Thinktecture Identity Server HRD for two Client APP and different Return URL

Question

I have followed this article Using IdSrv2 as IP-STS with membership store and can work fine on my first client App with returnurl: abc.com/a.aspx in one of the Relying Parties & Resources.

For my scenario I just want to create a Identity Provider I created. this is because I don't want to show all of the Idendity providers that I created in the HRD page just want to show my IDP and the other idnetity services from social network(facebook, google+, etc.) .

but I met it always return to the abc.com/a.aspx when I login to my second client app.is there any solution to solve my problem ?

Answer 1

I have created the setup that I believe you are trying to achieve. So I have Portal1 and Portal2. Both portals are set to authenticate users agains idsrv2 (thinktecture identityserver) and are set to use HRD. Idsrv2 is set to delegate authentication of users through HRD to idsrv (thinktecture identityserver).

The configuration of Portal1 web.config (only the important part) is

<system.identityModel>
        <identityConfiguration>
          <audienceUris>
            <add value="https://localhost/Portal1/" />
          </audienceUris>
          <issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry">
            <authority name="http://idsrv2">
              <keys>
                <add thumbprint="BCD339ECD62BC50DEDA3B54D2236D12AE1217687" />
              </keys>
              <validIssuers>
                <add name="http://idsrv2" />
              </validIssuers>
            </authority>
          </issuerNameRegistry>
          <!--certificationValidationMode set to "None" by the the Identity and Access Tool for Visual Studio. For development purposes.-->
          <certificateValidation certificateValidationMode="None" />
        </identityConfiguration>
    </system.identityModel>
    <system.identityModel.services>
        <federationConfiguration>
          <cookieHandler requireSsl="false" />
          <wsFederation passiveRedirectEnabled="true" issuer="https://localhost/idsrv2/issue/hrd" realm="https://localhost/Portal1/" requireHttps="false" />
        </federationConfiguration>
    </system.identityModel.services>

And configuration of Portal2 (also important parts only) is:

<system.identityModel>
    <identityConfiguration>
        <audienceUris>
            <add value="https://localhost/Portal2/" />
        </audienceUris>
        <issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry">
            <authority name="http://idsrv2">
                <keys>
                    <add thumbprint="BCD339ECD62BC50DEDA3B54D2236D12AE1217687" />
                </keys>
                <validIssuers>
                    <add name="http://idsrv2" />
                </validIssuers>
            </authority>
        </issuerNameRegistry>
        <!--certificationValidationMode set to "None" by the the Identity and Access Tool for Visual Studio. For development purposes.-->
        <certificateValidation certificateValidationMode="None" />
    </identityConfiguration>
</system.identityModel>
<system.identityModel.services>
    <federationConfiguration>
        <cookieHandler requireSsl="false" />
        <wsFederation passiveRedirectEnabled="true" issuer="https://localhost/idsrv2/issue/hrd" realm="https://localhost/Portal2/" requireHttps="false" />
    </federationConfiguration>
</system.identityModel.services>

Now, configuration of idsrv (the parts I believe are important):

And finally the configuration of idsrv2:

And last the network flow when authenticating on Portal1