2

Following @leastprivilege answer in my previous question, I concluded that neither are possible solutions:

  • The login service doesn't support REST authentication (thus, can't use IUserService.AuthenticateLocalAsync and just connect to it)
  • I don't need it to be an additional provider, I need it to substitute IS3 one, ie, instead of showing the local login + additional providers, I need the /login page to be the one from a different service.

Can this be customized or do I need to change IdentityService3 source? If so, what to I need to guarantee implementation wise in order for to achieve the authentication and not break the authorization?

UPDATE

Following this answer the solution might be creating a new provider and setting the automatic redirect somewhere using acr_values

Community
  • 1
  • 1
vvolkgang
  • 471
  • 8
  • 26
  • So how do you connect then to your login service from within the the katana module. Not sure I understand the REST comment. In general I would recommend using the github issue tracker instead. I don't monitor SO. – leastprivilege May 27 '15 at 20:09
  • @leastprivilege I haven't implemented the katana middleware, didn't find any proper documentation on the matter and thought it could be done in different ways (which all failed so, back to that now). – vvolkgang May 29 '15 at 15:32
  • @leastprivilege Regarding the REST part, instead of opening the external login page, I was going for a UserService with a local authentication, doing a call with the credentials to that page, just for POC purposes. – vvolkgang May 29 '15 at 15:33

1 Answers1

1

Solved it after some research. You'll need this three steps:

  • A Owin Authentication middleware that redirects to the page you want, providing the protected state (this will let you finish the authentication process later). You can follow [Anders Abel tutorial]
  • Custom user service that overrides the PreAuthentication method and sets the SignInMessage message.Idp with your middleware id. Code sample: check it here
  • After the successful authentication, your page should redirect to the middleware callback with the state parameter. With the mentioned dummy middleware, it's set as /signing-dummy
vvolkgang
  • 471
  • 8
  • 26