.net core 启动后添加IDP
我目前正在dotnetcore 2.1上运行多个IdentityServer4实例(很快将迁移到3.0),并在数据库中存储了SAML IDP列表。我可以在启动时使用以下代码作为authenticationBuilder上的扩展来初始化它们.net core 启动后添加IDP,.net-core,asp.net-identity,identityserver4,sustainsys-saml2,.net Core,Asp.net Identity,Identityserver4,Sustainsys Saml2,我目前正在dotnetcore 2.1上运行多个IdentityServer4实例(很快将迁移到3.0),并在数据库中存储了SAML IDP列表。我可以在启动时使用以下代码作为authenticationBuilder上的扩展来初始化它们 //add IDPs at startup - saml providers comes from DB foreach (var samlProvider in samlProviders) {
//add IDPs at startup - saml providers comes from DB
foreach (var samlProvider in samlProviders)
{
authenticationBuilder.AddSaml2(samlProvider.Scheme, samlProvider.Name, options =>
{
var entityId = new EntityId(my.EntityId);
options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;
options.SPOptions.EntityId = entityId;
options.SPOptions.ModulePath = samlProvider.ModulePath;
if (samlProvider.MinimumSigningAlgorithm != null)
options.SPOptions.MinIncomingSigningAlgorithm = samlProvider.MinimumSigningAlgorithm;
var idp = new IdentityProvider(entityId, options.SPOptions)
{
Binding = Saml2BindingType.HttpRedirect,
LoadMetadata = true
};
if (samlProvider.MetaDataLocation != null)
idp.MetadataLocation = samlProvider.MetaDataLocation;
options.IdentityProviders.Add(idp);
});
}
我希望能够在启动后根据前面提到的SamlProviders表的内容添加或删除IDP。我创建了一个这样做的服务,并由后台工作人员调用,因为我们正在运行多个服务器,需要保证每个服务器更新
// get list of new and removed providers
foreach (var provider in removedProviders)
{
_schemeProvider.RemoveScheme(provider.Name);
// Do I need to remove previous options from the SAML cache?
}
foreach (var provider in providerList)
{
Saml2Options newOptions = BuildSaml2Options(provider.EntityId, provider.ModulePath, provider.MinimumSigningAlgorithm, provider.MetaDataLocation);
if (await _schemeProvider.GetSchemeAsync(provider.Scheme) == null)
_schemeProvider.AddScheme(new AuthenticationScheme(provider.Scheme, provider.Name, typeof(Saml2Handler)));
//How can I add saml options for the new authentication scheme here?
}
是否可以像这样动态添加新的身份提供程序?如果是,是否可以返回到存储设置的位置,并为每个提供商更新设置,或添加/删除设置以进行提供商更改,而无需回收应用以运行配置服务