Dynamically load SAML2 IDP using Sustainsys-Saml2 and Core

What is the best way to dynamically load SAML2 IDP after core web application has started?

So far I am able to dynamically add SAML2 IDP during runtime using following code:

//DI in Constructor 
public ClassName(IAuthenticationSchemeProvider schemeProvider,
    IOptionsMonitorCache<Saml2Options> optionsCache)
    _schemeProvider = schemeProvider;
    _optionsCache = optionsCache;

public async Task LoadIDP()
    _schemeProvider.AddScheme(new AuthenticationScheme(schemeName, schemeName,typeof(Saml2Handler)));

    _optionsCache.TryAdd(schemeName, new Saml2Options(){...});

This works but I am still struggling with dynamically loading when there are multiple instances of the App are running in a load-balancing environment.

Is it possible to query database to load config every time someone is trying to login using SAML2?


  • Yes, use the GetIdentityProvider and SelectIdentityProvider notifications. Implementing them you can completely bypass the in memory collection. Note that it is a good idea to cache IdentityProvider objects, especially if you let them load Metadata or you will end up reloading Idp metadata on every request.