Aguacongas.IdentityServer.WsFederation.Duende 8.2.0

dotnet add package Aguacongas.IdentityServer.WsFederation.Duende --version 8.2.0                
NuGet\Install-Package Aguacongas.IdentityServer.WsFederation.Duende -Version 8.2.0                
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.
<PackageReference Include="Aguacongas.IdentityServer.WsFederation.Duende" Version="8.2.0" />                
For projects that support PackageReference, copy this XML node into the project file to reference the package.
paket add Aguacongas.IdentityServer.WsFederation.Duende --version 8.2.0                
#r "nuget: Aguacongas.IdentityServer.WsFederation.Duende, 8.2.0"                
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.
// Install Aguacongas.IdentityServer.WsFederation.Duende as a Cake Addin
#addin nuget:?package=Aguacongas.IdentityServer.WsFederation.Duende&version=8.2.0

// Install Aguacongas.IdentityServer.WsFederation.Duende as a Cake Tool
#tool nuget:?package=Aguacongas.IdentityServer.WsFederation.Duende&version=8.2.0                

Aguacongas.IdentityServer.WsFederation.Duende

Add a WS-Federation controller to your Duende IdentityServer.

Setup

services.AddIdentityServer()
    .AddKeysRotation(options => configuration.GetSection(nameof(KeyRotationOptions))?.Bind(options));

services.AddControllersWithViews()
    .AddIdentityServerWsFederation();

WS-Fedration depends on a ISigningCredentialStore. You can register it using AddSigningCredential with a X509Certificate2 in place of AddKeysRotation if you prefer.

Usage

wsfederation/metadata returns the WS-Federation metadata document.

You can add a client to you configuration with wsfed as protocol type:

new Client
{
    ClientId = "urn:aspnetcorerp",
    ProtocolType = ProtocolTypes.WsFederation,

    RedirectUris = { "http://localhost:10314/" },
    FrontChannelLogoutUri = "http://localhost:10314/account/signoutcleanup",
    IdentityTokenLifetime = 36000,

    AllowedScopes = { "openid", "profile" }
}

And configure the client to use WS-Federation authentication:

services.AddAuthentication(options =>
{
    options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
    options.DefaultChallengeScheme = WsFederationDefaults.AuthenticationScheme;
})
    .AddCookie(options =>
    {
        options.Cookie.Name = "aspnetcorewsfed";
    })
    .AddWsFederation(options =>
    {
        options.MetadataAddress = "https://localhost:5443/wsfederation/metadata";
        options.RequireHttpsMetadata = false;

        options.Wtrealm = "urn:aspnetcorerp";

        options.SignOutWreply = "https://localhost:10315";
        options.SkipUnrecognizedRequests = true;
    });

Metadata configuration

AddIdentityServerWsFederation extension accept a IConfiguration or a WsFederationOptions parameter to configure the metadata document génération with claims lists.

mvcBuilder.AddIdentityServerWsFederation(configurationManager.GetSection(nameof(WsFederationOptions)));
"WsFederationOptions": {
  "ClaimTypesOffered": [
    {
      "Uri": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name",
      "DisplayName": "Name",
      "Description": "The unique name of the user"
    },
    {
      "Uri": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier",
      "DisplayName": "Name ID",
      "Description": "The SAML name identifier of the user"
    },
    {
      "Uri": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
      "DisplayName": "E-Mail Address",
      "Description": "The e-mail address of the user"
    },
    {
      "Uri": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname",
      "DisplayName": "Given Name",
      "Description": "The given name of the user"
    },
    {
      "Uri": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname",
      "DisplayName": "Given Name",
      "Description": "The given name of the user"
    },
    {
      "Uri": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname",
      "DisplayName": "Surname",
      "Description": "The surname of the user"
    },
    {
      "Uri": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirth",
      "DisplayName": "Birth date",
      "Description": "The birth date of the user"
    },
    {
      "Uri": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/webpage",
      "DisplayName": "Web page",
      "Description": "The wep page of the user"
    }
  ]
}

