 |
VOOZH | about |
|
VOOZH | about |
dotnet add package Aguacongas.IdentityServer.WsFederation.IS4 --version 6.3.0
NuGet\Install-Package Aguacongas.IdentityServer.WsFederation.IS4 -Version 6.3.0
<PackageReference Include="Aguacongas.IdentityServer.WsFederation.IS4" Version="6.3.0" />
<PackageVersion Include="Aguacongas.IdentityServer.WsFederation.IS4" Version="6.3.0" />Directory.Packages.props
<PackageReference Include="Aguacongas.IdentityServer.WsFederation.IS4" />Project file
paket add Aguacongas.IdentityServer.WsFederation.IS4 --version 6.3.0
#r "nuget: Aguacongas.IdentityServer.WsFederation.IS4, 6.3.0"
#:package Aguacongas.IdentityServer.WsFederation.IS4@6.3.0
#addin nuget:?package=Aguacongas.IdentityServer.WsFederation.IS4&version=6.3.0Install as a Cake Addin
#tool nuget:?package=Aguacongas.IdentityServer.WsFederation.IS4&version=6.3.0Install as a Cake Tool
Add a WS-Federation controller to your Duende IdentityServer.
services.AddIdentityServer()
.AddKeysRotation(options => configuration.GetSection(nameof(KeyRotationOptions))?.Bind(options));
services.AddControllersWithViews()
.AddIdentityServerWsFederation();
WS-Fedration depends on a
ISigningCredentialStore. You can register it usingAddSigningCredentialwith aX509Certificate2in place ofAddKeysRotationif you prefer.
wsfederation/metadata returns the WS-Federation metadata document.
You can add a client to you configuration with wsfed as protocol type:
new Client
{
ClientId = "urn:aspnetcorerp",
ProtocolType = ProtocolTypes.WsFederation,
RedirectUris = { "http://localhost:10314/" },
FrontChannelLogoutUri = "http://localhost:10314/account/signoutcleanup",
IdentityTokenLifetime = 36000,
AllowedScopes = { "openid", "profile" }
}
And configure the client to use WS-Federation authentication:
services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = WsFederationDefaults.AuthenticationScheme;
})
.AddCookie(options =>
{
options.Cookie.Name = "aspnetcorewsfed";
})
.AddWsFederation(options =>
{
options.MetadataAddress = "https://localhost:5443/wsfederation/metadata";
options.RequireHttpsMetadata = false;
options.Wtrealm = "urn:aspnetcorerp";
options.SignOutWreply = "https://localhost:10315";
options.SkipUnrecognizedRequests = true;
});
AddIdentityServerWsFederation extension accept a IConfiguration or a WsFederationOptions parameter to configure the metadata document génération with claims lists.
mvcBuilder.AddIdentityServerWsFederation(configurationManager.GetSection(nameof(WsFederationOptions)));
"WsFederationOptions": {
"ClaimTypesOffered": [
{
"Uri": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name",
"DisplayName": "Name",
"Description": "The unique name of the user"
},
{
"Uri": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier",
"DisplayName": "Name ID",
"Description": "The SAML name identifier of the user"
},
{
"Uri": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
"DisplayName": "E-Mail Address",
"Description": "The e-mail address of the user"
},
{
"Uri": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname",
"DisplayName": "Given Name",
"Description": "The given name of the user"
},
{
"Uri": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname",
"DisplayName": "Given Name",
"Description": "The given name of the user"
},
{
"Uri": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname",
"DisplayName": "Surname",
"Description": "The surname of the user"
},
{
"Uri": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirth",
"DisplayName": "Birth date",
"Description": "The birth date of the user"
},
{
"Uri": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/webpage",
"DisplayName": "Web page",
"Description": "The wep page of the user"
}
]
}
This add the ClaimTypesOffered collection to the metadata document:
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://localhost:5443">
<md:RoleDescriptor xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:fed="http://docs.oasis-open.org/wsfed/federation/200706" xsi:type="fed:SecurityTokenServiceType" protocolSupportEnumeration="http://docs.oasis-open.org/wsfed/federation/200706">
<md:KeyDescriptor use="signing">
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
...
</KeyInfo>
</md:KeyDescriptor>
<fed:ClaimTypesOffered>
<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" Optional="true">
<auth:DisplayName>Name</auth:DisplayName>
<auth:Description>The unique name of the user</auth:Description>
</auth:ClaimType>
<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" Optional="true">
<auth:DisplayName>Name ID</auth:DisplayName>
<auth:Description>The SAML name identifier of the user</auth:Description>
</auth:ClaimType>
<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" Optional="true">
<auth:DisplayName>E-Mail Address</auth:DisplayName>
<auth:Description>The e-mail address of the user</auth:Description>
</auth:ClaimType>
<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" Optional="true">
<auth:DisplayName>Given Name</auth:DisplayName>
<auth:Description>The given name of the user</auth:Description>
</auth:ClaimType>
<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" Optional="true">
<auth:DisplayName>Given Name</auth:DisplayName>
<auth:Description>The given name of the user</auth:Description>
</auth:ClaimType>
<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" Optional="true">
<auth:DisplayName>Surname</auth:DisplayName>
<auth:Description>The surname of the user</auth:Description>
</auth:ClaimType>
<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirth" Optional="true">
<auth:DisplayName>Birth date</auth:DisplayName>
<auth:Description>The birth date of the user</auth:Description>
</auth:ClaimType>
<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/webpage" Optional="true">
<auth:DisplayName>Web page</auth:DisplayName>
<auth:Description>The wep page of the user</auth:Description>
</auth:ClaimType>
</fed:ClaimTypesOffered>
<fed:PassiveRequestorEndpoint>
<wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing">
<wsa:Address>https://localhost:5443/WsFederation</wsa:Address>
</wsa:EndpointReference>
</fed:PassiveRequestorEndpoint>
</md:RoleDescriptor>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
...
