Restrict identity providers

[AnyKev]

I've been looking at setting up an identity server as a ws-federation identity provider. It is already configured to use local identities, twitter and google.

An issue i've been having is restricting which providers can be used by an application.
When setting up relying parties, what i've been looking for is something similar to the IdentityProviderRestrictions property on the Client configuration for openid applications.

Is this hiding somewhere else that i havent found? or something that hasnt been implemented.
Or maybe i'm just going about it the wrong way

[scottbrady91]

In the WS-Fed plugin you can use a specific identity providers for a sign in request by using the whr parameter (see endpoints). There is currently no way of setting allowed identity providers for a relying party other than this.

[AnyKev]

Thanks scott.

Would it be difficult to add from the relying party? i'm willing to do a PR if it's not going to take too much time.

[scottbrady91]

Yeah, as you said the logic exists for oidc clients, so I imagine there would be some reusable code. PR would be excellent.

[chrisnott]

Did this go anywhere? This is exactly what I am looking for.

[suhasrs]

This is also my requirement for one of the applications I am working on. Any Updates on this?