpenIddict can't be integrated in a SAML2P env but that was 6 years ago and hoping it won't be a case today since OpenIddict has updates (fingers crossed). We are migrating our existing projects to OpenIddict since IdS will end it's open-source support this year. I'm wondering if there is a way we can get out from this dilemma.
6 Answer(s)
-
0
hi
Though ASP.NET Core doesn't support SAML2P nor WS-Fed (yet),
Is the net core support the SAML2P or WS-Fed now?
-
0
Hi,
It think it's not yet but trying to find way if we can use the SAML2P IdP of DUO SSO as external or other identity source. It's like users have to choose either they want to be authenticated from abp's default auth or authenticate externally to DUO SSO. Set openiddict as the main authentication, so I believe we need the openiddict to communicate with DUO saml assertions and trust the source for the client to access the api resource.
-
0
so I believe we need the openiddict to communicate with DUO saml assertions and trust the source for the client to access the api resource.
Hi
This is not the scope of the framework. I refund your questions credits.
-
0
Grateful if you can assist as commercial we need to implement support with the identify provider to use SMAL2 functionality for the likes of Cisco Duo & Azure etc if this not in scope for the old framework are we missing something? (Seeking your guidance) or is this something we can purchase as an enhancement with Abp for openiddict?
-
0
https://support.abp.io/QA/Questions/3192/Does-ABP-support-multi-factor-authentication-eg-Duo-Google-Authenticator-OTP-etc
-
0
You can open issue at OpenIdDict about it or keep using IdentityServer4 if it's working for you. This is not something we can implement.