Open Closed

SSO-login-like-external-provider #8278


User avatar
0
Nathan created

I want to Add the “log in with SSO”, which is not the social login, but triggers the login with a companies own SSO configuration (Entra, ForgeRock, KeyCloak). it's mean the user will be configured in admin site in openIddict which store in openIddictApplication table. Do we have any way to show the button like external provider login method(microsoft, google, twitter)? and the handle flow like the image below. Please help to give any suggestions. Thanks


53 Answer(s)
  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    Do we have any way to show the button like external provider login method(microsoft, google, twitter)? and the handle flow like the image below. Please help to give any

    of course, you can, just like configuring an external provider

  • User Avatar
    0
    Nathan created

    Hi liangshiwei, Am I able to load the config from openIddictApplication table? Like the image

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    At this time, the application is in the initialization, so you can't inject the services.

    You can try to use ADO.NET to query the database at the time

  • User Avatar
    0
    Nathan created

    Hi, Yes, using ADO.Net is good approach to connect DB. And assume that, in the openIddictApplications table I have tenantId column. Do we have any way to catch the current tenant then filter in query on openIddictApplication table?

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    There is no current tenant during the application Initialize process. I think you need to use a configuration file like appsettings.json to define the current tenant.

  • User Avatar
    0
    Nathan created

    Hi, Do we have any way to do like my code here? I want to init the config for openiddict config first then I try to add event to load the config from database.

  • User Avatar
    0
    Nathan created

    Hi liangshiwei, Additional, Do we have any way to change the default name display on UI when using AddOpenIdConnect? I using the ClaimsIssuer and the name still as default

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    Do we have any way to do like my code here? I want to init the config for openiddict config first then I try to add event to load the config from database.

    yes, it's possible, you can give it a try, and you can inject services here.

    Additional, Do we have any way to change the default name display on UI when using AddOpenIdConnect? I using the ClaimsIssuer and the name still as default

    try

    .AddOpenIdConnect("OwnSSO", "Display name",....)
    
  • User Avatar
    0
    Nathan created

    Hi, yes, it's possible, you can give it a try, and you can inject services here. => I already tried but it's not able to set the clientId, clientSecret... again after call service to get the data from database. It's just get the inital value. Do you have example code? pls give me. Thanks

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    Don't change option values here, you need to change the redirectContext

    .AddOpenIdConnect("test","test", options =>
    {
        options.Events.OnRedirectToIdentityProvider = async redirectContext =>
        {
            redirectContext.Request.....
            redirectContext.Options.....
        }
    })
    
  • User Avatar
    0
    Nathan created

    Hi, could you help to capture the full setting for addOpenidConnect() which match with my concern about? Because as you know, I already captured the screen which I implement OnRedirectToIdentityProvider event and change the options value inside that. but it's seem not effect.

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Because as you know, I already captured the screen which I implement OnRedirectToIdentityProvider event and change the options value inside that. but it's seem not effect.

    what is your code now.

  • User Avatar
    0
    Nathan created

    Hi, For now, I do 2 steps like this

    1. I add the config in httphostapimodule like the image below :

    2. I overrided the onExternalPostLogin like this:

    and when I using the owner sso login so the url should come from the owner sso server not come from our application domain, right?

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    Yes, the URL should be the SSO Server URL

  • User Avatar
    0
    Nathan created

    Hi, yes, thank you. How about my code which I shared you above? Is that correct approch?

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    It's okay to redirect to the SSO server manually.

    The best way is to redirect in the OnRedirectToIdentityProvider event.

  • User Avatar
    0
    Nathan created

    Hi but, when I implement on OnRedirectToIdentityProviderForSignOut event then I am not able to reassign the options value. do you have any idea?

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    Sorry, should be OnRedirectToIdentityProvider method.

  • User Avatar
    0
    Nathan created

    Hi, Yes I used this method OnRedirectToIdentityProvider. but I am not able to reassign the options value.

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    okay, i will check it and get back to you.

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    It works for me

    context.Services.AddAuthentication()
        .AddOpenIdConnect("test","test", options =>
        {
            options.Authority = "https://localhost:44363/";
            options.ClientId = "test";
    
            options.Events.OnRedirectToIdentityProvider = async redirectContext =>
            {
                redirectContext.ProtocolMessage.IssuerAddress = "https://test.com";
                redirectContext.ProtocolMessage.Parameters["client_id"] = "test2";
    
            };
        });
    
  • User Avatar
    0
    Nathan created

    Hi, yes. please let me know asap. Thank you so much

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    you can check this https://abp.io/support/questions/8278/SSO-login-like-external-provider#answer-3a1655f8-011b-019e-4e65-5984107ee69b

  • User Avatar
    0
    Nathan created

    And one more external question. Do you know how to add and display custom more field on openIddict application in admin site?

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    See https://abp.io/docs/latest/framework/architecture/modularity/extending/module-entity-extensions

Made with ❤️ on ABP v9.1.0-preview. Updated on December 05, 2024, 12:19