We're implementing our own SSO provider using IdentityServer3. We're almost done except that we have the requirement where when the user logs in for the first time they will have to change their username, password and supply other information. The problem lies with the change of the username: it needs to also change the subject id so when the partial login finishes the client also receives the new username, not the old one.
So what we need is a way, in the partial login, to change the
var ctx = Request.GetOwinContext();
var authentication = await ctx.Authentication.AuthenticateAsync(Constants.PartialSignInAuthenticationType);
authentication.Identity.AddClaim(new Claim("sub", model.NewUsername));
I've just discovered while looking in the
IdentityServer3.Core.Extensions.OwinEnvironmentExtensions class, the same extensions class that hosts the
GetIdentityServerPartialLoginAsync() method that there is a method named
UpdatePartialLoginClaimsAsync(). This method accepts an enumerable of claims so I gave it my new
sub claim, but this caused some unknown error (I'm not sure why), but when I gave it all the previous claims with the
sub claim replaced everything worked as I wanted too.
var partialLogin = await OwinContext.Environment.GetIdentityServerPartialLoginAsync(); partialLogin.RemoveClaim(identityResult.Identity.FindFirst("sub")); partialLogin.AddClaim(new Claim("sub", model.NewUsername)); await OwinContext.Environment.UpdatePartialLoginClaimsAsync(partialLogin.Claims);
The code above proved to be my solution.