Fatal编程技术网

Identityserver4 不同oidc方案的认证

identityserver4

Identityserver4 不同oidc方案的认证,identityserver4,Identityserver4,我有一个代理是openid客户端。 在代理服务器上,我配置了两个方案: services.AddAuthentication(options => { options.DefaultScheme = "Bearer"; options.DefaultChallengeScheme = "oidc"; }) .AddCookie("C

我有一个代理是openid客户端。 在代理服务器上,我配置了两个方案:

            services.AddAuthentication(options =>
            {
                options.DefaultScheme = "Bearer";
                options.DefaultChallengeScheme = "oidc";
            })
            .AddCookie("Cookies")
            .AddOpenIdConnect("oidc-app1", options =>
            {
                options.SignInScheme = "Cookies";

                options.Authority = "http://sts.com";
                options.RequireHttpsMetadata = false;

                options.ClientId = "app1";
                options.SaveTokens = true;
            })
            .AddOpenIdConnect("oidc-app2", options =>
            {
                options.SignInScheme = "Cookies";

                options.Authority = "http://sts.com";
                options.RequireHttpsMetadata = false;

                options.ClientId = "app2";
                options.SaveTokens = true;
            });
这些方案仅在clientId中有所不同:app1和app2

我的客户根据请求选择方案:

                string clientId = GetClientIdFromContext(context);
                string schema = $"oidc-{clientId}";

                var userResult = context.AuthenticateAsync(schema);
                var user = userResult.Result.Principal;

                // Not authenticated
                if (user == null || !user.Identities.Any(identity => identity.IsAuthenticated))
                {
                    return context.ChallengeAsync(schema);
                }
                else
                {
                    return next();
                }
对方案“app1”的身份验证成功

当我在方案“app2”上进行身份验证时: -identity server发出令牌 -处理时,我收到错误“未验证”

此错误可能来自该代码:

Microsoft.AspNetCore.Authentication\RemoteAuthenticationHandler.cs:

                // The SignInScheme may be shared with multiple providers, make sure this provider issued the identity.
            string authenticatedScheme;
            var ticket = result.Ticket;
            if (ticket != null && ticket.Principal != null && ticket.Properties != null
                && ticket.Properties.Items.TryGetValue(AuthSchemeKey, out authenticatedScheme)
                && string.Equals(Scheme.Name, authenticatedScheme, StringComparison.Ordinal))
            {
                return AuthenticateResult.Success(new AuthenticationTicket(ticket.Principal,
                    ticket.Properties, Scheme.Name));
            }

            return AuthenticateResult.Fail("Not authenticated");
但我不能调试它

你能帮我吗? 您能解释一下这句话吗“签名方案可能会与多个提供商共享,请确保该提供商发布了该标识。”

谢谢你的帮助
祝福:)

我已经找到了答案。在这种情况下,必须为每个提供程序提供不同的回调路径: