Identityserver4 不同oidc方案的认证
我有一个代理是openid客户端。 在代理服务器上,我配置了两个方案:Identityserver4 不同oidc方案的认证,identityserver4,Identityserver4,我有一个代理是openid客户端。 在代理服务器上,我配置了两个方案: services.AddAuthentication(options => { options.DefaultScheme = "Bearer"; options.DefaultChallengeScheme = "oidc"; }) .AddCookie("C
services.AddAuthentication(options =>
{
options.DefaultScheme = "Bearer";
options.DefaultChallengeScheme = "oidc";
})
.AddCookie("Cookies")
.AddOpenIdConnect("oidc-app1", options =>
{
options.SignInScheme = "Cookies";
options.Authority = "http://sts.com";
options.RequireHttpsMetadata = false;
options.ClientId = "app1";
options.SaveTokens = true;
})
.AddOpenIdConnect("oidc-app2", options =>
{
options.SignInScheme = "Cookies";
options.Authority = "http://sts.com";
options.RequireHttpsMetadata = false;
options.ClientId = "app2";
options.SaveTokens = true;
});
这些方案仅在clientId中有所不同:app1和app2
我的客户根据请求选择方案:
string clientId = GetClientIdFromContext(context);
string schema = $"oidc-{clientId}";
var userResult = context.AuthenticateAsync(schema);
var user = userResult.Result.Principal;
// Not authenticated
if (user == null || !user.Identities.Any(identity => identity.IsAuthenticated))
{
return context.ChallengeAsync(schema);
}
else
{
return next();
}
对方案“app1”的身份验证成功
当我在方案“app2”上进行身份验证时:
-identity server发出令牌
-处理时,我收到错误“未验证”
此错误可能来自该代码:
Microsoft.AspNetCore.Authentication\RemoteAuthenticationHandler.cs:
// The SignInScheme may be shared with multiple providers, make sure this provider issued the identity.
string authenticatedScheme;
var ticket = result.Ticket;
if (ticket != null && ticket.Principal != null && ticket.Properties != null
&& ticket.Properties.Items.TryGetValue(AuthSchemeKey, out authenticatedScheme)
&& string.Equals(Scheme.Name, authenticatedScheme, StringComparison.Ordinal))
{
return AuthenticateResult.Success(new AuthenticationTicket(ticket.Principal,
ticket.Properties, Scheme.Name));
}
return AuthenticateResult.Fail("Not authenticated");
但我不能调试它
你能帮我吗?
您能解释一下这句话吗“签名方案可能会与多个提供商共享,请确保该提供商发布了该标识。”
谢谢你的帮助
祝福:)我已经找到了答案。在这种情况下,必须为每个提供程序提供不同的回调路径: