Check the docs before asking a question: https://abp.io/docs/latest
Check the samples to see the basic tasks: https://abp.io/docs/latest/samples
The exact solution to your question may have been answered before, and please first use the search on the homepage.
Provide us with the following info:
🧐 Hint: If you are using the ABP Studio, you can see all the information about your solution from the configuration window, which opens when you right-click on the solution and click on the Solution Configuration button.
- ABP Framework version: v8.3.3
- UI Type: Blazor WASM
- Database System: EF Core (PostgreSQL)
- Tiered (for MVC) or Auth Server Separated (for Angular): yes
- Exception message and full stack trace: No exception message
- Steps to reproduce the issue: Have a non ABP application connected on Keycloak and an ABP application connected to Keycloak
Dear ABP Support Team,
We are encountering several issues with the integration of our ABP Commercial application and Keycloak in our project. Here are the specific details of the challenges:
Session Handling and Automatic Authentication Across Applications: Our organization uses a shared Keycloak environment with multiple clients. Two C# applications successfully connect to Keycloak. When logging in to the first application and then opening the second, the second application automatically authenticates thanks to browser's cookies and joins the same Keycloak session. However, our ABP Commercial application, despite proper configuration, does not automatically authenticate using the browser's cookies. Additionally, when manually logging in, the ABP application creates two separate sessions in Keycloak instead of joining the existing session. We would like guidance on: Enabling the ABP application to automatically authenticate if a user is already logged in to another application using the same Keycloak session. Understanding and resolving the issue of two sessions being created for the same client.
Tenant Integration Between ABP and Keycloak: We are implementing multi-tenancy in our ABP application and need to align tenants between ABP and Keycloak. Is it possible to configure ABP to recognize a user's tenant in Keycloak and automatically assign them to the corresponding tenant in ABP upon login? If so, could you provide guidance on achieving this? Your assistance in resolving these issues would be greatly appreciated. If additional configuration details or logs are needed, please let us know.
Thank you for your support.
Best regards, Maxime CABANEL COSOLUCE
1 Answer(s)
-
0
You can configure keyclock as an external login provider
https://abp.io/docs/latest/modules/account-pro#social-external-logins
Override the register model class to get tenant from claims, for example:
[Dependency(ReplaceServices = true)] [ExposeServices(typeof(RegisterModel))] public class MyRegisterModel : RegisterModel { public MyRegisterModel( IAuthenticationSchemeProvider schemeProvider, IOptions<AbpAccountOptions> accountOptions, IAccountExternalProviderAppService accountExternalProviderAppService, ICurrentPrincipalAccessor currentPrincipalAccessor, IHttpClientFactory httpClientFactory) : base(schemeProvider, accountOptions, accountExternalProviderAppService, currentPrincipalAccessor, httpClientFactory) { } public override async Task<IActionResult> OnPostAsync() { ExternalProviders = await GetExternalProviders(); if (IsExternalLogin) { var externalLoginInfo = await SignInManager.GetExternalLoginInfoAsync(); // get tenant from externalLoginInfo claims var tenantId = xxxx; using(CurrentTenant.Change(tenantId)) { return await base.OnPostAsync(); } } } }
