New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

IdentityServerAuthenticationService doesn't work well with the new dynamic/policy auth schemes in 2.1 #2489

Closed
brockallen opened this Issue Jul 27, 2018 · 5 comments

Comments

Projects
None yet
2 participants
@brockallen
Member

brockallen commented Jul 27, 2018

Since the dynamic schemes are now going to be used as the default scheme, those names will not line up with the actual cookie scheme being issued at login time. Our logic to augment the cookie with claims does not trigger, and then there's an error when we try to issue the token (it's the "idp claim is missing" exception).

@Mardoxx

This comment has been minimized.

Show comment
Hide comment
@Mardoxx

Mardoxx Aug 1, 2018

Contributor

What's the issue here - have you got a couple simple steps to make a failing example?

I'm guessing it's to do with

public async Task SignInAsync(HttpContext context, string scheme, ClaimsPrincipal principal, AuthenticationProperties properties)
{
var defaultScheme = await _schemes.GetDefaultSignInSchemeAsync();
var cookieScheme = await GetCookieAuthenticationSchemeAsync();

So I assume it's relying that GetDefaultAuthenticateSchemeAsync() from GetCookieAuthenticationSchemeAsync() returns cookie auth scheme?

Contributor

Mardoxx commented Aug 1, 2018

What's the issue here - have you got a couple simple steps to make a failing example?

I'm guessing it's to do with

public async Task SignInAsync(HttpContext context, string scheme, ClaimsPrincipal principal, AuthenticationProperties properties)
{
var defaultScheme = await _schemes.GetDefaultSignInSchemeAsync();
var cookieScheme = await GetCookieAuthenticationSchemeAsync();

So I assume it's relying that GetDefaultAuthenticateSchemeAsync() from GetCookieAuthenticationSchemeAsync() returns cookie auth scheme?

@brockallen

This comment has been minimized.

Show comment
Hide comment
@brockallen

brockallen Aug 2, 2018

Member

GetDefaultAuthenticateSchemeAsync is now possibly returning a scheme that's not real. There's a new "virtual" scheme feature.

Member

brockallen commented Aug 2, 2018

GetDefaultAuthenticateSchemeAsync is now possibly returning a scheme that's not real. There's a new "virtual" scheme feature.

@brockallen

This comment has been minimized.

Show comment
Hide comment
@brockallen

brockallen Aug 3, 2018

Member

This discussion (aspnet/Security#1832 (comment)) makes me think we can't rely upon anything anymore, so just make an explicit "What's Your Cookie Scheme" property on our AuthenticationOptions. Yet another thing to configure.

Member

brockallen commented Aug 3, 2018

This discussion (aspnet/Security#1832 (comment)) makes me think we can't rely upon anything anymore, so just make an explicit "What's Your Cookie Scheme" property on our AuthenticationOptions. Yet another thing to configure.

@brockallen

This comment has been minimized.

Show comment
Hide comment
@brockallen

brockallen Aug 4, 2018

Member

PR submitted

Member

brockallen commented Aug 4, 2018

PR submitted

brockallen added a commit that referenced this issue Aug 6, 2018

@brockallen brockallen added enhancement and removed core ready bug labels Aug 6, 2018

@brockallen

This comment has been minimized.

Show comment
Hide comment
@brockallen

brockallen Aug 6, 2018

Member

merged

Member

brockallen commented Aug 6, 2018

merged

@brockallen brockallen closed this Aug 6, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment