Aguacongas.IdentityServer.WsFederation.Duende 4.6.5

There is a newer version of this package available.
See the version list below for details.
dotnet add package Aguacongas.IdentityServer.WsFederation.Duende --version 4.6.5                
NuGet\Install-Package Aguacongas.IdentityServer.WsFederation.Duende -Version 4.6.5                
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.
<PackageReference Include="Aguacongas.IdentityServer.WsFederation.Duende" Version="4.6.5" />                
For projects that support PackageReference, copy this XML node into the project file to reference the package.
paket add Aguacongas.IdentityServer.WsFederation.Duende --version 4.6.5                
#r "nuget: Aguacongas.IdentityServer.WsFederation.Duende, 4.6.5"                
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.
// Install Aguacongas.IdentityServer.WsFederation.Duende as a Cake Addin
#addin nuget:?package=Aguacongas.IdentityServer.WsFederation.Duende&version=4.6.5

// Install Aguacongas.IdentityServer.WsFederation.Duende as a Cake Tool
#tool nuget:?package=Aguacongas.IdentityServer.WsFederation.Duende&version=4.6.5                

Aguacongas.IdentityServer.WsFederation.Duende

Add a WS-Federation controller to your Duende IdentityServer.

Setup

services.AddIdentityServer()
    .AddKeysRotation(options => configuration.GetSection(nameof(KeyRotationOptions))?.Bind(options));

services.AddControllersWithViews()
    .AddIdentityServerWsFederation();

WS-Fedration depends on a ISigningCredentialStore. You can register it using AddSigningCredential with a X509Certificate2 in place of AddKeysRotation if you prefer.

Usage

wsfederation/metadata returns the WS-Federation metadata document.

You can add a client to you configuration with wsfed as protocol type:

new Client
{
    ClientId = "urn:aspnetcorerp",
    ProtocolType = ProtocolTypes.WsFederation,

    RedirectUris = { "http://localhost:10314/" },
    FrontChannelLogoutUri = "http://localhost:10314/account/signoutcleanup",
    IdentityTokenLifetime = 36000,

    AllowedScopes = { "openid", "profile" }
}

And configure the client to use WS-Federation authentication:

services.AddAuthentication(options =>
{
    options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
    options.DefaultChallengeScheme = WsFederationDefaults.AuthenticationScheme;
})
    .AddCookie(options =>
    {
        options.Cookie.Name = "aspnetcorewsfed";
    })
    .AddWsFederation(options =>
    {
        options.MetadataAddress = "https://localhost:5443/wsfederation/metadata";
        options.RequireHttpsMetadata = false;

        options.Wtrealm = "urn:aspnetcorerp";

        options.SignOutWreply = "https://localhost:10315";
        options.SkipUnrecognizedRequests = true;
    });

Metadata configuration

AddIdentityServerWsFederation extension accept a IConfiguration or a WsFederationOptions parameter to configure the metadata document génération with claims lists.

mvcBuilder.AddIdentityServerWsFederation(configurationManager.GetSection(nameof(WsFederationOptions)));
"WsFederationOptions": {
  "ClaimTypesOffered": [
    {
      "Uri": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name",
      "DisplayName": "Name",
      "Description": "The unique name of the user"
    },
    {
      "Uri": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier",
      "DisplayName": "Name ID",
      "Description": "The SAML name identifier of the user"
    },
    {
      "Uri": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
      "DisplayName": "E-Mail Address",
      "Description": "The e-mail address of the user"
    },
    {
      "Uri": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname",
      "DisplayName": "Given Name",
      "Description": "The given name of the user"
    },
    {
      "Uri": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname",
      "DisplayName": "Given Name",
      "Description": "The given name of the user"
    },
    {
      "Uri": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname",
      "DisplayName": "Surname",
      "Description": "The surname of the user"
    },
    {
      "Uri": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirth",
      "DisplayName": "Birth date",
      "Description": "The birth date of the user"
    },
    {
      "Uri": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/webpage",
      "DisplayName": "Web page",
      "Description": "The wep page of the user"
    }
  ]
}

This add the ClaimTypesOffered collection to the metadata document:

