0

As it is now, we add external authentication in ConfigureServices with somehting like

services.AddAuthentication(options =>
    {
        options.DefaultScheme = "Cookies";
        options.DefaultChallengeScheme = "oidc";
    })
    .AddCookie("Cookies")
    .AddOpenIdConnect(...

During startup, I retrieve all federation configurations (both Oidc and WsFed) and wire them up in ConfigureServices.

But imagine a multi-tennant scenario where new federation configurations are added as new clients are added. The only solution I know of is to recycle the application so the ConfigureServices can run again, retrieve the entries for required integrations and add a call for each. This would really be useful to be able to do without the restart requirement. Any ideas are welcome.

danijels
  • 5,211
  • 4
  • 26
  • 36

2 Answers2

1

You can have multiple AddOpenIdConnect in an application, the most important thing you need to do is to make sure these URLs are different for each one:

  CallbackPath = new PathString("/signin-oidc");
  SignedOutCallbackPath = new PathString("/signout-callback-oidc");
  RemoteSignOutPath = new PathString("/signout-oidc");

However I don't know if you can dynamically add/remove handlers at runtime.

Tore Nestenius
  • 16,431
  • 5
  • 30
  • 40
  • Yes, perhaps I was unclear - I'm fully aware of the fact that there can be multiple federations and we do have a bunch of Oidc and Wsfed already. It's the dynamic adding I want to get info on. – danijels Sep 25 '20 at 17:37
0

Yes you can add schema's dynamically, here is a sample https://github.com/aspnet/AuthSamples/tree/master/samples/DynamicSchemes its old code but still accurate. Make sure to do postconfigure steps as well, its explained here. Here is another good answer about this.

nahidf
  • 2,260
  • 1
  • 15
  • 22