Orchard Core Single Sign On (SSO) for all tenants

[petedavis]

Looking into possible SSO configuration for OC where by the default tenant would be the SSO identity provider for all tenants.

My vision of this feature would be something like xero.com or getharvest.com where a single login gets you into tenants/subscriptions that you have been added to. The login provider is also able to list the tenants the account has access to and can link to the tenant url.

Currently the login URL is hard coded to the account controller in the OrchardCore.Users module. However enabling SSO would need to redirect to login via OIDC to the SSO provider for login and registration (default tenant).

I would also think that the SSO provider implementation would need to know what tenants the user has permissions to access (claims??).

I like how we can easily let people create tenants in Orchard Core, but I feel like this is a missing part to simplify that feature and not have multiple individual usernames and passwords in each tenant.