Activities of "maliming"

hi

AddJwtBearer method can map your okta_jwt_schema to compatible with abp.

.AddAbpJwtBearer(options =>
{

    options.MapInboundClaims = false;
    options.Events.OnTokenValidated = async tokenValidatedContext =>
    {
        var yourClaims = tokenValidatedContext.Principal?.Claims;
        
        // Mpa your okta claims to abp claims
        if (tokenValidatedContext.Principal?.Identity is ClaimsIdentity claimIdentity)
        {
            claimIdentity.AddClaim(AbpClaimTypes.UserId, "");
            claimIdentity.AddClaim(AbpClaimTypes.UserName, "");
            claimIdentity.AddClaim(AbpClaimTypes.SurName, "");
            claimIdentity.AddClaim(AbpClaimTypes.Email, "");
            claimIdentity.AddClaim(AbpClaimTypes.Role, "");
        }
    };

});

hi

Can you share your packages.json file?

Have npm packages been upgraded to 9.x?

hi

ABP will not recognize these claims.

They come from another system, so they can't work with the abp authentication/permission system.

eg: you have a user(id: 123) in your local database. but with okta_jwt_schema claims, abp doesn't know the current user.

hi

Can you check the current principal(HttpContext.User) after authentication using okta_jwt_schema?

What are the claims(type:value)?

The CurrentUser's values come from claims.

AddJwtBearer("okta_jwt_schema", options =>
{
    options.Authority = configuration["Okta:Authority"];
    options.RequireHttpsMetadata = Convert.ToBoolean(configuration["Okta:RequireHttpsMetadata"]);
    options.Audience = "api://default";
    options.TokenValidationParameters = new TokenValidationParameters
    {
        ValidateIssuerSigningKey = true,
        ValidIssuer = "https://dev-96317405.okta.com/oauth2/default",
        ValidAudience = "api://default",
        ValidateLifetime = true
    };
});

hi

Does ABP support SSO via SAML on each tenant? If it is not supported, how should we proceed if we want to implement SAML SSO ourselves? Also, are there any plans to support SAML in the future?

If you can use SAML in the ASP Net core app, then you can use it in the abp project.

In ABP's recommended best practices, what are the differences in use cases (best practices) between OAuth login and External logins (social login) on each tenant?

• OAuth Login feature is authentication by password flow (username and password)
• External logins feature is authentication by code flow or implicit flow.

You can choose it based on your needs.

Thanks. I have created an internal issue to tracking this case.

Hi We will add new setting in 9.2 version.

Please create a new question.

Thanks.

hi

Sorry about that. We will reconsider the changes. You can use this file to override the 9.0 behavior.

https://we.tl/t-wKuvMQw8q0

hi

Add the code below to AuthServer to disable Antiforgery check for account/login endpoint.

context.Services.AddRazorPages(options =>
{
    options.Conventions.AddPageApplicationModelConvention("/Account/Login", model =>
    {
        model.Filters.Add(new IgnoreAntiforgeryTokenAttribute());
    });
});

hi

There is no AntiforgeryValidationException error in your logs.

What are your current exceptions?

Thanks.