<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://localhost:5443">
	<md:RoleDescriptor xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:fed="http://docs.oasis-open.org/wsfed/federation/200706" xsi:type="fed:SecurityTokenServiceType" protocolSupportEnumeration="http://docs.oasis-open.org/wsfed/federation/200706">
		<md:KeyDescriptor use="signing">
			<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
				...
			</KeyInfo>
		</md:KeyDescriptor>
		<fed:ClaimTypesOffered>
			<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" Optional="true">
				<auth:DisplayName>Name</auth:DisplayName>
				<auth:Description>The unique name of the user</auth:Description>
			</auth:ClaimType>
			<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" Optional="true">
				<auth:DisplayName>Name ID</auth:DisplayName>
				<auth:Description>The SAML name identifier of the user</auth:Description>
			</auth:ClaimType>
			<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" Optional="true">
				<auth:DisplayName>E-Mail Address</auth:DisplayName>
				<auth:Description>The e-mail address of the user</auth:Description>
			</auth:ClaimType>
			<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" Optional="true">
				<auth:DisplayName>Given Name</auth:DisplayName>
				<auth:Description>The given name of the user</auth:Description>
			</auth:ClaimType>
			<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" Optional="true">
				<auth:DisplayName>Given Name</auth:DisplayName>
				<auth:Description>The given name of the user</auth:Description>
			</auth:ClaimType>
			<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" Optional="true">
				<auth:DisplayName>Surname</auth:DisplayName>
				<auth:Description>The surname of the user</auth:Description>
			</auth:ClaimType>
			<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirth" Optional="true">
				<auth:DisplayName>Birth date</auth:DisplayName>
				<auth:Description>The birth date of the user</auth:Description>
			</auth:ClaimType>
			<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/webpage" Optional="true">
				<auth:DisplayName>Web page</auth:DisplayName>
				<auth:Description>The wep page of the user</auth:Description>
			</auth:ClaimType>
		</fed:ClaimTypesOffered>
		<fed:PassiveRequestorEndpoint>
			<wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing">
				<wsa:Address>https://localhost:5443/WsFederation</wsa:Address>
			</wsa:EndpointReference>
		</fed:PassiveRequestorEndpoint>
	</md:RoleDescriptor>
	<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
		...
	</Signature>
</md:EntityDescriptor>

You can also manage the ClaimTypesRequested and the TokenTypesOffered collections.

You can implement your IMetatdataSerializer if needed.

Implement your store

To access data the IWsFederationService use a IRelyingPartyStore. You can implement this interface and provide your implementation to the DI to ovveride the default IRelyingPartyStore implementation.

/// <summary>
/// Custom IRelyingPartyStore implementation
/// </summary>
/// <seealso cref="IRelyingPartyStore" />
public class MyRelyingPartyStore : IRelyingPartyStore
{
    private readonly IAdminStore<Entity.Client> _clientStore;
    private readonly IAdminStore<Entity.RelyingParty> _relyingPartyStore;

    /// <summary>
    /// Initializes a new instance of the <see cref="RelyingPartyStore" /> class.
    /// </summary>
    /// <param name="clientStore">The client store.</param>
    /// <param name="relyingPartyStore">The relying party store.</param>
    /// <exception cref="ArgumentNullException">adminStore</exception>
    public MyRelyingPartyStore(IAdminStore<Entity.Client> clientStore, IAdminStore<Entity.RelyingParty> relyingPartyStore)
    {
        _clientStore = clientStore ?? throw new ArgumentNullException(nameof(clientStore));
        _relyingPartyStore = relyingPartyStore ?? throw new ArgumentNullException(nameof(relyingPartyStore));
    }

