Using Ocelot for Custom Authentication using saml2

[saurabh-singh-39]

I am trying to use ocelot to configure a custom authentication. So, whenever a user tries to access a route configured as authenticated in ocelot, I want ocelot to invoke the saml2 authentication scheme which is registered as a "forward challenge" which takes user to my custom login page. From there user can login and if it is successful, it comes back to the home page. Strangely, Ocelot looks for authentication in this case but does not fire saml2 authentication.

As a solution, I tried to override the authentication middleware of ocelot through middleware injection as provided in this documentation - https://ocelot.readthedocs.io/en/latest/features/middlewareinjection.html.

But, when I am trying to run the app after this override, I am getting an "Object Null Reference Exception" . I looked for various documentations and tutorials but there are no examples for how to override the authentication middleware. Following is my code for overriding

_ = app.UseWhen(context => !IsNotGatewayRequest(context), appBuilder =>
{

    _ = appBuilder.UseAuthentication();
    //appBuilder.UseAuthorization();
    //use Ocelot
    var ocelotConfiguration = new OcelotPipelineConfiguration
    {
        PreErrorResponderMiddleware = async (context, next) =>
        {
            await next.Invoke();
        },
        PreAuthenticationMiddleware = async (context, next) =>
        {
            await next.Invoke();
        },
        AuthenticationMiddleware = async (httpContext, _next) =>
        {
            if (!httpContext.User.Identity.IsAuthenticated && !IsNotGatewayRequest(httpContext))
            {
                httpContext.Items.SetError(new UnauthenticatedError("Authenticated User"));
                await httpContext.ChallengeAsync();
                return;
            }
            await _next.Invoke();
        },
        PreAuthorizationMiddleware = async (context, next) =>
        {
            await next.Invoke();
        },
        AuthorizationMiddleware = async (context, next) =>
        {
            await next.Invoke();
        },
        PreQueryStringBuilderMiddleware = async (context, next) => 
        { 
            await next.Invoke(); 
        }
    };
    app.UseOcelot(ocelotConfiguration);
    appBuilder.UseOcelot().Wait();
});

[raman-m]

Hello, @saurabh-singh-39 !

I looked for various documentations and tutorials but there are no examples for how to override the authentication middleware.

Sure thing! Because we don't recommend to override AuthenticationMiddleware ❗
Why do you want to override ASP.NET native middleware? What's the goal?

---

So, whenever a user tries to access a route configured as authenticated in ocelot, I want ocelot to invoke the saml2 authentication scheme which is registered as a "forward challenge" which takes user to my custom login page.

Great! Why do you override AuthenticationMiddleware in this case?
I guess you have to register custom authentication scheme by native Auth provider classes.
See more and read carefully: Authentication ❗
You will be able to register single and multiple schemes of your providers.

---

Strangely, Ocelot looks for authentication in this case but does not fire saml2 authentication.

Are you student?
What library, NuGet package of SAML2 do you use? A link?