Aguacongas.IdentityServer.WsFederation.IS4
7.0.0-preview1-0250
dotnet add package Aguacongas.IdentityServer.WsFederation.IS4 --version 7.0.0-preview1-0250
NuGet\Install-Package Aguacongas.IdentityServer.WsFederation.IS4 -Version 7.0.0-preview1-0250
<PackageReference Include="Aguacongas.IdentityServer.WsFederation.IS4" Version="7.0.0-preview1-0250" />
paket add Aguacongas.IdentityServer.WsFederation.IS4 --version 7.0.0-preview1-0250
#r "nuget: Aguacongas.IdentityServer.WsFederation.IS4, 7.0.0-preview1-0250"
// Install Aguacongas.IdentityServer.WsFederation.IS4 as a Cake Addin #addin nuget:?package=Aguacongas.IdentityServer.WsFederation.IS4&version=7.0.0-preview1-0250&prerelease // Install Aguacongas.IdentityServer.WsFederation.IS4 as a Cake Tool #tool nuget:?package=Aguacongas.IdentityServer.WsFederation.IS4&version=7.0.0-preview1-0250&prerelease
Aguacongas.IdentityServer.WsFederation.Duende
Add a WS-Federation controller to your Duende IdentityServer.
Setup
services.AddIdentityServer()
.AddKeysRotation(options => configuration.GetSection(nameof(KeyRotationOptions))?.Bind(options));
services.AddControllersWithViews()
.AddIdentityServerWsFederation();
WS-Fedration depends on a
ISigningCredentialStore
. You can register it usingAddSigningCredential
with aX509Certificate2
in place ofAddKeysRotation
if you prefer.
Usage
wsfederation/metadata
returns the WS-Federation metadata document.
You can add a client to you configuration with wsfed as protocol type:
new Client
{
ClientId = "urn:aspnetcorerp",
ProtocolType = ProtocolTypes.WsFederation,
RedirectUris = { "http://localhost:10314/" },
FrontChannelLogoutUri = "http://localhost:10314/account/signoutcleanup",
IdentityTokenLifetime = 36000,
AllowedScopes = { "openid", "profile" }
}
And configure the client to use WS-Federation authentication:
services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = WsFederationDefaults.AuthenticationScheme;
})
.AddCookie(options =>
{
options.Cookie.Name = "aspnetcorewsfed";
})
.AddWsFederation(options =>
{
options.MetadataAddress = "https://localhost:5443/wsfederation/metadata";
options.RequireHttpsMetadata = false;
options.Wtrealm = "urn:aspnetcorerp";
options.SignOutWreply = "https://localhost:10315";
options.SkipUnrecognizedRequests = true;
});
Metadata configuration
AddIdentityServerWsFederation
extension accept a IConfiguration
or a WsFederationOptions
parameter to configure the metadata document génération with claims lists.
mvcBuilder.AddIdentityServerWsFederation(configurationManager.GetSection(nameof(WsFederationOptions)));
"WsFederationOptions": {
"ClaimTypesOffered": [
{
"Uri": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name",
"DisplayName": "Name",
"Description": "The unique name of the user"
},
{
"Uri": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier",
"DisplayName": "Name ID",
"Description": "The SAML name identifier of the user"
},
{
"Uri": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
"DisplayName": "E-Mail Address",
"Description": "The e-mail address of the user"
},
{
"Uri": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname",
"DisplayName": "Given Name",
"Description": "The given name of the user"
},
{
"Uri": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname",
"DisplayName": "Given Name",
"Description": "The given name of the user"
},
{
"Uri": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname",
"DisplayName": "Surname",
"Description": "The surname of the user"
},
{
"Uri": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirth",
"DisplayName": "Birth date",
"Description": "The birth date of the user"
},
{
"Uri": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/webpage",
"DisplayName": "Web page",
"Description": "The wep page of the user"
}
]
}
This add the ClaimTypesOffered collection to the metadata document:
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://localhost:5443">
<md:RoleDescriptor xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:fed="http://docs.oasis-open.org/wsfed/federation/200706" xsi:type="fed:SecurityTokenServiceType" protocolSupportEnumeration="http://docs.oasis-open.org/wsfed/federation/200706">
<md:KeyDescriptor use="signing">
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
...
