Identity Server v2 Multiple Origin Login

Question

I'm running thinktecture IdentityServer v2 with one Relying Party in my development environment (Windows 7 Professional Visual Studio 2012).

My relying party (www.myprotectedcustomersite.com) is an ASP.Net Framework 4 web site using WIF Federation.

This works fine. When I attempt to access www.myprotectedcustomersite.com I am redirected to IdentityServer login and when I am authenticated I am redirected back to www.myprotectedcustomersite.com.

My problem is, I have another site (www.mycompanyfrontdoorsite.com) where users need to be able to login (on the home page) and authenticate then redirect to www.myprotectedcustomersite.com via IdentityServer. Most of my users enter www.myprotectedcustomersite.com this way.

I'm not sure how I would configure this. I have done some research and have not been able to find a solution to this problem.

I'm trying to accomplish this without making any significant changes to IdentityServer.

I hope someone can help.

Answer 1

Sounds like each of those needs to be a separate RP configured in your STS. Then if/when RP1 wants to send the user to RP2, it can do the redirect. Once they land on RP2, it will trigger authentication to the STS and they will still be logged in which will issue the token to RP2. Recall one goal of federation is SSO. I don't see why IdentityServer needs to be involved with the redirect at all.