FAQ Database Discussion Community


IdentityServer3 with external user management

authentication,authorization,thinktecture-ident-server,thinktecture
Given a scenario where a web hosted IdentityServer3 only handles authorization, being user authentication handled by an external custom service, what is required to implement to support this? A custom OWIN middleware?

Thinktecture v3 auto login for ADFS users within the same domain

single-sign-on,adfs,thinktecture-ident-server
I am using Thinktecture identity server v3 for authentication and authorization. It works good with local database. I added external identity provider as ADFS. It also works good but it asks credentials for intranet users. My requirement is automatically login the intranet users without asking credentials. If the user is...

Thinktecture “insufficient_scope” error. Singular scope claim versus list of scopes

openid,thinktecture-ident-server
I'm sure the answer is obvious, but it's eluding me at the moment. I get a 403 when my code tries to call /connect/userinfo and the message is "insufficient_scope". https://github.com/IdentityServer/IdentityServer3/blob/master/source/Core/Validation/TokenValidator.cs#L153 Above is the line of code that checks for the scope claim in a JWT and wants to find the...

Where do I log application-logins in Thinktecture Identity Server v3

thinktecture-ident-server,thinktecture
We have IdentityServer v3 with a custom UserService that handles two factor auth. We use it for many clients (webapps), and I would like to track the number of logins to the different applications. I see that GetProfileDataAsync is called every time a user navigates to a new client (happens...

Thinktecture IdentityServer3 - Single sign out for distributed system

authentication,single-sign-on,thinktecture-ident-server
I'm building an distributed system with multiple clients that use a single identity server for authentication. This provides single sign on between these clients. When a user signs out from one of the clients, and thus signs out from the identity server, can the identity server sign the user out...

Thinktecture Identityserver and Cordova app - Which flow should I use?

cordova,oauth,thinktecture-ident-server,ws-federation
We currently have identityserver v2 (and ws-fed for our websites), and now we would like to authenticate with a phonegap app. How could this be implemented? I understand ws-fed is not an option, so for oauth our options are (I might be wrong here): Resorce owner flow Implicit grant flow...

Skip IdentityServer3 login screen

openid,thinktecture-ident-server,openid-connect,thinktecture,identityserver3
We're having configured Client to use IdentityServer3 authentication using OpenID Connect (it's ASP.NET MVC App that uses OWIN middleware to support OpenID Connect protocol). The IdentityServer3 itself configured to use both, local login and external login (Azure AD, for instance). In the regular flow once App need to authenticate user...

How to secure IdentityManager with IdentityServer v3

asp.net,asp.net-identity,thinktecture-ident-server,thinktecture,identityserver3
Brock Allen released the new beta version of IdentityManager last week. There are quite some changes in the security model, so the configuration also changed. He even took some videos (Setting up ASP.NET Identity and Security and IdentityManager) on how to configure the new version properly. These well explain the...

thinktecture identity server 3 authentication works correctly in iis express, but keeps on throwing 401 unatuhorized when hosted in iis

thinktecture-ident-server,thinktecture
Ok so i tried hosting the simplest oauth sample and the identity server both on iis, i have enable cors on the simplest oauth sample. So when i test the api using the javascript implicit client, on iis express it works flawlessly, it gets the token then when the token...

Thinktecture IdentityServer self-service user creation

thinktecture-ident-server
We currently have several web systems that are using the old Membership provider in silos. I am looking at implementing a new server for identity management and discovered IdentityServer. Is it possible for a user to self-create an identity out of the box? Otherwise, are there add-ons or code samples...

Thinktecture Identity Server v3 How to keep Claims from external providers?

c#,claims-based-identity,thinktecture-ident-server
I'm trying to follow the simple guide mvcGettingStarted. Now, I've implemented both GoogleAuthentication and FacebookAuthentication providers, and everything is working as expected, I actually can log-in, and if I sign in with my identity server I also got the Role claims per user. I was wondering, what if I want...

using Thinktecture.IdentityServer3 as a Federation Provider with transforming of claims

claims-based-identity,federated-identity,thinktecture-ident-server
Hello I have been trying to work out how I could configure IdentityServer3 to become a multi-tenant federation provider that can transform and enrich claims coming back from say ADSF, Google+, Microsoft Account. Does anyone have any example code of somebody trying to do the following? MyWebApp(multi-tenant) <-- IdSrv3 <----...

Custom UserService fails when behind loadbalancer

thinktecture-ident-server,thinktecture
We've got a Identityserver v3, with a custom UserService with 2-factor auth behind a load balancer. It works on my machine :-) but partialSigninAuthentication fails when deployed to a loadbalanced environment (I'm not sure if it's related to loadbalaning, I just assume that. We have a v2 also running on...

Thinktecture multiple website connect ( SSO )

asp.net-mvc,asp.net-identity,thinktecture-ident-server
I just started exploring Thinktecture becuase i have multiple websites and i want Single Sign On between them . So , i started working on this and i am following this tutorial Thinktecture tutorial Every thing works fine following this tutorial , when i added another application in my same...

Unable to get token from Thinktecture Authorization Server

oauth,oauth-2.0,thinktecture-ident-server,thinktecture-ident-model,thinktecture
I am unable to get an access token from Thinktecture Authorization Server. After successfully getting grant code, I try make a POST request to the token endpoint, but always get a 400 Bad Request with this response: message: "{ "error": "invalid_client" }" My request was: POST to https://host/authz/users/oauth/token request body:...

Identity Server v3 as Federation Gateway only

thinktecture-ident-server
Have configured SSO via SAML and WS-Federation in Production using ADFS. New customer is asking to integrate SSO via OpenID Connect (oidc) with Google+. Identity Server v3 (IdSrv3) supports oidc, so I put together a prototype and I am able to integrate SSO using Google+ as follows: MyWebApp <-- ws-fed...