Aguacongas.IdentityServer.WsFederation.Duende
5.0.0-preview1-0020
See the version list below for details.
dotnet add package Aguacongas.IdentityServer.WsFederation.Duende --version 5.0.0-preview1-0020
NuGet\Install-Package Aguacongas.IdentityServer.WsFederation.Duende -Version 5.0.0-preview1-0020
<PackageReference Include="Aguacongas.IdentityServer.WsFederation.Duende" Version="5.0.0-preview1-0020" />
paket add Aguacongas.IdentityServer.WsFederation.Duende --version 5.0.0-preview1-0020
#r "nuget: Aguacongas.IdentityServer.WsFederation.Duende, 5.0.0-preview1-0020"
// Install Aguacongas.IdentityServer.WsFederation.Duende as a Cake Addin #addin nuget:?package=Aguacongas.IdentityServer.WsFederation.Duende&version=5.0.0-preview1-0020&prerelease // Install Aguacongas.IdentityServer.WsFederation.Duende as a Cake Tool #tool nuget:?package=Aguacongas.IdentityServer.WsFederation.Duende&version=5.0.0-preview1-0020&prerelease
Aguacongas.IdentityServer.WsFederation.Duende
Add a WS-Federation controller to your Duende IdentityServer.
Setup
services.AddIdentityServer()
.AddKeysRotation(options => configuration.GetSection(nameof(KeyRotationOptions))?.Bind(options));
services.AddControllersWithViews()
.AddIdentityServerWsFederation();
WS-Fedration depends on a
ISigningCredentialStore
. You can register it usingAddSigningCredential
with aX509Certificate2
in place ofAddKeysRotation
if you prefer.
Usage
wsfederation/metadata
returns the WS-Federation metadata document.
You can add a client to you configuration with wsfed as protocol type:
new Client
{
ClientId = "urn:aspnetcorerp",
ProtocolType = ProtocolTypes.WsFederation,
RedirectUris = { "http://localhost:10314/" },
FrontChannelLogoutUri = "http://localhost:10314/account/signoutcleanup",
IdentityTokenLifetime = 36000,
AllowedScopes = { "openid", "profile" }
}
And configure the client to use WS-Federation authentication:
services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = WsFederationDefaults.AuthenticationScheme;
})
.AddCookie(options =>
{
options.Cookie.Name = "aspnetcorewsfed";
})
.AddWsFederation(options =>
{
options.MetadataAddress = "https://localhost:5443/wsfederation/metadata";
options.RequireHttpsMetadata = false;
options.Wtrealm = "urn:aspnetcorerp";
options.SignOutWreply = "https://localhost:10315";
options.SkipUnrecognizedRequests = true;
});
Metadata configuration
AddIdentityServerWsFederation
extension accept a IConfiguration
or a WsFederationOptions
parameter to configure the metadata document génération with claims lists.
mvcBuilder.AddIdentityServerWsFederation(configurationManager.GetSection(nameof(WsFederationOptions)));
"WsFederationOptions": {
"ClaimTypesOffered": [
{
"Uri": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name",
"DisplayName": "Name",
"Description": "The unique name of the user"
},
{
"Uri": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier",
"DisplayName": "Name ID",
"Description": "The SAML name identifier of the user"
},
{
"Uri": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
"DisplayName": "E-Mail Address",
"Description": "The e-mail address of the user"
},
{
"Uri": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname",
"DisplayName": "Given Name",
"Description": "The given name of the user"
},
{
"Uri": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname",
"DisplayName": "Given Name",
"Description": "The given name of the user"
},
{
"Uri": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname",
"DisplayName": "Surname",
"Description": "The surname of the user"
},
{
"Uri": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirth",
"DisplayName": "Birth date",
"Description": "The birth date of the user"
},
{
"Uri": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/webpage",
"DisplayName": "Web page",
"Description": "The wep page of the user"
}
]
}
This add the ClaimTypesOffered collection to the metadata document:
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://localhost:5443">
<md:RoleDescriptor xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:fed="http://docs.oasis-open.org/wsfed/federation/200706" xsi:type="fed:SecurityTokenServiceType" protocolSupportEnumeration="http://docs.oasis-open.org/wsfed/federation/200706">
<md:KeyDescriptor use="signing">
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
...
