IdentityServer3.WsFederation icon indicating copy to clipboard operation
IdentityServer3.WsFederation copied to clipboard
verified publisher icon IdentityServer

Restrict identity providers

Open AnyKev opened this issue 9 years ago • 5 comments

I've been looking at setting up an identity server as a ws-federation identity provider. It is already configured to use local identities, twitter and google.

An issue i've been having is restricting which providers can be used by an application. When setting up relying parties, what i've been looking for is something similar to the IdentityProviderRestrictions property on the Client configuration for openid applications.

Is this hiding somewhere else that i havent found? or something that hasnt been implemented. Or maybe i'm just going about it the wrong way

AnyKev avatar Sep 01 '16 12:09 AnyKev

In the WS-Fed plugin you can use a specific identity providers for a sign in request by using the whr parameter (see endpoints). There is currently no way of setting allowed identity providers for a relying party other than this.

scottbrady91 avatar Sep 01 '16 13:09 scottbrady91

Thanks scott.

Would it be difficult to add from the relying party? i'm willing to do a PR if it's not going to take too much time.

AnyKev avatar Sep 01 '16 13:09 AnyKev

Yeah, as you said the logic exists for oidc clients, so I imagine there would be some reusable code. PR would be excellent.

scottbrady91 avatar Sep 01 '16 17:09 scottbrady91

Did this go anywhere? This is exactly what I am looking for.

chrisnott avatar May 30 '17 20:05 chrisnott

This is also my requirement for one of the applications I am working on. Any Updates on this?

suhasrs avatar Sep 22 '17 03:09 suhasrs