Aguacongas.IdentityServer.WsFederation.IS4 5.0.0-preview1-0017

This is a prerelease version of Aguacongas.IdentityServer.WsFederation.IS4.
There is a newer version of this package available.
See the version list below for details.
dotnet add package Aguacongas.IdentityServer.WsFederation.IS4 --version 5.0.0-preview1-0017                
NuGet\Install-Package Aguacongas.IdentityServer.WsFederation.IS4 -Version 5.0.0-preview1-0017                
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.
<PackageReference Include="Aguacongas.IdentityServer.WsFederation.IS4" Version="5.0.0-preview1-0017" />                
For projects that support PackageReference, copy this XML node into the project file to reference the package.
paket add Aguacongas.IdentityServer.WsFederation.IS4 --version 5.0.0-preview1-0017                
#r "nuget: Aguacongas.IdentityServer.WsFederation.IS4, 5.0.0-preview1-0017"                
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.
// Install Aguacongas.IdentityServer.WsFederation.IS4 as a Cake Addin
#addin nuget:?package=Aguacongas.IdentityServer.WsFederation.IS4&version=5.0.0-preview1-0017&prerelease

// Install Aguacongas.IdentityServer.WsFederation.IS4 as a Cake Tool
#tool nuget:?package=Aguacongas.IdentityServer.WsFederation.IS4&version=5.0.0-preview1-0017&prerelease                

Aguacongas.IdentityServer.WsFederation.Duende

Add a WS-Federation controller to your Duende IdentityServer.

Setup

services.AddIdentityServer()
    .AddKeysRotation(options => configuration.GetSection(nameof(KeyRotationOptions))?.Bind(options));

services.AddControllersWithViews()
    .AddIdentityServerWsFederation();

WS-Fedration depends on a ISigningCredentialStore. You can register it using AddSigningCredential with a X509Certificate2 in place of AddKeysRotation if you prefer.

Usage

wsfederation/metadata returns the WS-Federation metadata document.

You can add a client to you configuration with wsfed as protocol type:

new Client
{
    ClientId = "urn:aspnetcorerp",
    ProtocolType = ProtocolTypes.WsFederation,

    RedirectUris = { "http://localhost:10314/" },
    FrontChannelLogoutUri = "http://localhost:10314/account/signoutcleanup",
    IdentityTokenLifetime = 36000,

    AllowedScopes = { "openid", "profile" }
}

And configure the client to use WS-Federation authentication:

services.AddAuthentication(options =>
{
    options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
    options.DefaultChallengeScheme = WsFederationDefaults.AuthenticationScheme;
})
    .AddCookie(options =>
    {
        options.Cookie.Name = "aspnetcorewsfed";
    })
    .AddWsFederation(options =>
    {
        options.MetadataAddress = "https://localhost:5443/wsfederation/metadata";
        options.RequireHttpsMetadata = false;

        options.Wtrealm = "urn:aspnetcorerp";

        options.SignOutWreply = "https://localhost:10315";
        options.SkipUnrecognizedRequests = true;
    });

Metadata configuration

AddIdentityServerWsFederation extension accept a IConfiguration or a WsFederationOptions parameter to configure the metadata document génération with claims lists.

mvcBuilder.AddIdentityServerWsFederation(configurationManager.GetSection(nameof(WsFederationOptions)));
"WsFederationOptions": {
  "ClaimTypesOffered": [
    {
      "Uri": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name",
      "DisplayName": "Name",
      "Description": "The unique name of the user"
    },
    {
      "Uri": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier",
      "DisplayName": "Name ID",
      "Description": "The SAML name identifier of the user"
    },
    {
      "Uri": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
      "DisplayName": "E-Mail Address",
      "Description": "The e-mail address of the user"
    },
    {
      "Uri": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname",
      "DisplayName": "Given Name",
      "Description": "The given name of the user"
    },
    {
      "Uri": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname",
      "DisplayName": "Given Name",
      "Description": "The given name of the user"
    },
    {
      "Uri": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname",
      "DisplayName": "Surname",
      "Description": "The surname of the user"
    },
    {
      "Uri": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirth",
      "DisplayName": "Birth date",
      "Description": "The birth date of the user"
    },
    {
      "Uri": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/webpage",
      "DisplayName": "Web page",
      "Description": "The wep page of the user"
    }
  ]
}

This add the ClaimTypesOffered collection to the metadata document:

