What is the best way to dynamically load SAML2 IDP after ASP.net core web application has started?
So far I am able to dynamically add SAML2 IDP during runtime using following code:
//DI in Constructor
public ClassName(IAuthenticationSchemeProvider schemeProvider,
IOptionsMonitorCache<Saml2Options> optionsCache)
{
_schemeProvider = schemeProvider;
_optionsCache = optionsCache;
}
public async Task LoadIDP()
{
...
_schemeProvider.AddScheme(new AuthenticationScheme(schemeName, schemeName,typeof(Saml2Handler)));
_optionsCache.TryAdd(schemeName, new Saml2Options(){...});
}
This works but I am still struggling with dynamically loading when there are multiple instances of the App are running in a load-balancing environment.
Is it possible to query database to load config every time someone is trying to login using SAML2?
Yes, use the GetIdentityProvider and SelectIdentityProvider notifications. Implementing them you can completely bypass the in memory collection. Note that it is a good idea to cache IdentityProvider objects, especially if you let them load Metadata or you will end up reloading Idp metadata on every request.