</KeyInfo>
</md:KeyDescriptor>
<fed:ClaimTypesOffered>
<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" Optional="true">
<auth:DisplayName>Name</auth:DisplayName>
<auth:Description>The unique name of the user</auth:Description>
</auth:ClaimType>
<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" Optional="true">
<auth:DisplayName>Name ID</auth:DisplayName>
<auth:Description>The SAML name identifier of the user</auth:Description>
</auth:ClaimType>
<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" Optional="true">
<auth:DisplayName>E-Mail Address</auth:DisplayName>
<auth:Description>The e-mail address of the user</auth:Description>
</auth:ClaimType>
<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" Optional="true">
<auth:DisplayName>Given Name</auth:DisplayName>
<auth:Description>The given name of the user</auth:Description>
</auth:ClaimType>
<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" Optional="true">
<auth:DisplayName>Given Name</auth:DisplayName>
<auth:Description>The given name of the user</auth:Description>
</auth:ClaimType>
<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" Optional="true">
<auth:DisplayName>Surname</auth:DisplayName>
<auth:Description>The surname of the user</auth:Description>
</auth:ClaimType>
<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirth" Optional="true">
<auth:DisplayName>Birth date</auth:DisplayName>
<auth:Description>The birth date of the user</auth:Description>
</auth:ClaimType>
<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/webpage" Optional="true">
<auth:DisplayName>Web page</auth:DisplayName>
<auth:Description>The wep page of the user</auth:Description>
</auth:ClaimType>
</fed:ClaimTypesOffered>
<fed:PassiveRequestorEndpoint>
<wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing">
<wsa:Address>https://localhost:5443/WsFederation</wsa:Address>
</wsa:EndpointReference>
</fed:PassiveRequestorEndpoint>
</md:RoleDescriptor>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
...
</Signature>
</md:EntityDescriptor>
You can also manage the ClaimTypesRequested
and the TokenTypesOffered
collections.
You can implement your IMetatdataSerializer
if needed.
Implement your store
To access data the IWsFederationService
use a IRelyingPartyStore
. You can implement this interface and provide your implementation to the DI to ovveride the default IRelyingPartyStore
implementation.
/// <summary>
/// Custom IRelyingPartyStore implementation
/// </summary>
/// <seealso cref="IRelyingPartyStore" />
public class MyRelyingPartyStore : IRelyingPartyStore
{
private readonly IAdminStore<Entity.Client> _clientStore;
private readonly IAdminStore<Entity.RelyingParty> _relyingPartyStore;
/// <summary>
/// Initializes a new instance of the <see cref="RelyingPartyStore" /> class.
/// </summary>
/// <param name="clientStore">The client store.</param>
/// <param name="relyingPartyStore">The relying party store.</param>
/// <exception cref="ArgumentNullException">adminStore</exception>
public MyRelyingPartyStore(IAdminStore<Entity.Client> clientStore, IAdminStore<Entity.RelyingParty> relyingPartyStore)
{
_clientStore = clientStore ?? throw new ArgumentNullException(nameof(clientStore));
_relyingPartyStore = relyingPartyStore ?? throw new ArgumentNullException(nameof(relyingPartyStore));
}
/// <summary>
/// Finds the relying party by realm.
