Aguacongas.IdentityServer.WsFederation.Duende
8.2.0
dotnet add package Aguacongas.IdentityServer.WsFederation.Duende --version 8.2.0
NuGet\Install-Package Aguacongas.IdentityServer.WsFederation.Duende -Version 8.2.0
<PackageReference Include="Aguacongas.IdentityServer.WsFederation.Duende" Version="8.2.0" />
paket add Aguacongas.IdentityServer.WsFederation.Duende --version 8.2.0
#r "nuget: Aguacongas.IdentityServer.WsFederation.Duende, 8.2.0"
// Install Aguacongas.IdentityServer.WsFederation.Duende as a Cake Addin #addin nuget:?package=Aguacongas.IdentityServer.WsFederation.Duende&version=8.2.0 // Install Aguacongas.IdentityServer.WsFederation.Duende as a Cake Tool #tool nuget:?package=Aguacongas.IdentityServer.WsFederation.Duende&version=8.2.0
Aguacongas.IdentityServer.WsFederation.Duende
Add a WS-Federation controller to your Duende IdentityServer.
Setup
services.AddIdentityServer()
.AddKeysRotation(options => configuration.GetSection(nameof(KeyRotationOptions))?.Bind(options));
services.AddControllersWithViews()
.AddIdentityServerWsFederation();
WS-Fedration depends on a
ISigningCredentialStore
. You can register it usingAddSigningCredential
with aX509Certificate2
in place ofAddKeysRotation
if you prefer.
Usage
wsfederation/metadata
returns the WS-Federation metadata document.
You can add a client to you configuration with wsfed as protocol type:
new Client
{
ClientId = "urn:aspnetcorerp",
ProtocolType = ProtocolTypes.WsFederation,
RedirectUris = { "http://localhost:10314/" },
FrontChannelLogoutUri = "http://localhost:10314/account/signoutcleanup",
IdentityTokenLifetime = 36000,
AllowedScopes = { "openid", "profile" }
}
And configure the client to use WS-Federation authentication:
services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = WsFederationDefaults.AuthenticationScheme;
})
.AddCookie(options =>
{
options.Cookie.Name = "aspnetcorewsfed";
})
.AddWsFederation(options =>
{
options.MetadataAddress = "https://localhost:5443/wsfederation/metadata";
options.RequireHttpsMetadata = false;
options.Wtrealm = "urn:aspnetcorerp";
options.SignOutWreply = "https://localhost:10315";
options.SkipUnrecognizedRequests = true;
});
Metadata configuration
AddIdentityServerWsFederation
extension accept a IConfiguration
or a WsFederationOptions
parameter to configure the metadata document génération with claims lists.
mvcBuilder.AddIdentityServerWsFederation(configurationManager.GetSection(nameof(WsFederationOptions)));
"WsFederationOptions": {
"ClaimTypesOffered": [
{
"Uri": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name",
"DisplayName": "Name",
"Description": "The unique name of the user"
},
{
"Uri": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier",
"DisplayName": "Name ID",
"Description": "The SAML name identifier of the user"
},
{
"Uri": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
"DisplayName": "E-Mail Address",
"Description": "The e-mail address of the user"
},
{
"Uri": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname",
"DisplayName": "Given Name",
"Description": "The given name of the user"
},
{
"Uri": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname",
"DisplayName": "Given Name",
"Description": "The given name of the user"
},
{
"Uri": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname",
"DisplayName": "Surname",
"Description": "The surname of the user"
},
{
"Uri": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirth",
"DisplayName": "Birth date",
"Description": "The birth date of the user"
},
{
"Uri": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/webpage",
"DisplayName": "Web page",
"Description": "The wep page of the user"
}
]
}
This add the ClaimTypesOffered collection to the metadata document:
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://localhost:5443">
<md:RoleDescriptor xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:fed="http://docs.oasis-open.org/wsfed/federation/200706" xsi:type="fed:SecurityTokenServiceType" protocolSupportEnumeration="http://docs.oasis-open.org/wsfed/federation/200706">
<md:KeyDescriptor use="signing">
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
...
