- ABP Framework version: v7.0.0
- UI Type: MVC
- Database System: EF Core (SQL Server, Oracle, MySQL, PostgreSQL, etc..)
- Tiered (for MVC) or Auth Server Separated (for Angular): Auth Server separated (modular approach)
- Exception message and full stack trace:
- Steps to reproduce the issue:
Hi,
We are running a multi-tenanted solution using ABP Commercial, and we are considering replacing the Auth Server module with a third-party Identity Management Platform such as Auth0.
I read something about the use of external logins on the Auth Server, but I would like to have an actual single sign-on solution and let a single identity potentially have access to multiple tenants, as that's something very common in our industry.
Could you please give me some instructions on what things I should do and consider to make this happen?
Thanks!
7 Answer(s)
-
0
I read something about the use of external logins on the Auth Server
I think it should be working. have you give it a try?
-
0
I read something about the use of external logins on the Auth Server
I think it should be working. have you give it a try?
Thanks for looking into my ticket but, as I said, I would like to have an actual single sign-on solution and let a single identity potentially have access to multiple tenants, as that's something very common in our industry.
Could you please give me some instructions on what things I should do and consider to make this happen?
-
0
hi
You can try to replace
AddOpenIdConnectwith auth0 in the MVC project. It's simple.let a single identity potentially have access to multiple tenants, as that's something very common in our industry.
You can change the current to access the data in other tenants.
https://docs.abp.io/en/abp/latest/Multi-Tenancy#change-the-current-tenant
-
0
Thanks @maliming!
Would you have any examples of how to replace
AddOpenIdConnect? If I manage to replace that with Auth0, do I still have to keep the ABP's Identity Server alive? -
0
hi
The ABP's identity module will exist in the API project.
https://auth0.com/blog/exploring-auth0-aspnet-core-authentication-sdk/
Auth0 Web API -
0
Thanks for the link! I had seen that bit already.
Authenticating with Auth0 will be fine, I'm sure. Still, I'm looking for guidance on how to use a 3rd party but also continue to leverage ABP's authorisation bits like permissions, roles, current tenant identification and all that.
Could you please help me with that? What are the things that will break into ABPs authorisation system when I decide to not use the out-of-the-box auth server? What are the things to be replaced/re-written/extended?
-
0
Hi,
You can use the external login and disable the local login.
https://docs.abp.io/en/commercial/latest/modules/account#install-a-new-external-login https://docs.abp.io/en/commercial/latest/modules/account#local-login
For SSO, you can configure the shared cookie domain:
https://learn.microsoft.com/en-us/aspnet/core/security/cookie-sharing?view=aspnetcore-8.0
for example:
context.Services.AddAuthentication(options => { options.DefaultScheme = "Cookies"; options.DefaultChallengeScheme = "oidc"; }) .AddCookie("Cookies", options => { options.Cookie.Name = ....; options.Cookie.Domain = ....; ..... })
