Skipping home realm discovery with Ws-Federation OWIN Middleware
Our Mvc/WebAPI solution currently has four trusted identity providers which we have registered in ADFS3. Each of these identity providers can be used by our users by direct
-
I think I found a solution. The new method for skipping the home realm screen would be like this :
private void FederatedSignInWithHomeRealm(string homeRealm) { HttpContext.Request .GetOwinContext() .Authentication .SignOut(CookieAuthenticationDefaults.AuthenticationType); var authenticationProperties = new AuthenticationProperties { RedirectUri = "/" }; authenticationProperties.Dictionary.Add("DirectlyToIdentityProvider", homeRealm); HttpContext.GetOwinContext().Authentication.Challenge(authenticationProperties); }And the OWIN WS-Federation middleware would be configured like this :
app.UseWsFederationAuthentication(new WsFederationAuthenticationOptions { Notifications = new WsFederationAuthenticationNotifications() { RedirectToIdentityProvider = notification => { string homeRealmId = null; var authenticationResponseChallenge = notification.OwinContext .Authentication .AuthenticationResponseChallenge; var setIdentityProvider = authenticationResponseChallenge != null && authenticationResponseChallenge.Properties .Dictionary .TryGetValue("DirectlyToIdentityProvider", out homeRealmId); if (setIdentityProvider) { notification.ProtocolMessage.Whr = homeRealmId; } return Task.FromResult(0); } }, MetadataAddress = wsFedMetadata, Wtrealm = realm, SignInAsAuthenticationType = CookieAuthenticationDefaults.AuthenticationType, TokenValidationParameters = new TokenValidationParameters { ValidAudience = realm } });讨论(0)
加载中...
- 热议问题