</KeyInfo>
</md:KeyDescriptor>
<fed:ClaimTypesOffered>
<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" Optional="true">
<auth:DisplayName>Name</auth:DisplayName>
<auth:Description>The unique name of the user</auth:Description>
</auth:ClaimType>
<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" Optional="true">
<auth:DisplayName>Name ID</auth:DisplayName>
<auth:Description>The SAML name identifier of the user</auth:Description>
</auth:ClaimType>
<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" Optional="true">
<auth:DisplayName>E-Mail Address</auth:DisplayName>
<auth:Description>The e-mail address of the user</auth:Description>
</auth:ClaimType>
<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" Optional="true">
<auth:DisplayName>Given Name</auth:DisplayName>
<auth:Description>The given name of the user</auth:Description>
</auth:ClaimType>
<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" Optional="true">
<auth:DisplayName>Given Name</auth:DisplayName>
<auth:Description>The given name of the user</auth:Description>
</auth:ClaimType>
<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" Optional="true">
<auth:DisplayName>Surname</auth:DisplayName>
<auth:Description>The surname of the user</auth:Description>
</auth:ClaimType>
<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirth" Optional="true">
<auth:DisplayName>Birth date</auth:DisplayName>
<auth:Description>The birth date of the user</auth:Description>
</auth:ClaimType>
<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/webpage" Optional="true">
<auth:DisplayName>Web page</auth:DisplayName>
<auth:Description>The wep page of the user</auth:Description>
</auth:ClaimType>
</fed:ClaimTypesOffered>
<fed:PassiveRequestorEndpoint>
<wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing">
<wsa:Address>https://localhost:5443/WsFederation</wsa:Address>
</wsa:EndpointReference>
</fed:PassiveRequestorEndpoint>
</md:RoleDescriptor>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
...
</Signature>
</md:EntityDescriptor>
You can also manage the ClaimTypesRequested
and the TokenTypesOffered
collections.
You can implement your IMetatdataSerializer
if needed.
Implement your store
To access data the IWsFederationService
use a IRelyingPartyStore
. You can implement this interface and provide your implementation to the DI to ovveride the default IRelyingPartyStore
implementation.
/// <summary>
/// Custom IRelyingPartyStore implementation
/// </summary>
/// <seealso cref="IRelyingPartyStore" />
public class MyRelyingPartyStore : IRelyingPartyStore
{
private readonly IAdminStore<Entity.Client> _clientStore;
private readonly IAdminStore<Entity.RelyingParty> _relyingPartyStore;
/// <summary>
/// Initializes a new instance of the <see cref="RelyingPartyStore" /> class.
/// </summary>
/// <param name="clientStore">The client store.</param>
/// <param name="relyingPartyStore">The relying party store.</param>
/// <exception cref="ArgumentNullException">adminStore</exception>
public MyRelyingPartyStore(IAdminStore<Entity.Client> clientStore, IAdminStore<Entity.RelyingParty> relyingPartyStore)
{
_clientStore = clientStore ?? throw new ArgumentNullException(nameof(clientStore));
_relyingPartyStore = relyingPartyStore ?? throw new ArgumentNullException(nameof(relyingPartyStore));
}
/// <summary>
/// Finds the relying party by realm.
/// </summary>
/// <param name="realm">The realm.</param>
/// <returns></returns>
public async Task<RelyingParty> FindRelyingPartyByRealm(string realm)
{
var client = await _clientStore.GetAsync(realm, null).ConfigureAwait(false);
var relyingPartyId = client.RelyingPartyId;
var entity = await _relyingPartyStore.GetAsync(relyingPartyId, new GetRequest
{
Expand = nameof(Entity.RelyingParty.ClaimMappings)
}).ConfigureAwait(false);
if (entity == null)
{
return null;
}
return new RelyingParty
{
ClaimMapping = entity.ClaimMappings.ToDictionary(m => m.FromClaimType, m => m.ToClaimType),
DigestAlgorithm = entity.DigestAlgorithm,
EncryptionCertificate = entity.EncryptionCertificate != null ? new X509Certificate2(entity.EncryptionCertificate) : null,
Realm = entity.Id,
SamlNameIdentifierFormat = entity.SamlNameIdentifierFormat,
SignatureAlgorithm = entity.SignatureAlgorithm,
TokenType = entity.TokenType
};
}
}
The DI configuration become:
services.AddIdentityServer()
.AddKeysRotation(options => configuration.GetSection(nameof(KeyRotationOptions))?.Bind(options));
services.AddControllersWithViews()
.AddIdentityServerWsFederation();
services.AddTransient<IRelyingPartyStore, MyRelyingPartyStore>();
Product | Versions Compatible and additional computed target framework versions. |
---|---|
.NET | net8.0 is compatible. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. |
-
net8.0
- Aguacongas.IdentityServer.Duende (>= 8.2.0)
- Aguacongas.IdentityServer.KeysRotation.Duende (>= 8.2.0)
- Aguacongas.IdentityServer.WsFederation (>= 8.2.0)
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.
