Hi,
Currently I'm trying to integrate Microsoft Entra Id to my project. I have configured Authority as DynamicOptions property to support the multi-tenant Authority endpoint of Microsoft Entra.
Noticed that, this Authority property not working even i have assigned the value of Authority in frontend.
Noticed that, Authority value defined in the frontend isn't being applied which results in an empty authorization endpoint when redirecting to Microsoft Entra.
Could you advise how to configure the Authority property dynamically to support Microsoft Entra's multi-tenant endpoint?
Thanks.
8 Answer(s)
-
0
hi
You have to assign it a valid value initially, and it will change at runtime based on your current tenant.
-
0
Hi, I have assigned a valid
Authorityvalue initially. After that, I login to tenant and purposely modify theAuthorityendpoint to become invalidlogin1.microsoftonline.com, but the change doesn't seem to take effect. Could you advice?Remarks: I have performed clear cache as well.
Thanks.
-
0
hi
Can you share a test project that inlcude your ms external login info?
liming.ma@volosoft.com
Thanks.
-
0
Hi,
Sent via email.
Thanks
-
0
Thanks. I will check it.
-
0
hi
Add to your
AuthServerproject.using Microsoft.AspNetCore.Authentication.OpenIdConnect; using Microsoft.IdentityModel.Protocols; using Microsoft.IdentityModel.Protocols.OpenIdConnect; using Volo.Abp.Account.Public.Web.ExternalProviders; using Volo.Abp.DependencyInjection; namespace AbpMicroservices.AuthServer; public class MyOpenIdConnectOptionsPostConfigureAccountExternalProviderOptions : IPostConfigureAccountExternalProviderOptions<OpenIdConnectOptions>, ITransientDependency { public Task PostConfigureAsync(string name, OpenIdConnectOptions options) { if (!string.IsNullOrEmpty(options.Authority)) { options.MetadataAddress = options.Authority; if (!options.MetadataAddress.EndsWith('/')) { options.MetadataAddress += "/"; } options.MetadataAddress += ".well-known/openid-configuration"; } options.ConfigurationManager = new ConfigurationManager<OpenIdConnectConfiguration>(options.MetadataAddress, new OpenIdConnectConfigurationRetriever(), new HttpDocumentRetriever(options.Backchannel) { RequireHttps = options.RequireHttpsMetadata }) { RefreshInterval = options.RefreshInterval, AutomaticRefreshInterval = options.AutomaticRefreshInterval, }; return Task.CompletedTask; } } -
0
Hi,
Is it necessary to initialize a valid
Authorityvalue at first place? Can we leaveAuthorityempty and have it resolved at runtime, similar to howClientIdandClientSecretare handled? I have tried to leaveAuthorityempty, but it seem not working.Thanks.
-
0
The
OpenIdConnectwill validate theOpenIdConnectOptions. So you have to set a value initially.
