hi
ABP will not recognize these claims.
They come from another system, so they can't work with the abp authentication/permission system.
eg: you have a user(id: 123) in your local database. but with okta_jwt_schema claims, abp doesn't know the current user.
hi
Can you check the current principal(HttpContext.User) after authentication using okta_jwt_schema?
What are the claims(type:value)?
The CurrentUser's values come from claims.
AddJwtBearer("okta_jwt_schema", options =>
{
options.Authority = configuration["Okta:Authority"];
options.RequireHttpsMetadata = Convert.ToBoolean(configuration["Okta:RequireHttpsMetadata"]);
options.Audience = "api://default";
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
ValidIssuer = "https://dev-96317405.okta.com/oauth2/default",
ValidAudience = "api://default",
ValidateLifetime = true
};
});
hi
Does ABP support SSO via SAML on each tenant? If it is not supported, how should we proceed if we want to implement SAML SSO ourselves? Also, are there any plans to support SAML in the future?
If you can use SAML in the ASP Net core app, then you can use it in the abp project.
In ABP's recommended best practices, what are the differences in use cases (best practices) between OAuth login and External logins (social login) on each tenant?
You can choose it based on your needs.
Thanks. I have created an internal issue to tracking this case.
Hi We will add new setting in 9.2 version.
Please create a new question.
Thanks.
hi
Sorry about that. We will reconsider the changes. You can use this file to override the 9.0 behavior.
https://we.tl/t-wKuvMQw8q0
hi
Add the code below to AuthServer to disable Antiforgery check for account/login endpoint.
context.Services.AddRazorPages(options =>
{
options.Conventions.AddPageApplicationModelConvention("/Account/Login", model =>
{
model.Filters.Add(new IgnoreAntiforgeryTokenAttribute());
});
});
hi
There is no AntiforgeryValidationException error in your logs.
What are your current exceptions?
Thanks.
hi
Please try changing T to G and clearing Redis if you use it.
IsExternal will be set to true if a user login by oauth-login or ldap
https://abp.io/docs/commercial/latest/modules/identity/oauth-login https://abp.io/docs/latest/modules/identity/idap
hi alexander.nikonov
You can consider disabling the anti-forgery check for the logout endpoint Can you share the logs.txt file? I will check and share the code to disable it.
liming.ma@volosoft.com
Thanks.
