oauth-2.0single-sign-onidentityserver3thinktecture

Do you have to use IdentityServer 3's login views


I'm architecting a SSO service to support multiple internal and client facing applications. I'm reviewing ThinkTecture's IdentityServer 3 approach using OpenId Connect and oAUTH2. I think this is the direction we need to go. However, I'm hung up on the examples I'm seeing where the user is presented a login form served from IdentityServer. Since I need to develop a SSO service where multiple apps partake, I'd prefer for the individual apps to manage their own login pages. For example, application A may require Forms Authentication, Facebook, and Google +. Application B may require only Forms Authentication. Each app needs to bump against the IdentityServer to return a token. However, I want the individual apps to manage displaying the login options within their domain.

How do you customize IdentityServer to use client login instead?


Solution

  • This is all done by configuring the clients. Every client has a EnableLocalLogin option which control forms based authentication. Also every client an IdentityProviderRestrictions list that controls which external IdPs are available.

    check the docs: https://identityserver.github.io/Documentation/docsv2/configuration/clients.html