Configuring Identity Provider
Each Identity Provider must also be configured with the Sentinet Developer Portal in its web configuration file, web.config. The authentication element under nevatech.vsb.devportal configuration section contains the identityProviders collection:
...
<nevatech.vsb.devportal>
<!--
The "authentication" element configures Sentinet Developer authentication:
- "cookieTimeout" attribute specifies the amount of time in minutes after which the authentication
cookie expires. the default value is 20 min.
- "baseRedirectUri" attribute specifies the alternative Sentinet Developer Portal base URI if
running behind a load-balancer or URL rewrite is in play.
-->
<authentication cookieTimeout="20" baseRedirectUri="">
<!--
The "identityProviders" element configures external identity providers (IDPs) to enable users to
sign in with WS-Federation or OpenID Connect authentication providers. You will need to register
the Sentinet Developer Portal client application with each provider.
Below are documentation links for some of the common identity providers. If your IDP is not
on this list, consult the provider's documentation.
- Active Directory Federation Services (ADFS) and Azure AD (AAD):
https://docs.microsoft.com/en-us/aspnet/core/security/authentication/ws-federation?view=aspnetcore-5.0
- Google:
https://docs.microsoft.com/en-us/aspnet/core/security/authentication/social/google-logins?view=aspnetcore-5.0
- Microsoft:
https://docs.microsoft.com/en-us/aspnet/core/security/authentication/social/microsoft-logins?view=aspnetcore-5.0
- Okta:
https://developer.okta.com/docs/guides/sign-into-web-app/aspnet/create-okta-application/
-->
<identityProviders>
...
</identityProviders>
</nevatech.vsb.devportal>
...
Note
Developer Portal’s web.config file is shipped with few commented sample template configurations for some popular Identity Providers.
| Attribute name | Description |
|---|---|
| name | The required provider name, must be unique within collection. |
| kind | The required provider kind. Supported values are WsFed (WS-Federation) or Oidc (OpenID Connect). |
| description | The optional provider description. |
| authority | The required authority URL. For WS-Federation providers this is the link to the federation metadata document. |
| clientId | The required client id. For WS-Federation providers this is wtrealm value. |
| clientSecret | The optional client secret (OpenID Connect providers only). |
| nameClaimType | The optional claim type that will be used to authenticate users. The default value is "sub" for OpenID Connect providers and http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier for WS-Federation providers. |
| authorizationClaimType | The optional authorization claim type. If specified, only users possessing this claim type will be allowed to sign in. |
| authorizationClaimValue | The optional authorization claim value. If specified, only users possessing authorization claim type with this specific value will be allowed to sign in. |
| scope | The optional scope (OpenID Connect providers only). The default value is openid profile email. |
| cssClass | The optional CSS class, which is used to display the provider's logo. To add new logo or change the logo of exiting sample provider, edit the appropriate class in the C:\Program Files\Nevatech\Sentinet\DevPortal\css\style.css file. |