Version | Downloads | Last updated |
---|---|---|
8.2.0 | 91 | 11/9/2024 |
8.1.1 | 74 | 11/9/2024 |
8.1.0-preview57- | 65 | 11/3/2024 |
8.0.1 | 517 | 9/22/2024 |
8.0.0 | 491 | 3/9/2024 |
8.0.0-preview1-0001 | 230 | 11/18/2023 |
7.4.6 | 489 | 10/28/2023 |
7.4.5 | 182 | 10/12/2023 |
7.4.4 | 299 | 8/10/2023 |
7.4.3 | 216 | 7/20/2023 |
7.4.2 | 229 | 7/13/2023 |
7.4.1 | 215 | 6/15/2023 |
7.4.0 | 176 | 6/4/2023 |
7.3.0 | 262 | 4/13/2023 |
7.3.0-preview1-0073 | 126 | 4/10/2023 |
7.2.2 | 271 | 3/20/2023 |
7.2.1 | 433 | 3/16/2023 |
7.1.2 | 341 | 2/3/2023 |
7.1.1 | 335 | 1/26/2023 |
7.1.0 | 310 | 1/21/2023 |
7.0.3 | 288 | 1/18/2023 |
7.0.2 | 356 | 12/15/2022 |
7.0.1 | 373 | 11/23/2022 |
7.0.0 | 347 | 11/21/2022 |
7.0.0-preview1-0250 | 150 | 11/9/2022 |
6.3.1 | 336 | 12/15/2022 |
6.3.0 | 680 | 7/1/2022 |
6.2.1 | 535 | 6/13/2022 |
6.2.0 | 476 | 6/12/2022 |
6.1.0 | 515 | 5/29/2022 |
6.0.1 | 496 | 5/24/2022 |
6.0.1-fix-release-6-0-01-0002 | 178 | 5/24/2022 |
6.0.0 | 498 | 5/21/2022 |
5.0.0-preview1-0264 | 180 | 5/21/2022 |
5.0.0-preview1-0020 | 199 | 5/8/2022 |
5.0.0-preview1-0019 | 182 | 5/8/2022 |
5.0.0-preview1-0018 | 182 | 5/7/2022 |
5.0.0-preview1-0017 | 191 | 5/7/2022 |
5.0.0-merge-release4-6-61-0194 | 167 | 5/12/2022 |
4.7.0-preview1-0125 | 182 | 4/23/2022 |
4.6.6 | 463 | 5/12/2022 |
4.6.5 | 585 | 4/28/2022 |
4.6.4 | 534 | 4/21/2022 |
4.6.3 | 545 | 4/14/2022 |
4.6.2 | 607 | 4/2/2022 |
4.6.1 | 583 | 3/31/2022 |
4.6.0 | 546 | 3/30/2022 |
4.5.3 | 608 | 3/23/2022 |
4.5.2 | 609 | 3/19/2022 |
4.5.1 | 562 | 3/17/2022 |
4.5.0 | 564 | 3/13/2022 |
4.4.0 | 660 | 2/13/2022 |
4.3.3 | 644 | 2/9/2022 |
4.3.2 | 666 | 2/3/2022 |
4.3.1 | 640 | 1/28/2022 |
4.3.0 | 653 | 1/17/2022 |
4.2.0 | 859 | 10/17/2021 |
4.1.0 | 909 | 10/13/2021 |
4.0.1 | 823 | 10/9/2021 |
4.0.0 | 867 | 9/21/2021 |
4.0.0-preview1-0046 | 327 | 9/18/2021 |
4.0.0-preview1-0003 | 287 | 9/18/2021 |
4.0.0-preview1-0002 | 308 | 9/18/2021 |