I'm starting a new project and using IS4 for authentication. The application will have a single client and API, that that is distributed across multiple regions. The user will have a region assigned to their profile, so that they can be redirected to their regional URL(probably defined by subdomain) after they login, how can this be achieved?
e.g. User navigates to https://example.com and is requested to login. In the login process the user has a region defined e.g. United-Kingdom. The user is authenticated and now I need to redirect them to their Client that will be hosted on https://uk.example.com
According to the OIdC spec, Identity provider has to redirect user after interactive sign in to the valid URL, provided with the authorization request. However I see at least two options to solve the requirements without any changes on Identity side.
Both require some job on the master site, http://example.com
You can tweak the OnTicketReceived handling so that it redirects to a local site, based on some claim instead of the path originally requested by the user.
That could look like:
services.AddAuthentication().AddOpenIdConnect(options =>
{
options.Events = new OpenIdConnectEvents
{
OnTicketReceived = ctx =>
{
var identity = context.Principal.Identity as ClaimsIdentity;
var locale = identity?.Claims.
FirstOrDefault(x => x.Type == JwtClaimTypes.Locale)?.Value??"en-GB";
switch (locale)
{
case "ru-RU":
ctx.ReturnUri = "http://ru.example.com";
//or just example.ru, doesn't matter
break;
default:
ctx.ReturnUri = "http://uk.example.com";
break;
}
return Task.CompletedTask;
}
}
}
And here we face two alternatives: