We have an application that allows users to import data from a variety of third-party applications such as Facebook or Google. We are using the Azure ACS for our authentication, and everything works fine as long as the user logs in with the Identity
provider for the third-party they want to import data from because we are able to extract data from their claims to authenticate the service calls (example: they login with the Google provider to import contacts from Gmail). The problem is when someone
initially logs in with a different provider than the one they want to import data for (example: someone logs in with the Google provider but wants to import photos from Facebook). I have written a script which redirects them to the ACS url for
the appropriate provider (so the Google user would be redirected to a Facebook login page for ACS) and the WS Federation response gets posted back to the standard redirect page, however the user's identity is still set the original Identity provider they logged
My main question is how do I invalidate the previous identity and get the server to recognize that user as being authenticated with the new identity provider instead?
What's the architecture? Is it web or rich client app?
let me echo bact at you to test my understanding:
1. you have an app - seems to my a rich client app.
2. you manage users using ACS
3. the rich app can make a call to gmail services or fb service API.
4. When signing with one IdP it fails to make a call to another as it keeps previously acquired token?
If that's correct and that's rich client app - you should maintain the tokens from different providers at the app level and use them with appropriate services from the relevant IdP. Example, FB can be accessed with access toke avail in the ACS token after