This add the ClaimTypesOffered collection to the metadata document:

<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://localhost:5443">
	<md:RoleDescriptor xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:fed="http://docs.oasis-open.org/wsfed/federation/200706" xsi:type="fed:SecurityTokenServiceType" protocolSupportEnumeration="http://docs.oasis-open.org/wsfed/federation/200706">
		<md:KeyDescriptor use="signing">
			<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
				...
			</KeyInfo>
		</md:KeyDescriptor>
		<fed:ClaimTypesOffered>
			<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" Optional="true">
				<auth:DisplayName>Name</auth:DisplayName>
				<auth:Description>The unique name of the user</auth:Description>
			</auth:ClaimType>
			<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" Optional="true">
				<auth:DisplayName>Name ID</auth:DisplayName>
				<auth:Description>The SAML name identifier of the user</auth:Description>
			</auth:ClaimType>
			<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" Optional="true">
				<auth:DisplayName>E-Mail Address</auth:DisplayName>
				<auth:Description>The e-mail address of the user</auth:Description>
			</auth:ClaimType>
			<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" Optional="true">
				<auth:DisplayName>Given Name</auth:DisplayName>
				<auth:Description>The given name of the user</auth:Description>
			</auth:ClaimType>
			<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" Optional="true">
				<auth:DisplayName>Given Name</auth:DisplayName>
				<auth:Description>The given name of the user</auth:Description>
			</auth:ClaimType>
			<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" Optional="true">
				<auth:DisplayName>Surname</auth:DisplayName>
				<auth:Description>The surname of the user</auth:Description>
			</auth:ClaimType>
			<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirth" Optional="true">
				<auth:DisplayName>Birth date</auth:DisplayName>
				<auth:Description>The birth date of the user</auth:Description>
			</auth:ClaimType>
			<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/webpage" Optional="true">
				<auth:DisplayName>Web page</auth:DisplayName>
				<auth:Description>The wep page of the user</auth:Description>
			</auth:ClaimType>
		</fed:ClaimTypesOffered>
		<fed:PassiveRequestorEndpoint>
			<wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing">
				<wsa:Address>https://localhost:5443/WsFederation</wsa:Address>
			</wsa:EndpointReference>
		</fed:PassiveRequestorEndpoint>
	</md:RoleDescriptor>
	<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
		...
	</Signature>
</md:EntityDescriptor>

You can also manage the ClaimTypesRequested and the TokenTypesOffered collections.

You can implement your IMetatdataSerializer if needed.

Implement your store

To access data the IWsFederationService use a IRelyingPartyStore. You can implement this interface and provide your implementation to the DI to ovveride the default IRelyingPartyStore implementation.

/// <summary>
/// Custom IRelyingPartyStore implementation
/// </summary>
/// <seealso cref="IRelyingPartyStore" />
public class MyRelyingPartyStore : IRelyingPartyStore
{
    private readonly IAdminStore<Entity.Client> _clientStore;
    private readonly IAdminStore<Entity.RelyingParty> _relyingPartyStore;

    /// <summary>
    /// Initializes a new instance of the <see cref="RelyingPartyStore" /> class.
    /// </summary>
    /// <param name="clientStore">The client store.</param>
    /// <param name="relyingPartyStore">The relying party store.</param>
    /// <exception cref="ArgumentNullException">adminStore</exception>
    public MyRelyingPartyStore(IAdminStore<Entity.Client> clientStore, IAdminStore<Entity.RelyingParty> relyingPartyStore)
    {
        _clientStore = clientStore ?? throw new ArgumentNullException(nameof(clientStore));
        _relyingPartyStore = relyingPartyStore ?? throw new ArgumentNullException(nameof(relyingPartyStore));
    }