</KeyInfo>
</md:KeyDescriptor>
<fed:ClaimTypesOffered>
<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" Optional="true">
<auth:DisplayName>Name</auth:DisplayName>
<auth:Description>The unique name of the user</auth:Description>
</auth:ClaimType>
<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" Optional="true">
<auth:DisplayName>Name ID</auth:DisplayName>
<auth:Description>The SAML name identifier of the user</auth:Description>
</auth:ClaimType>
<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" Optional="true">
<auth:DisplayName>E-Mail Address</auth:DisplayName>
<auth:Description>The e-mail address of the user</auth:Description>
</auth:ClaimType>
<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" Optional="true">
<auth:DisplayName>Given Name</auth:DisplayName>
<auth:Description>The given name of the user</auth:Description>
</auth:ClaimType>
<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" Optional="true">
<auth:DisplayName>Given Name</auth:DisplayName>
<auth:Description>The given name of the user</auth:Description>
</auth:ClaimType>
<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" Optional="true">
<auth:DisplayName>Surname</auth:DisplayName>
<auth:Description>The surname of the user</auth:Description>
</auth:ClaimType>
<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirth" Optional="true">
<auth:DisplayName>Birth date</auth:DisplayName>
<auth:Description>The birth date of the user</auth:Description>
</auth:ClaimType>
<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/webpage" Optional="true">
<auth:DisplayName>Web page</auth:DisplayName>
<auth:Description>The wep page of the user</auth:Description>
</auth:ClaimType>
</fed:ClaimTypesOffered>
<fed:PassiveRequestorEndpoint>
<wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing">
<wsa:Address>https://localhost:5443/WsFederation</wsa:Address>
</wsa:EndpointReference>
</fed:PassiveRequestorEndpoint>
</md:RoleDescriptor>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
...
</Signature>
</md:EntityDescriptor>
You can also manage the ClaimTypesRequested
and the TokenTypesOffered
collections.
You can implement your IMetatdataSerializer
if needed.
Implement your store
To access data the IWsFederationService
use a IRelyingPartyStore
. You can implement this interface and provide your implementation to the DI to ovveride the default IRelyingPartyStore
implementation.
/// <summary>
/// Custom IRelyingPartyStore implementation
/// </summary>
/// <seealso cref="IRelyingPartyStore" />
public class MyRelyingPartyStore : IRelyingPartyStore
{
private readonly IAdminStore<Entity.Client> _clientStore;
private readonly IAdminStore<Entity.RelyingParty> _relyingPartyStore;
/// <summary>
/// Initializes a new instance of the <see cref="RelyingPartyStore" /> class.
/// </summary>
/// <param name="clientStore">The client store.</param>
/// <param name="relyingPartyStore">The relying party store.</param>
/// <exception cref="ArgumentNullException">adminStore</exception>
public MyRelyingPartyStore(IAdminStore<Entity.Client> clientStore, IAdminStore<Entity.RelyingParty> relyingPartyStore)
{
_clientStore = clientStore ?? throw new ArgumentNullException(nameof(clientStore));
_relyingPartyStore = relyingPartyStore ?? throw new ArgumentNullException(nameof(relyingPartyStore));
}
/// <summary>
/// Finds the relying party by realm.
/// </summary>
/// <param name="realm">The realm.</param>
/// <returns></returns>
public async Task<RelyingParty> FindRelyingPartyByRealm(string realm)
{
var client = await _clientStore.GetAsync(realm, null).ConfigureAwait(false);
var relyingPartyId = client.RelyingPartyId;
var entity = await _relyingPartyStore.GetAsync(relyingPartyId, new GetRequest
{
Expand = nameof(Entity.RelyingParty.ClaimMappings)
}).ConfigureAwait(false);
if (entity == null)
{
return null;
}
return new RelyingParty
{
ClaimMapping = entity.ClaimMappings.ToDictionary(m => m.FromClaimType, m => m.ToClaimType),
DigestAlgorithm = entity.DigestAlgorithm,
EncryptionCertificate = entity.EncryptionCertificate != null ? new X509Certificate2(entity.EncryptionCertificate) : null,
Realm = entity.Id,
SamlNameIdentifierFormat = entity.SamlNameIdentifierFormat,
SignatureAlgorithm = entity.SignatureAlgorithm,
TokenType = entity.TokenType
};
}
}
The DI configuration become:
services.AddIdentityServer()
.AddKeysRotation(options => configuration.GetSection(nameof(KeyRotationOptions))?.Bind(options));
services.AddControllersWithViews()
.AddIdentityServerWsFederation();
services.AddTransient<IRelyingPartyStore, MyRelyingPartyStore>();
Product | Versions Compatible and additional computed target framework versions. |
---|---|
.NET | net6.0 is compatible. net6.0-android was computed. net6.0-ios was computed. net6.0-maccatalyst was computed. net6.0-macos was computed. net6.0-tvos was computed. net6.0-windows was computed. net7.0 was computed. net7.0-android was computed. net7.0-ios was computed. net7.0-maccatalyst was computed. net7.0-macos was computed. net7.0-tvos was computed. net7.0-windows was computed. net8.0 was computed. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. |
-
net6.0
- Aguacongas.IdentityServer.Duende (>= 5.0.0-preview1-0020)
- Aguacongas.IdentityServer.KeysRotation.Duende (>= 5.0.0-preview1-0020)
- Aguacongas.IdentityServer.WsFederation (>= 5.0.0-preview1-0020)
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.
