I want to use same user in different tenants. I can duplicate the user for different tenants but I doesn't solve my main problem. User should able to change the tenant without re-login. Therefore token info has to be changed. Is there any best practice solution about this?
I don't use any external authentication provider. If you have also about LDAP or OpenId solution for this issue please share with us.
Please answer the following questions before submitting an issue. YOU MAY DELETE THE PREREQUISITES SECTION.
Hi, I have tried it also but I got the same problem. Our keycloak server works on http, do you think it is a problem?
I have added the following code into AuthConfigure:
authenticationBuilder.AddOpenIdConnect(options =>
{
options.ClientId = configuration["Authentication:OpenId:ClientId"];
options.Authority = configuration["Authentication:OpenId:Authority"];
options.SignedOutRedirectUri = configuration["App:ServerRootAddress"] + "Account/Logout";
options.ResponseType = OpenIdConnectResponseType.IdToken;
options.RequireHttpsMetadata = false;
options.MetadataAddress = new Uri(new Uri(options.Authority), ".well-known/openid-configuration").ToString();
options.TokenValidationParameters = new TokenValidationParameters()
{
ValidateIssuer = bool.Parse(configuration["Authentication:OpenId:ValidateIssuer"])
};
options.Events.OnTokenValidated = context =>
{
var jsonClaimMappings = new List<JsonClaimMap>();
configuration.GetSection("Authentication:OpenId:ClaimsMapping").Bind(jsonClaimMappings);
context.AddMappedClaims(jsonClaimMappings);
return Task.FromResult(0);
};
var clientSecret = configuration["Authentication:OpenId:ClientSecret"];
if (!clientSecret.IsNullOrEmpty())
{
options.ClientSecret = clientSecret;
}
});
Any advice ? Thanks.
I am trying to integrate with keycloak but I am getting the following error when I am calling “api/TokenAuth/ExternalAuthenticate” api: "IDX20108: The address specified 'System.String' is not valid as per HTTPS scheme. Please specify an https address for security reasons. If you want to test with http address, set the RequireHttps property on IDocumentRetriever to false. (Parameter 'address')"
Keycloak config:
"OpenId": { "IsEnabled": "true", "ClientId": " demo-app", "ClientSecret": "", "Authority": "http://localhost:8080/auth/realms/demo-app/", "LoginUrl": "http://localhost:8080/auth/realms/master/protocol/openid-connect/auth", "ValidateIssuer": "false", "ClaimsMapping": [ { "claim": "unique_name", "key": "preferred_username" } ] }
Also i have tried the following configuration:
"OpenId": { "IsEnabled": "true", "ClientId": "demo-app", "ClientSecret": "", "Authority": "http://localhost:8080/auth/realms/master/", "LoginUrl": "http://localhost:8080/auth/realms/master/protocol/openid-connect/auth", "ValidateIssuer": "false", "ClaimsMapping": [ { "claim": "unique_name", "key": "preferred_username" } ] }
Also I have added the following code into AuthConfigure:
authenticationBuilder.AddOpenIdConnect(options =>
{
options.Authority = configuration["Authentication:OpenId:Authority"];
options.MetadataAddress = new Uri(new Uri(options.Authority), ".well-known/openid-configuration").ToString();
options.RequireHttpsMetadata = false;
options.ClientId = configuration["Authentication:OpenId:ClientId"];
options.SignedOutRedirectUri = configuration["Authentication:OpenId:LoginUrl"];
options.ResponseType = OpenIdConnectResponseType.IdToken;
options.ConfigurationManager =
new ConfigurationManager<OpenIdConnectConfiguration>
(
options.MetadataAddress,
new OpenIdConnectConfigurationRetriever(),
new HttpDocumentRetriever() { RequireHttps = options.RequireHttpsMetadata }
);
});
Merhaba
AspNet Zero Framework’unu kullanmaktayız Audit Log için hazır altyapıyı kullanmak istiyoruz fakat sanırım AuditLog configuration’de Database yerine elasticsearch’a bağlanabileceğimiz bi config ayarı yoktur. Bununla ilgili nasıl bir yol izlememizi önerirsiniz.
Teşekkürler Saygılar