</Signature>
</md:EntityDescriptor>
You can also manage the ClaimTypesRequested and the TokenTypesOffered collections.
You can implement your if needed.
To access data the use a . You can implement this interface and provide your implementation to the DI to ovveride the default implementation.
/// <summary>
/// Custom IRelyingPartyStore implementation
/// </summary>
/// <seealso cref="IRelyingPartyStore" />
public class MyRelyingPartyStore : IRelyingPartyStore
{
private readonly IAdminStore<Entity.Client> _clientStore;
private readonly IAdminStore<Entity.RelyingParty> _relyingPartyStore;
/// <summary>
/// Initializes a new instance of the <see cref="RelyingPartyStore" /> class.
/// </summary>
/// <param name="clientStore">The client store.</param>
/// <param name="relyingPartyStore">The relying party store.</param>
/// <exception cref="ArgumentNullException">adminStore</exception>
public MyRelyingPartyStore(IAdminStore<Entity.Client> clientStore, IAdminStore<Entity.RelyingParty> relyingPartyStore)
{
_clientStore = clientStore ?? throw new ArgumentNullException(nameof(clientStore));
_relyingPartyStore = relyingPartyStore ?? throw new ArgumentNullException(nameof(relyingPartyStore));
}
/// <summary>
/// Finds the relying party by realm.
/// </summary>
/// <param name="realm">The realm.</param>
/// <returns></returns>
public async Task<RelyingParty> FindRelyingPartyByRealm(string realm)
{
var client = await _clientStore.GetAsync(realm, null).ConfigureAwait(false);
var relyingPartyId = client.RelyingPartyId;
var entity = await _relyingPartyStore.GetAsync(relyingPartyId, new GetRequest
{
Expand = nameof(Entity.RelyingParty.ClaimMappings)
}).ConfigureAwait(false);
if (entity == null)
{
return null;
}
return new RelyingParty
{
ClaimMapping = entity.ClaimMappings.ToDictionary(m => m.FromClaimType, m => m.ToClaimType),
DigestAlgorithm = entity.DigestAlgorithm,
EncryptionCertificate = entity.EncryptionCertificate != null ? new X509Certificate2(entity.EncryptionCertificate) : null,
Realm = entity.Id,
SamlNameIdentifierFormat = entity.SamlNameIdentifierFormat,
SignatureAlgorithm = entity.SignatureAlgorithm,
TokenType = entity.TokenType
};
}
}
The DI configuration become:
services.AddIdentityServer()
.AddKeysRotation(options => configuration.GetSection(nameof(KeyRotationOptions))?.Bind(options));
services.AddControllersWithViews()
.AddIdentityServerWsFederation();
services.AddTransient<IRelyingPartyStore, MyRelyingPartyStore>();
| Product | Versions Compatible and additional computed target framework versions. |
|---|---|
| .NET | net6.0 net6.0 is compatible. net6.0-android net6.0-android was computed. net6.0-ios net6.0-ios was computed. net6.0-maccatalyst net6.0-maccatalyst was computed. net6.0-macos net6.0-macos was computed. net6.0-tvos net6.0-tvos was computed. net6.0-windows net6.0-windows was computed. net7.0 net7.0 was computed. net7.0-android net7.0-android was computed. net7.0-ios net7.0-ios was computed. net7.0-maccatalyst net7.0-maccatalyst was computed. net7.0-macos net7.0-macos was computed. net7.0-tvos net7.0-tvos was computed. net7.0-windows net7.0-windows was computed. net8.0 net8.0 was computed. net8.0-android net8.0-android was computed. net8.0-browser net8.0-browser was computed. net8.0-ios net8.0-ios was computed. net8.0-maccatalyst net8.0-maccatalyst was computed. net8.0-macos net8.0-macos was computed. net8.0-tvos net8.0-tvos was computed. net8.0-windows net8.0-windows was computed. net9.0 net9.0 was computed. net9.0-android net9.0-android was computed. net9.0-browser net9.0-browser was computed. net9.0-ios net9.0-ios was computed. net9.0-maccatalyst net9.0-maccatalyst was computed. net9.0-macos net9.0-macos was computed. net9.0-tvos net9.0-tvos was computed. net9.0-windows net9.0-windows was computed. net10.0 net10.0 was computed. net10.0-android net10.0-android was computed. net10.0-browser net10.0-browser was computed. net10.0-ios net10.0-ios was computed. net10.0-maccatalyst net10.0-maccatalyst was computed. net10.0-macos net10.0-macos was computed. net10.0-tvos net10.0-tvos was computed. net10.0-windows net10.0-windows was computed. |
This package is not used by any NuGet packages.
This package is not used by any popular GitHub repositories.