Add Client Id to LocalAuthenticationContext SignInMessage using WSFederation

[naveenkumarreddy]

I am using WsFederation with windows authentication, but I am not able to get the login requested client Id from the context in ExternalAuthenticationAsync method. but after login i am able to get the client details from the ProfileDataRequestContext.
It would be very helpful if we get at least Client Id in LocalAuthenticationContext and ExtrernalAuthenticationContext so that we can easily come to know who is requesting the login.

[leastprivilege]

This is a bit tricky - since in wsfed it is not a client, but a relying party.

Would the realm name be enough for you?

[brockallen]

Maybe we need "extra stuff" on the SignInMessage, or perhaps some param on acr_values that indicates this info?

[naveenkumarreddy]

Thank you so much for replay, currently I am able to get the client Id if I use javascript client.
But yes we need enhancement if we use MVC and configured relay party. for example we have 2 applications like app1 and app2 here if user open app1 hence redirect to our secure access login page, once user login we need that relay part information to do some extract like get AD users accordingly.
I am very new to Identity Server, so please let me if I am wrong some where :)

[brockallen]

For those RPs, since they're using WS-Fed (and not OIDC), there's no Client configuration and that's why there's no client id passed. So yes, we recognize that it would be nice to pass something along to the user service so you know which RP it is.

[naveenkumarreddy]

Exactly 👍

[trajinikanth]

I have configured to use Identity Server as a WS-Federation Identity Provider, with the sample code I am able to hit the login page , after login I am hitting public override async Task AuthenticateLocalAsync(LocalAuthenticationContext context) where client id is empty in signin message.
How to get my relaying party here? Any suggestions?