Last post May 13, 2019 03:29 PM by yogyogi
May 13, 2019 02:03 PMfirstname.lastname@example.org|LINK
I am developing one application in which there are multiple tenant and each tenant have their own identity provider configuration means one have azure AD and another have okta.
I have implemented two step login means first user will enter and username/email address through which we will identify tenant and its identity provider If user has identity provider setting we will redirect to authentication endpoint of provider else allow
user to do local login.
I have tried to implement above scenario using OpenId Connect. Used OnRedirectToIdentityProvider to override OpenIdConnectAuthenticationOptions to redirect to authentication end point as per tenant
ClientId = clientId,
Authority = authority,
RedirectUri = redirectUri,
PostLogoutRedirectUri = PostLogoutUri,
Scope = OpenIdConnectScope.OpenIdProfile,
ResponseType = OpenIdConnectResponseType.IdToken,
TokenValidationParameters = new TokenValidationParameters()
ValidateIssuer = false
Notifications = new OpenIdConnectAuthenticationNotifications
AuthenticationFailed = OnAuthenticationFailed,
RedirectToIdentityProvider = OnRedirectToIdentityProvider,
SecurityTokenValidated = (context) =>
RequireHttpsMetadata = false
private static Task OnRedirectToIdentityProvider(RedirectToIdentityProviderNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> notification)
notification.ProtocolMessage.ClientId = "XXXXXXXXXXX";
notification.ProtocolMessage.IssuerAddress = "https://XXX- XXXXX.XXX.com/oauth2/default/v1/authorize";
notification.ProtocolMessage.RedirectUri = "http://localhost:XXXX/Home/Callback";
notification.ProtocolMessage.PostLogoutRedirectUri = "http://localhost:XXXX/";
notification.ProtocolMessage.Scope = OpenIdConnectScope.OpenIdProfile;
notification.ProtocolMessage.ResponseType = OpenIdConnectResponseType.Code;
Using above code I am able to redirect to authentication endpoint using overridden settings but **SecurityTokenValidated** method not getting fired or I am not getting authentication token.
can any one please guide me whether my approach is correct or any other approach to achieve this?
May 13, 2019 03:29 PM|yogyogi|LINK
I think you should first implement all the steps properly and If you get any errors in a step then post it here so that you can get help.
Morever you can start from here - Integrate Google login in ASP.NET Core