Version | Downloads | Last updated |
---|---|---|
8.2.0 | 79 | 11/9/2024 |
8.1.1 | 72 | 11/9/2024 |
8.1.0-preview57- | 63 | 11/3/2024 |
8.0.1 | 512 | 9/22/2024 |
8.0.0 | 487 | 3/9/2024 |
8.0.0-preview1-0001 | 226 | 11/18/2023 |
7.4.6 | 485 | 10/28/2023 |
7.4.5 | 178 | 10/12/2023 |
7.4.4 | 295 | 8/10/2023 |
7.4.3 | 214 | 7/20/2023 |
7.4.2 | 227 | 7/13/2023 |
7.4.1 | 213 | 6/15/2023 |
7.4.0 | 172 | 6/4/2023 |
7.3.0 | 258 | 4/13/2023 |
7.3.0-preview1-0073 | 124 | 4/10/2023 |
7.2.2 | 267 | 3/20/2023 |
7.2.1 | 427 | 3/16/2023 |
7.1.2 | 337 | 2/3/2023 |
7.1.1 | 333 | 1/26/2023 |
7.1.0 | 308 | 1/21/2023 |
7.0.3 | 286 | 1/18/2023 |
7.0.2 | 354 | 12/15/2022 |
7.0.1 | 371 | 11/23/2022 |
7.0.0 | 345 | 11/21/2022 |
7.0.0-preview1-0250 | 148 | 11/9/2022 |
6.3.1 | 334 | 12/15/2022 |
6.3.0 | 678 | 7/1/2022 |
6.2.1 | 533 | 6/13/2022 |
6.2.0 | 474 | 6/12/2022 |
6.1.0 | 513 | 5/29/2022 |
6.0.1 | 494 | 5/24/2022 |
6.0.1-fix-release-6-0-01-0002 | 176 | 5/24/2022 |
6.0.0 | 496 | 5/21/2022 |
5.0.0-preview1-0264 | 178 | 5/21/2022 |
5.0.0-preview1-0020 | 197 | 5/8/2022 |
5.0.0-preview1-0019 | 180 | 5/8/2022 |
5.0.0-preview1-0018 | 180 | 5/7/2022 |
5.0.0-preview1-0017 | 189 | 5/7/2022 |
5.0.0-merge-release4-6-61-0194 | 165 | 5/12/2022 |
4.7.0-preview1-0125 | 180 | 4/23/2022 |
4.6.6 | 461 | 5/12/2022 |
4.6.5 | 583 | 4/28/2022 |
4.6.4 | 532 | 4/21/2022 |
4.6.3 | 543 | 4/14/2022 |
4.6.2 | 605 | 4/2/2022 |
4.6.1 | 581 | 3/31/2022 |
4.6.0 | 544 | 3/30/2022 |
4.5.3 | 606 | 3/23/2022 |
4.5.2 | 607 | 3/19/2022 |
4.5.1 | 560 | 3/17/2022 |
4.5.0 | 562 | 3/13/2022 |
4.4.0 | 658 | 2/13/2022 |
4.3.3 | 642 | 2/9/2022 |
4.3.2 | 664 | 2/3/2022 |
4.3.1 | 638 | 1/28/2022 |
4.3.0 | 651 | 1/17/2022 |
4.2.0 | 857 | 10/17/2021 |
4.1.0 | 907 | 10/13/2021 |
4.0.1 | 821 | 10/9/2021 |
4.0.0 | 865 | 9/21/2021 |
4.0.0-preview1-0046 | 325 | 9/18/2021 |
4.0.0-preview1-0003 | 285 | 9/18/2021 |
4.0.0-preview1-0002 | 306 | 9/18/2021 |