<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://localhost:5443">
	<md:RoleDescriptor xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:fed="http://docs.oasis-open.org/wsfed/federation/200706" xsi:type="fed:SecurityTokenServiceType" protocolSupportEnumeration="http://docs.oasis-open.org/wsfed/federation/200706">
		<md:KeyDescriptor use="signing">
			<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
				...
			</KeyInfo>
		</md:KeyDescriptor>
		<fed:ClaimTypesOffered>
			<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" Optional="true">
				<auth:DisplayName>Name</auth:DisplayName>
				<auth:Description>The unique name of the user</auth:Description>
			</auth:ClaimType>
			<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" Optional="true">
				<auth:DisplayName>Name ID</auth:DisplayName>
				<auth:Description>The SAML name identifier of the user</auth:Description>
			</auth:ClaimType>
			<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" Optional="true">
				<auth:DisplayName>E-Mail Address</auth:DisplayName>
				<auth:Description>The e-mail address of the user</auth:Description>
			</auth:ClaimType>
			<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" Optional="true">
				<auth:DisplayName>Given Name</auth:DisplayName>
				<auth:Description>The given name of the user</auth:Description>
			</auth:ClaimType>
			<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" Optional="true">
				<auth:DisplayName>Given Name</auth:DisplayName>
				<auth:Description>The given name of the user</auth:Description>
			</auth:ClaimType>
			<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" Optional="true">
				<auth:DisplayName>Surname</auth:DisplayName>
				<auth:Description>The surname of the user</auth:Description>
			</auth:ClaimType>
			<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirth" Optional="true">
				<auth:DisplayName>Birth date</auth:DisplayName>
				<auth:Description>The birth date of the user</auth:Description>
			</auth:ClaimType>
			<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/webpage" Optional="true">
				<auth:DisplayName>Web page</auth:DisplayName>
				<auth:Description>The wep page of the user</auth:Description>
			</auth:ClaimType>
		</fed:ClaimTypesOffered>
		<fed:PassiveRequestorEndpoint>
			<wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing">
				<wsa:Address>https://localhost:5443/WsFederation</wsa:Address>
			</wsa:EndpointReference>
		</fed:PassiveRequestorEndpoint>
	</md:RoleDescriptor>
	<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
		...
	</Signature>
</md:EntityDescriptor>

You can also manage the ClaimTypesRequested and the TokenTypesOffered collections.

You can implement your IMetatdataSerializer if needed.

Implement your store

To access data the IWsFederationService use a IRelyingPartyStore. You can implement this interface and provide your implementation to the DI to ovveride the default IRelyingPartyStore implementation.

/// <summary>
/// Custom IRelyingPartyStore implementation
/// </summary>
/// <seealso cref="IRelyingPartyStore" />
public class MyRelyingPartyStore : IRelyingPartyStore
{
    private readonly IAdminStore<Entity.Client> _clientStore;
    private readonly IAdminStore<Entity.RelyingParty> _relyingPartyStore;

    /// <summary>
    /// Initializes a new instance of the <see cref="RelyingPartyStore" /> class.
    /// </summary>
    /// <param name="clientStore">The client store.</param>
    /// <param name="relyingPartyStore">The relying party store.</param>
    /// <exception cref="ArgumentNullException">adminStore</exception>
    public MyRelyingPartyStore(IAdminStore<Entity.Client> clientStore, IAdminStore<Entity.RelyingParty> relyingPartyStore)
    {
        _clientStore = clientStore ?? throw new ArgumentNullException(nameof(clientStore));
        _relyingPartyStore = relyingPartyStore ?? throw new ArgumentNullException(nameof(relyingPartyStore));
    }

    /// <summary>
    /// Finds the relying party by realm.
    /// </summary>
    /// <param name="realm">The realm.</param>
    /// <returns></returns>
    public async Task<RelyingParty> FindRelyingPartyByRealm(string realm)
    {
        var client = await _clientStore.GetAsync(realm, null).ConfigureAwait(false);
        var relyingPartyId = client.RelyingPartyId;
        var entity = await _relyingPartyStore.GetAsync(relyingPartyId, new GetRequest
        {
            Expand = nameof(Entity.RelyingParty.ClaimMappings)
        }).ConfigureAwait(false);

        if (entity == null)
        {
            return null;
        }

        return new RelyingParty
        {
            ClaimMapping = entity.ClaimMappings.ToDictionary(m => m.FromClaimType, m => m.ToClaimType),
            DigestAlgorithm = entity.DigestAlgorithm,
            EncryptionCertificate = entity.EncryptionCertificate != null ? new X509Certificate2(entity.EncryptionCertificate) : null,
            Realm = entity.Id,
            SamlNameIdentifierFormat = entity.SamlNameIdentifierFormat,
            SignatureAlgorithm = entity.SignatureAlgorithm,
            TokenType = entity.TokenType
        };
    }
}

