Base solution for your next web application
Open Closed

Multiple OpenID Connect providers in one tenant? #11722


User avatar
0
mdepouw created

Is there a way to configure multiple OpenID Connect providers out the box?

reference: Authentication configuration:

{
  "Authentication": {
    "AllowSocialLoginSettingsPerTenant": false,
    "Facebook": {
      "IsEnabled": "false",
      "AppId": "",
      "AppSecret": ""
    },
    "Twitter": {
      "IsEnabled": "false",
      "ApiKey": "",
      "ApiKeySecret": ""
    },
    "Google": {
      "IsEnabled": "false",
      "ClientId": "",
      "ClientSecret": "",
      "UserInfoEndpoint": "https://www.googleapis.com/oauth2/v2/userinfo"
    },
    "Microsoft": {
      "IsEnabled": "false",
      "ConsumerKey": "",
      "ConsumerSecret": ""
    },
    "OpenId": {
      "IsEnabled": "true",
      "ClientId": "4fb5e652-dc58-4370-95ca-fdfb3ba46273",
      "Authority": "https://spottedmahnb2c.b2clogin.com/spottedmahnb2c.onmicrosoft.com/B2C_1_BlahNewFormat/v2.0/",
      "Issuer": "https://spottedmahnb2c.b2clogin.com/80033dfd-6eab-42c4-bdf2-4e223d4b396f/v2.0/",
      "LoginUrl": "https://spottedmahnb2c.b2clogin.com/spottedmahnb2c.onmicrosoft.com/B2C_1_BlahNewFormat/oauth2/v2.0/authorize",
      "ValidateIssuer": "true",
      "ResponseType": "id_token",
      "ClaimsMapping": [{
          "claim": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier",
          "key": "name"
        }, {
          "claim": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
          "key": "emails"
        }
      ]
    },
    "WsFederation": {
      "IsEnabled": "false",
      "Authority": "",
      "ClientId": "",
      "Tenant": "",
      "MetaDataAddress": ""
    },
    "JwtBearer": {
      "IsEnabled": "true",
      "SecurityKey": "DemoProjectDemo_blah",
      "Issuer": "DemoProjectDemo",
      "Audience": "DemoProjectDemo"
    }
  }
}

4 Answer(s)
  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi @mdepouw

    If you set AllowSocialLoginSettingsPerTenant to true, then each tenant can define OpenIDConnect settings in the settings page. Does that work for you ?

  • User Avatar
    0
    mdepouw created

    Hi @ismcagdas 👋 - unfortunately no. We need multiple OpenID connect providers within one tenant.

    sidenote: question title updated to better reflect the ask

  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi @mdepouw

    Thanks. Currently this is not supported. Current system can be modified to support multiple OIDC providers. Will you ask user to select OIDC provider on hte login page to login with ?

  • User Avatar
    0
    mdepouw created

    Currently this is not supported

    I figured that was the case. I didn't want to start customizing when there's some functionality I wasn't aware of. GTG, thanks!