    /// <summary>
    /// Finds the relying party by realm.
    /// </summary>
    /// <param name="realm">The realm.</param>
    /// <returns></returns>
    public async Task<RelyingParty> FindRelyingPartyByRealm(string realm)
    {
        var client = await _clientStore.GetAsync(realm, null).ConfigureAwait(false);
        var relyingPartyId = client.RelyingPartyId;
        var entity = await _relyingPartyStore.GetAsync(relyingPartyId, new GetRequest
        {
            Expand = nameof(Entity.RelyingParty.ClaimMappings)
        }).ConfigureAwait(false);

        if (entity == null)
        {
            return null;
        }

        return new RelyingParty
        {
            ClaimMapping = entity.ClaimMappings.ToDictionary(m => m.FromClaimType, m => m.ToClaimType),
            DigestAlgorithm = entity.DigestAlgorithm,
            EncryptionCertificate = entity.EncryptionCertificate != null ? new X509Certificate2(entity.EncryptionCertificate) : null,
            Realm = entity.Id,
            SamlNameIdentifierFormat = entity.SamlNameIdentifierFormat,
            SignatureAlgorithm = entity.SignatureAlgorithm,
            TokenType = entity.TokenType
        };
    }
}

The DI configuration become:

services.AddIdentityServer()
    .AddKeysRotation(options => configuration.GetSection(nameof(KeyRotationOptions))?.Bind(options));

services.AddControllersWithViews()
    .AddIdentityServerWsFederation();

services.AddTransient<IRelyingPartyStore, MyRelyingPartyStore>();
Product Compatible and additional computed target framework versions.
.NET net6.0 is compatible.  net6.0-android was computed.  net6.0-ios was computed.  net6.0-maccatalyst was computed.  net6.0-macos was computed.  net6.0-tvos was computed.  net6.0-windows was computed.  net7.0 was computed.  net7.0-android was computed.  net7.0-ios was computed.  net7.0-maccatalyst was computed.  net7.0-macos was computed.  net7.0-tvos was computed.  net7.0-windows was computed.  net8.0 was computed.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last updated
8.2.0 79 11/9/2024
8.1.1 72 11/9/2024
8.1.0-preview57- 63 11/3/2024
8.0.1 512 9/22/2024
8.0.0 487 3/9/2024
8.0.0-preview1-0001 226 11/18/2023
7.4.6 485 10/28/2023
7.4.5 178 10/12/2023
7.4.4 295 8/10/2023
7.4.3 214 7/20/2023
7.4.2 227 7/13/2023
7.4.1 213 6/15/2023
7.4.0 172 6/4/2023
7.3.0 258 4/13/2023
7.3.0-preview1-0073 124 4/10/2023
7.2.2 267 3/20/2023
7.2.1 427 3/16/2023
7.1.2 337 2/3/2023
7.1.1 333 1/26/2023
7.1.0 308 1/21/2023
7.0.3 286 1/18/2023
7.0.2 354 12/15/2022
7.0.1 371 11/23/2022
7.0.0 345 11/21/2022
7.0.0-preview1-0250 148 11/9/2022
6.3.1 334 12/15/2022
6.3.0 678 7/1/2022
6.2.1 533 6/13/2022
6.2.0 474 6/12/2022
6.1.0 513 5/29/2022
6.0.1 494 5/24/2022
6.0.1-fix-release-6-0-01-0002 176 5/24/2022
6.0.0 496 5/21/2022
5.0.0-preview1-0264 178 5/21/2022
5.0.0-preview1-0020 197 5/8/2022
5.0.0-preview1-0019 180 5/8/2022
5.0.0-preview1-0018 180 5/7/2022
5.0.0-preview1-0017 189 5/7/2022
5.0.0-merge-release4-6-61-0194 165 5/12/2022
4.7.0-preview1-0125 180 4/23/2022
4.6.6 461 5/12/2022
4.6.5 583 4/28/2022
4.6.4 532 4/21/2022
4.6.3 543 4/14/2022
4.6.2 605 4/2/2022
4.6.1 581 3/31/2022
4.6.0 544 3/30/2022
4.5.3 606 3/23/2022
4.5.2 607 3/19/2022
4.5.1 560 3/17/2022
4.5.0 562 3/13/2022
4.4.0 658 2/13/2022
4.3.3 642 2/9/2022
4.3.2 664 2/3/2022
4.3.1 638 1/28/2022
4.3.0 651 1/17/2022
4.2.0 857 10/17/2021
4.1.0 907 10/13/2021
4.0.1 821 10/9/2021
4.0.0 865 9/21/2021
4.0.0-preview1-0046 325 9/18/2021
4.0.0-preview1-0003 285 9/18/2021
4.0.0-preview1-0002 306 9/18/2021