The DI configuration become:

services.AddIdentityServer()
    .AddKeysRotation(options => configuration.GetSection(nameof(KeyRotationOptions))?.Bind(options));

services.AddControllersWithViews()
    .AddIdentityServerWsFederation();

services.AddTransient<IRelyingPartyStore, MyRelyingPartyStore>();
Product Compatible and additional computed target framework versions.
.NET net6.0 is compatible.  net6.0-android was computed.  net6.0-ios was computed.  net6.0-maccatalyst was computed.  net6.0-macos was computed.  net6.0-tvos was computed.  net6.0-windows was computed.  net7.0 was computed.  net7.0-android was computed.  net7.0-ios was computed.  net7.0-maccatalyst was computed.  net7.0-macos was computed.  net7.0-tvos was computed.  net7.0-windows was computed.  net8.0 was computed.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last updated
7.0.0-preview1-0250 180 11/9/2022 7.0.0-preview1-0250 is deprecated because it is no longer maintained.
6.3.0 779 7/1/2022 6.3.0 is deprecated because it is no longer maintained.
6.2.1 583 6/13/2022 6.2.1 is deprecated because it is no longer maintained.
6.2.0 550 6/12/2022 6.2.0 is deprecated because it is no longer maintained.
6.1.0 569 5/29/2022 6.1.0 is deprecated because it is no longer maintained.
6.0.1 564 5/24/2022 6.0.1 is deprecated because it is no longer maintained.
6.0.1-fix-release-6-0-01-0002 198 5/24/2022 6.0.1-fix-release-6-0-01-0002 is deprecated because it is no longer maintained.
6.0.0 558 5/21/2022 6.0.0 is deprecated because it is no longer maintained.
5.0.0-preview1-0264 189 5/21/2022 5.0.0-preview1-0264 is deprecated because it is no longer maintained.
5.0.0-preview1-0020 236 5/8/2022 5.0.0-preview1-0020 is deprecated because it is no longer maintained.
5.0.0-preview1-0019 236 5/8/2022 5.0.0-preview1-0019 is deprecated because it is no longer maintained.
5.0.0-preview1-0018 211 5/7/2022 5.0.0-preview1-0018 is deprecated because it is no longer maintained.
5.0.0-preview1-0017 209 5/7/2022 5.0.0-preview1-0017 is deprecated because it is no longer maintained.
5.0.0-merge-release4-6-61-0194 214 5/12/2022 5.0.0-merge-release4-6-61-0194 is deprecated because it is no longer maintained.
4.7.0-preview1-0125 206 4/23/2022 4.7.0-preview1-0125 is deprecated because it is no longer maintained.
4.6.6 546 5/12/2022 4.6.6 is deprecated because it is no longer maintained.
4.6.5 617 4/28/2022 4.6.5 is deprecated because it is no longer maintained.
4.6.4 614 4/21/2022 4.6.4 is deprecated because it is no longer maintained.
4.6.3 576 4/14/2022 4.6.3 is deprecated because it is no longer maintained.
4.6.2 634 4/2/2022 4.6.2 is deprecated because it is no longer maintained.
4.6.1 636 3/31/2022 4.6.1 is deprecated because it is no longer maintained.
4.6.0 602 3/30/2022 4.6.0 is deprecated because it is no longer maintained.
4.5.3 626 3/23/2022 4.5.3 is deprecated because it is no longer maintained.
4.5.2 634 3/19/2022 4.5.2 is deprecated because it is no longer maintained.
4.5.1 630 3/17/2022 4.5.1 is deprecated because it is no longer maintained.
4.5.0 643 3/13/2022 4.5.0 is deprecated because it is no longer maintained.
4.4.0 730 2/13/2022 4.4.0 is deprecated because it is no longer maintained.
4.3.3 667 2/9/2022 4.3.3 is deprecated because it is no longer maintained.
4.3.2 724 2/3/2022 4.3.2 is deprecated because it is no longer maintained.
4.3.1 710 1/28/2022 4.3.1 is deprecated because it is no longer maintained.
4.3.0 700 1/17/2022 4.3.0 is deprecated because it is no longer maintained.
4.2.0 1,125 10/17/2021 4.2.0 is deprecated because it is no longer maintained.
4.1.0 908 10/13/2021 4.1.0 is deprecated because it is no longer maintained.
4.0.1 900 10/9/2021 4.0.1 is deprecated because it is no longer maintained.
4.0.0 890 9/21/2021 4.0.0 is deprecated because it is no longer maintained.
4.0.0-preview1-0046 339 9/20/2021 4.0.0-preview1-0046 is deprecated because it is no longer maintained.