/// </summary>
/// <param name="realm">The realm.</param>
/// <returns></returns>
public async Task<RelyingParty> FindRelyingPartyByRealm(string realm)
{
var client = await _clientStore.GetAsync(realm, null).ConfigureAwait(false);
var relyingPartyId = client.RelyingPartyId;
var entity = await _relyingPartyStore.GetAsync(relyingPartyId, new GetRequest
{
Expand = nameof(Entity.RelyingParty.ClaimMappings)
}).ConfigureAwait(false);
if (entity == null)
{
return null;
}
return new RelyingParty
{
ClaimMapping = entity.ClaimMappings.ToDictionary(m => m.FromClaimType, m => m.ToClaimType),
DigestAlgorithm = entity.DigestAlgorithm,
EncryptionCertificate = entity.EncryptionCertificate != null ? new X509Certificate2(entity.EncryptionCertificate) : null,
Realm = entity.Id,
SamlNameIdentifierFormat = entity.SamlNameIdentifierFormat,
SignatureAlgorithm = entity.SignatureAlgorithm,
TokenType = entity.TokenType
};
}
}
The DI configuration become:
services.AddIdentityServer()
.AddKeysRotation(options => configuration.GetSection(nameof(KeyRotationOptions))?.Bind(options));
services.AddControllersWithViews()
.AddIdentityServerWsFederation();
services.AddTransient<IRelyingPartyStore, MyRelyingPartyStore>();
Product | Versions Compatible and additional computed target framework versions. |
---|---|
.NET | net7.0 is compatible. net7.0-android was computed. net7.0-ios was computed. net7.0-maccatalyst was computed. net7.0-macos was computed. net7.0-tvos was computed. net7.0-windows was computed. net8.0 was computed. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. |
-
net7.0
- Aguacongas.IdentityServer.IS4 (>= 7.0.0-preview1-0250)
- Aguacongas.IdentityServer.KeysRotation.IS4 (>= 7.0.0-preview1-0250)
- Aguacongas.IdentityServer.WsFederation (>= 7.0.0-preview1-0250)
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.
Version | Downloads | Last updated | |
---|---|---|---|
7.0.0-preview1-0250 | 182 | 11/9/2022 | |
6.3.0 | 792 | 7/1/2022 | |
6.2.1 | 587 | 6/13/2022 | |
6.2.0 | 554 | 6/12/2022 | |
6.1.0 | 573 | 5/29/2022 | |
6.0.1 | 568 | 5/24/2022 | |
6.0.1-fix-release-6-0-01-0002 | 200 | 5/24/2022 | |
6.0.0 | 562 | 5/21/2022 | |
5.0.0-preview1-0264 | 191 | 5/21/2022 | |
5.0.0-preview1-0020 | 238 | 5/8/2022 | |
5.0.0-preview1-0019 | 238 | 5/8/2022 | |
5.0.0-preview1-0018 | 213 | 5/7/2022 | |
5.0.0-preview1-0017 | 211 | 5/7/2022 | |
5.0.0-merge-release4-6-61-0194 | 216 | 5/12/2022 | |
4.7.0-preview1-0125 | 208 | 4/23/2022 | |
4.6.6 | 550 | 5/12/2022 | |
4.6.5 | 621 | 4/28/2022 | |
4.6.4 | 618 | 4/21/2022 | |
4.6.3 | 580 | 4/14/2022 | |
4.6.2 | 638 | 4/2/2022 | |
4.6.1 | 640 | 3/31/2022 | |
4.6.0 | 608 | 3/30/2022 | |
4.5.3 | 632 | 3/23/2022 | |
4.5.2 | 638 | 3/19/2022 | |
4.5.1 | 634 | 3/17/2022 | |
4.5.0 | 647 | 3/13/2022 | |
4.4.0 | 734 | 2/13/2022 | |
4.3.3 | 671 | 2/9/2022 | |
4.3.2 | 728 | 2/3/2022 | |
4.3.1 | 714 | 1/28/2022 | |
4.3.0 | 704 | 1/17/2022 | |
4.2.0 | 1,129 | 10/17/2021 | |
4.1.0 | 912 | 10/13/2021 | |
4.0.1 | 904 | 10/9/2021 | |
4.0.0 | 894 | 9/21/2021 | |
4.0.0-preview1-0046 | 341 | 9/20/2021 |