I'm architecting a SSO service to support multiple internal and client facing applications. I'm reviewing ThinkTecture's IdentityServer 3 approach using OpenId Connect and oAUTH2. I think this is the direction we need to go. However, I'm hung up on the examples I'm seeing where the user is presented a login form served from IdentityServer. Since I need to develop a SSO service where multiple apps partake, I'd prefer for the individual apps to manage their own login pages. For example, application A may require Forms Authentication, Facebook, and Google +. Application B may require only Forms Authentication. Each app needs to bump against the IdentityServer to return a token. However, I want the individual apps to manage displaying the login options within their domain.
How do you customize IdentityServer to use client login instead?
This is all done by configuring the clients. Every client has a EnableLocalLogin
option which control forms based authentication. Also every client an IdentityProviderRestrictions
list that controls which external IdPs are available.
check the docs: https://identityserver.github.io/Documentation/docsv2/configuration/clients.html