- ABP Framework version: latest
- UI type: identity server MVC
Abp's SSO implementation is completely broken and requires users to register using the login page. Existing users cannot login by SSO at all. Its a bug that I reported over a year ago and exists on your own website. There isn't even an SSO option on the register page. It is essentially unusable in its current form.
Standard SSO flow would be as below. Do you intend to fix this any time soon, if not how can I do this myself?
SSO authenticated
- single user email exists
- Login to matching account
- multiple user emails exist
- display tenant selector and login.
- email does not exist
- Register new account
Example.
4 Answer(s)
-
0
hi
I agree with you, I have created an Internal issue.
-
0
hi
What's your ABP Framework version?
I checked.
- single user email exists
- Login to matching account
- email does not exist
- Register new account
This is already implemented.
- single user email exists
-
0
Thanks I'll taker another look, it may be that we have made a mistake with the merging of the IDS MVC pages as we have several overrides setup and may be using some outdates files.
Regarding the flow, I took another bash at designing something that matches how ABP handles tenants.
For standard logins logins I've moved password to a later page once the tenant is identified, either by the custom tenant handler or by the tenant selection page.
Are there any plans to implement a tenant selector page like this? This seems like too much custom code to safely add to our project without causing a security issues if we ever failed to merge changes correctly. If not, any idea how best to approach this?
-
0
hi I will report this feature request back to the team,