    /// <summary>
    /// Finds the relying party by realm.
    /// </summary>
    /// <param name="realm">The realm.</param>
    /// <returns></returns>
    public async Task<RelyingParty> FindRelyingPartyByRealm(string realm)
    {
        var client = await _clientStore.GetAsync(realm, null).ConfigureAwait(false);
        var relyingPartyId = client.RelyingPartyId;
        var entity = await _relyingPartyStore.GetAsync(relyingPartyId, new GetRequest
        {
            Expand = nameof(Entity.RelyingParty.ClaimMappings)
        }).ConfigureAwait(false);

        if (entity == null)
        {
            return null;
        }

        return new RelyingParty
        {
            ClaimMapping = entity.ClaimMappings.ToDictionary(m => m.FromClaimType, m => m.ToClaimType),
            DigestAlgorithm = entity.DigestAlgorithm,
            EncryptionCertificate = entity.EncryptionCertificate != null ? new X509Certificate2(entity.EncryptionCertificate) : null,
            Realm = entity.Id,
            SamlNameIdentifierFormat = entity.SamlNameIdentifierFormat,
            SignatureAlgorithm = entity.SignatureAlgorithm,
            TokenType = entity.TokenType
        };
    }
}

The DI configuration become:

services.AddIdentityServer()
    .AddKeysRotation(options => configuration.GetSection(nameof(KeyRotationOptions))?.Bind(options));

services.AddControllersWithViews()
    .AddIdentityServerWsFederation();

services.AddTransient<IRelyingPartyStore, MyRelyingPartyStore>();
Product Compatible and additional computed target framework versions.
.NET net8.0 is compatible.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last updated
8.2.0 91 11/9/2024
8.1.1 74 11/9/2024
8.1.0-preview57- 65 11/3/2024
8.0.1 517 9/22/2024
8.0.0 491 3/9/2024
8.0.0-preview1-0001 230 11/18/2023
7.4.6 489 10/28/2023
7.4.5 182 10/12/2023
7.4.4 299 8/10/2023
7.4.3 216 7/20/2023
7.4.2 229 7/13/2023
7.4.1 215 6/15/2023
7.4.0 176 6/4/2023
7.3.0 262 4/13/2023
7.3.0-preview1-0073 126 4/10/2023
7.2.2 271 3/20/2023
7.2.1 433 3/16/2023
7.1.2 341 2/3/2023
7.1.1 335 1/26/2023
7.1.0 310 1/21/2023
7.0.3 288 1/18/2023
7.0.2 356 12/15/2022
7.0.1 373 11/23/2022
7.0.0 347 11/21/2022
7.0.0-preview1-0250 150 11/9/2022
6.3.1 336 12/15/2022
6.3.0 680 7/1/2022
6.2.1 535 6/13/2022
6.2.0 476 6/12/2022
6.1.0 515 5/29/2022
6.0.1 496 5/24/2022
6.0.1-fix-release-6-0-01-0002 178 5/24/2022
6.0.0 498 5/21/2022
5.0.0-preview1-0264 180 5/21/2022
5.0.0-preview1-0020 199 5/8/2022
5.0.0-preview1-0019 182 5/8/2022
5.0.0-preview1-0018 182 5/7/2022
5.0.0-preview1-0017 191 5/7/2022
5.0.0-merge-release4-6-61-0194 167 5/12/2022
4.7.0-preview1-0125 182 4/23/2022
4.6.6 463 5/12/2022
4.6.5 585 4/28/2022
4.6.4 534 4/21/2022
4.6.3 545 4/14/2022
4.6.2 607 4/2/2022
4.6.1 583 3/31/2022
4.6.0 546 3/30/2022
4.5.3 608 3/23/2022
4.5.2 609 3/19/2022
4.5.1 562 3/17/2022
4.5.0 564 3/13/2022
4.4.0 660 2/13/2022
4.3.3 644 2/9/2022
4.3.2 666 2/3/2022
4.3.1 640 1/28/2022
4.3.0 653 1/17/2022
4.2.0 859 10/17/2021
4.1.0 909 10/13/2021
4.0.1 823 10/9/2021
4.0.0 867 9/21/2021
4.0.0-preview1-0046 327 9/18/2021
4.0.0-preview1-0003 287 9/18/2021
4.0.0-preview1-0002 308 9/18/2021