claims-based-identity federated-identity thinktecture-ident-server

using Thinktecture.IdentityServer3 as a Federation Provider with transforming of claims

Hello I have been trying to work out how I could configure IdentityServer3 to become a multi-tenant federation provider that can transform and enrich claims coming back from say ADSF, Google+, Microsoft Account.

Does anyone have any example code of somebody trying to do the following?

MyWebApp(multi-tenant) <-- IdSrv3 <---- ADFS
                            ^
                            |<------- Google+
                            |<------- Microsoft Account
                            |<------- Facebook Account

Solution

You need to implement the IUserService - epeciall the AuthenticateExternalAsync method. There you receive the external claims and programmatically transform them.

https://identityserver.github.io/Documentation/docs/advanced/userService.html

How to manage user claims?
Is there a way to add roles to ID or Access Token as an optional claim in Entra ID / Azure Active Directory
Accessing Claims Principal in the Service layer in the API of a Net core 6 App
.Net 8: Cannot authenticate user with "Individual Accounts Auth" template
How can I handle Azure App Roles with lower environments (Dev, UAT, etc)?
MVC 5 OWIN login with claims and AntiforgeryToken. Do I miss a ClaimsIdentity provider?
What's the role of the ClaimsPrincipal, why does it have multiple Identities?
ASP.Net Core WSFederationAuth Login with Cookie - Site can't be reached
How do I get an OID claim in ASPCore from Azure B2C
ASP.NET Core MVC _userManager.FindByEmailAsync(Input.Email) returns null despite existing user with the same email
How to use Windows Active Directory Authentication and Identity Based Claims?
Setting Thread.CurrentPrincipal with async/await
How to apply Microsoft Identity Platform authentication on a .NET framework 4.7 ASP.NET Web API endpoint
New Identity Claims Disappear
AspNet Identity Core - Custom Claims on Login
AuthorizationContext.Principal is changing from ClaimsPrincipal to GenericPrincipal automatically
Asp.Net Identity - Setting CookieDomain at runtime
Whats the difference between fetching values from ClaimsPrincipal vs UserManager and which is faster?
IdentityServer - how to get grant_type from within a Protected API?
How do I remove an existing claim from a ClaimsPrincipal?
Using custom RoleClaimType on OAuthBearer middleware
When claims are available
How to define role Identity resource in appsettings.json in Asp.net core
Identity: Propagating claims to downstream services
ASP.NET Core Identity impersonate specific user
.net custom claims identity authentication: User role is always null
How to get the current authenticated user from the controller endpoint in ASP.NET Core?
Update claims for an loggedon User?
Can a OIDC JWT identity claim (such as phonenumber or email) be multiple?
Blazor WebAssembly - How to create Policy-Based Authorization