How to implement multiple identity provider in MVC 5 RRS feed

  • Question

  • I am developing one application in which there are multiple tenant and each tenant have their own identity provider configuration means one have azure AD and another have okta. 
    I have implemented two step login means first user will enter and username/email address through which we will identify tenant and its identity provider If user has identity provider setting we will redirect to authentication endpoint of provider else allow user to do local login.

    I have tried to implement above scenario using OpenId Connect. Used  OnRedirectToIdentityProvider to override OpenIdConnectAuthenticationOptions to redirect to authentication end point as per tenant

    app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
        ClientId = clientId,
        Authority = authority,
        RedirectUri = redirectUri,
        PostLogoutRedirectUri = PostLogoutUri,
        Scope = OpenIdConnectScope.OpenIdProfile,
        ResponseType = OpenIdConnectResponseType.IdToken,
        TokenValidationParameters = new TokenValidationParameters()
            ValidateIssuer = false
        Notifications = new OpenIdConnectAuthenticationNotifications
            AuthenticationFailed = OnAuthenticationFailed,
            RedirectToIdentityProvider = OnRedirectToIdentityProvider,
            SecurityTokenValidated = (context) =>
                return Task.FromResult(0);
        RequireHttpsMetadata = false

    private static Task OnRedirectToIdentityProvider(RedirectToIdentityProviderNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> notification)
        notification.ProtocolMessage.ClientId = "XXXXXXXXXXX";
        notification.ProtocolMessage.IssuerAddress = "https://XXX- XXXXX.XXX.com/oauth2/default/v1/authorize";
        notification.ProtocolMessage.RedirectUri = "http://localhost:XXXX/Home/Callback";
         notification.ProtocolMessage.PostLogoutRedirectUri = "http://localhost:XXXX/";
         notification.ProtocolMessage.Scope = OpenIdConnectScope.OpenIdProfile;
         notification.ProtocolMessage.ResponseType = OpenIdConnectResponseType.Code;

    Using above code I am able to redirect to authentication endpoint using overridden settings but **SecurityTokenValidated** method not getting fired or I am not getting authentication token.

    can any one please guide me whether my approach is correct or any other approach to achieve this?
    • Moved by CoolDadTx Monday, May 13, 2019 1:40 PM ASP.NET related
    • Edited by Pramod Adhude Monday, May 13, 2019 2:01 PM
    Monday, May 13, 2019 11:34 AM

All replies

  • Please post questions related to MVC in the ASP.NET forums.

    Michael Taylor http://www.michaeltaylorp3.net

    • Proposed as answer by Just Karl Tuesday, May 14, 2019 2:06 PM
    Monday, May 13, 2019 1:40 PM