-
Notifications
You must be signed in to change notification settings - Fork 4k
Go to a different login page depending on the client requested URL #1554
Comments
The client creates the redirect. It has complete control of where the user signs in.
..Tom's phone
On Sep 22, 2017, at 12:46 PM, Pierre-Olivier Bonin <notifications@github.com<mailto:notifications@github.com>> wrote:
Hi! I user Identity Server 4 with an Asp.Net<http://Asp.Net> core web app, two different web apps.
If a user request an authorize page on my client and is not authenticated, he will be redirected to the Identity server to the login page (/account/login).
What if I want to redirect a non-authenticated user to an OTHER login page on the identity server (example /account/loginTwo), based on specific Client scenario?
Example :
www.client.com/home<http://www.client.com/home> -> redirects to www.identityserver.com/account/login<http://www.identityserver.com/account/login>
www.client.com/homeTwo<http://www.client.com/homeTwo> -> redirects to www.identityserver.com/account/loginTwo<http://www.identityserver.com/account/loginTwo>
Can we do such a thing?
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub<#1554>, or mute the thread<https://github.com/notifications/unsubscribe-auth/AKxq1rkmIKLxTWVYZR9xOkH6SZLRNSReks5slA51gaJpZM4PhJ8W>.
|
Yes but this is in the startup class, within the AddIdentityServer service. I already defined my principal login route there. But what if I want to specify an other route based on the current context of a client URL? Or how can I pass a parameter to the Identity server login controller so that I can re-route the user to the correct login page? Both login page to not have the same design based on where in the client you are coming from (return url) |
add another piece of middleware which changes the response before it is sent. put some magic value in the redirect URL and change it on the way out.
…________________________________
From: Pierre-Olivier Bonin <notifications@github.com>
Sent: Friday, September 22, 2017 1:04 PM
To: IdentityServer/IdentityServer4
Cc: tom jones; Comment
Subject: Re: [IdentityServer/IdentityServer4] Go to a different login page depending on the client requested URL (#1554)
Yes but this is in the startup class, within the AddIdentityServer service. I already defined my principal login route there. But what if I want to specify an other route based on the current context of a client URL? Or how can I pass a parameter to the Identity server login controller so that I can re-route the user to the correct login page? Both login page to not have the same design based on where in the client you are coming from (return url)
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub<#1554 (comment)>, or mute the thread<https://github.com/notifications/unsubscribe-auth/AKxq1v1GsfACX6CMODAEjT86BpoTQnp1ks5slBK6gaJpZM4PhJ8W>.
|
another way to do this is in the _loginpartial page. Add logic there to select. You have lots of options.
…________________________________
From: Tom Jones
Sent: Friday, September 22, 2017 1:09 PM
To: IdentityServer/IdentityServer4
Subject: Re: [IdentityServer/IdentityServer4] Go to a different login page depending on the client requested URL (#1554)
add another piece of middleware which changes the response before it is sent. put some magic value in the redirect URL and change it on the way out.
________________________________
From: Pierre-Olivier Bonin <notifications@github.com>
Sent: Friday, September 22, 2017 1:04 PM
To: IdentityServer/IdentityServer4
Cc: tom jones; Comment
Subject: Re: [IdentityServer/IdentityServer4] Go to a different login page depending on the client requested URL (#1554)
Yes but this is in the startup class, within the AddIdentityServer service. I already defined my principal login route there. But what if I want to specify an other route based on the current context of a client URL? Or how can I pass a parameter to the Identity server login controller so that I can re-route the user to the correct login page? Both login page to not have the same design based on where in the client you are coming from (return url)
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub<#1554 (comment)>, or mute the thread<https://github.com/notifications/unsubscribe-auth/AKxq1v1GsfACX6CMODAEjT86BpoTQnp1ks5slBK6gaJpZM4PhJ8W>.
|
So I did some research, what I actually want to do is pass an acr_value param to my IDP login controller, so I can select which Login view I want to show to the current user. I use the |
Why don't you have your login page read acr_values and then decide what to show? What's the real-world use case for this requirement, BTW? |
@brockallen Well, my question was how to pass those acr_values from the client to the IDP. I managed to make it work by removing the A real-world use case would be, for instance, different login pages to get to a specific action controller method. Imagine a CMS secured page managed by an admin. The admin wants to invite a user to also manage the page. The user has different claims and roles. The user will receive an invitation URL referring to that page, but when using the link, he will be redirected to a register/login page having the info of page his trying to access, Like the title and the owner (the admin name). Admin has a more generic Login page. So technically, the way a user and an admin access this page, like the login page, is not the same, or at least, is showing different info to the user. By design, I had to tell the IDP page which scenario to use: An admin wants to access the page or a user. So would you say my implementation for this scenario is good? |
Admin wants to access User wants to access So in |
this is up to the client OIDC library you're using. check their docs. as for your real world scenarios, it's still not clear why different user types would have different login pages. |
real-world sites run into this all the time. |
branding is different than different login logic. i'm not clear why the login page can't simply do the check it needs to and then either render something different, or redirect again somewhere else. IOW, the login page is the right place in our design for adding this custom logic, IMO. |
that it the best place for it. |
Guys this is just an example. The real issue is not if there’s 1 or 2 login pages. The issue is how do we pass ace_values to the IDP, from the client, if the client uses [Authorize] attributes... |
I already said above:
|
I look deeper into it thank you! |
Hi, I am new to IdentityServer4 and I want to know how it is redirected to account/login by default. |
@surya19876 |
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
Hi! I use Identity Server 4 with an Asp.Net core web app, two different web apps.
If a user request an authorize page on my client and is not authenticated, he will be redirected to the Identity server to the login page (/account/login).
What if I want to redirect a non-authenticated user to an OTHER login page on the identity server (example /account/loginTwo), based on specific Client scenario?
Example :
www.client.com/home -> redirects to www.identityserver.com/account/login
www.client.com/homeTwo -> redirects to www.identityserver.com/account/loginTwo
Can we do such a thing?
The text was updated successfully, but these errors were encountered: