Aguacongas.IdentityServer.WsFederation.IS4 7.0.0-preview1-0250

This is a prerelease version of Aguacongas.IdentityServer.WsFederation.IS4.
dotnet add package Aguacongas.IdentityServer.WsFederation.IS4 --version 7.0.0-preview1-0250
NuGet\Install-Package Aguacongas.IdentityServer.WsFederation.IS4 -Version 7.0.0-preview1-0250
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.
<PackageReference Include="Aguacongas.IdentityServer.WsFederation.IS4" Version="7.0.0-preview1-0250" />
For projects that support PackageReference, copy this XML node into the project file to reference the package.
paket add Aguacongas.IdentityServer.WsFederation.IS4 --version 7.0.0-preview1-0250
#r "nuget: Aguacongas.IdentityServer.WsFederation.IS4, 7.0.0-preview1-0250"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.
// Install Aguacongas.IdentityServer.WsFederation.IS4 as a Cake Addin
#addin nuget:?package=Aguacongas.IdentityServer.WsFederation.IS4&version=7.0.0-preview1-0250&prerelease

// Install Aguacongas.IdentityServer.WsFederation.IS4 as a Cake Tool
#tool nuget:?package=Aguacongas.IdentityServer.WsFederation.IS4&version=7.0.0-preview1-0250&prerelease

Aguacongas.IdentityServer.WsFederation.Duende

Add a WS-Federation controller to your Duende IdentityServer.

Setup

services.AddIdentityServer()
    .AddKeysRotation(options => configuration.GetSection(nameof(KeyRotationOptions))?.Bind(options));

services.AddControllersWithViews()
    .AddIdentityServerWsFederation();

WS-Fedration depends on a ISigningCredentialStore. You can register it using AddSigningCredential with a X509Certificate2 in place of AddKeysRotation if you prefer.

Usage

wsfederation/metadata returns the WS-Federation metadata document.

You can add a client to you configuration with wsfed as protocol type:

new Client
{
    ClientId = "urn:aspnetcorerp",
    ProtocolType = ProtocolTypes.WsFederation,

    RedirectUris = { "http://localhost:10314/" },
    FrontChannelLogoutUri = "http://localhost:10314/account/signoutcleanup",
    IdentityTokenLifetime = 36000,

    AllowedScopes = { "openid", "profile" }
}

And configure the client to use WS-Federation authentication:

services.AddAuthentication(options =>
{
    options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
    options.DefaultChallengeScheme = WsFederationDefaults.AuthenticationScheme;
})
    .AddCookie(options =>
    {
        options.Cookie.Name = "aspnetcorewsfed";
    })
    .AddWsFederation(options =>
    {
        options.MetadataAddress = "https://localhost:5443/wsfederation/metadata";
        options.RequireHttpsMetadata = false;

        options.Wtrealm = "urn:aspnetcorerp";

        options.SignOutWreply = "https://localhost:10315";
        options.SkipUnrecognizedRequests = true;
    });

Metadata configuration

AddIdentityServerWsFederation extension accept a IConfiguration or a WsFederationOptions parameter to configure the metadata document génération with claims lists.

mvcBuilder.AddIdentityServerWsFederation(configurationManager.GetSection(nameof(WsFederationOptions)));
"WsFederationOptions": {
  "ClaimTypesOffered": [
    {
      "Uri": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name",
      "DisplayName": "Name",
      "Description": "The unique name of the user"
    },
    {
      "Uri": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier",
      "DisplayName": "Name ID",
      "Description": "The SAML name identifier of the user"
    },
    {
      "Uri": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
      "DisplayName": "E-Mail Address",
      "Description": "The e-mail address of the user"
    },
    {
      "Uri": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname",
      "DisplayName": "Given Name",
      "Description": "The given name of the user"
    },
    {
      "Uri": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname",
      "DisplayName": "Given Name",
      "Description": "The given name of the user"
    },
    {
      "Uri": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname",
      "DisplayName": "Surname",
      "Description": "The surname of the user"
    },
    {
      "Uri": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirth",
      "DisplayName": "Birth date",
      "Description": "The birth date of the user"
    },
    {
      "Uri": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/webpage",
      "DisplayName": "Web page",
      "Description": "The wep page of the user"
    }
  ]
}

This add the ClaimTypesOffered collection to the metadata document:

<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://localhost:5443">
	<md:RoleDescriptor xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:fed="http://docs.oasis-open.org/wsfed/federation/200706" xsi:type="fed:SecurityTokenServiceType" protocolSupportEnumeration="http://docs.oasis-open.org/wsfed/federation/200706">
		<md:KeyDescriptor use="signing">
			<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
				...
			</KeyInfo>
		</md:KeyDescriptor>
		<fed:ClaimTypesOffered>
			<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" Optional="true">
				<auth:DisplayName>Name</auth:DisplayName>
				<auth:Description>The unique name of the user</auth:Description>
			</auth:ClaimType>
			<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" Optional="true">
				<auth:DisplayName>Name ID</auth:DisplayName>
				<auth:Description>The SAML name identifier of the user</auth:Description>
			</auth:ClaimType>
			<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" Optional="true">
				<auth:DisplayName>E-Mail Address</auth:DisplayName>
				<auth:Description>The e-mail address of the user</auth:Description>
			</auth:ClaimType>
			<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" Optional="true">
				<auth:DisplayName>Given Name</auth:DisplayName>
				<auth:Description>The given name of the user</auth:Description>
			</auth:ClaimType>
			<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" Optional="true">
				<auth:DisplayName>Given Name</auth:DisplayName>
				<auth:Description>The given name of the user</auth:Description>
			</auth:ClaimType>
			<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" Optional="true">
				<auth:DisplayName>Surname</auth:DisplayName>
				<auth:Description>The surname of the user</auth:Description>
			</auth:ClaimType>
			<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirth" Optional="true">
				<auth:DisplayName>Birth date</auth:DisplayName>
				<auth:Description>The birth date of the user</auth:Description>
			</auth:ClaimType>
			<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/webpage" Optional="true">
				<auth:DisplayName>Web page</auth:DisplayName>
				<auth:Description>The wep page of the user</auth:Description>
			</auth:ClaimType>
		</fed:ClaimTypesOffered>
		<fed:PassiveRequestorEndpoint>
			<wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing">
				<wsa:Address>https://localhost:5443/WsFederation</wsa:Address>
			</wsa:EndpointReference>
		</fed:PassiveRequestorEndpoint>
	</md:RoleDescriptor>
	<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
		...
	</Signature>
</md:EntityDescriptor>

You can also manage the ClaimTypesRequested and the TokenTypesOffered collections.

You can implement your IMetatdataSerializer if needed.

Implement your store

To access data the IWsFederationService use a IRelyingPartyStore. You can implement this interface and provide your implementation to the DI to ovveride the default IRelyingPartyStore implementation.

/// <summary>
/// Custom IRelyingPartyStore implementation
/// </summary>
/// <seealso cref="IRelyingPartyStore" />
public class MyRelyingPartyStore : IRelyingPartyStore
{
    private readonly IAdminStore<Entity.Client> _clientStore;
    private readonly IAdminStore<Entity.RelyingParty> _relyingPartyStore;

    /// <summary>
    /// Initializes a new instance of the <see cref="RelyingPartyStore" /> class.
    /// </summary>
    /// <param name="clientStore">The client store.</param>
    /// <param name="relyingPartyStore">The relying party store.</param>
    /// <exception cref="ArgumentNullException">adminStore</exception>
    public MyRelyingPartyStore(IAdminStore<Entity.Client> clientStore, IAdminStore<Entity.RelyingParty> relyingPartyStore)
    {
        _clientStore = clientStore ?? throw new ArgumentNullException(nameof(clientStore));
        _relyingPartyStore = relyingPartyStore ?? throw new ArgumentNullException(nameof(relyingPartyStore));
    }

    /// <summary>
    /// Finds the relying party by realm.
    /// </summary>
    /// <param name="realm">The realm.</param>
    /// <returns></returns>
    public async Task<RelyingParty> FindRelyingPartyByRealm(string realm)
    {
        var client = await _clientStore.GetAsync(realm, null).ConfigureAwait(false);
        var relyingPartyId = client.RelyingPartyId;
        var entity = await _relyingPartyStore.GetAsync(relyingPartyId, new GetRequest
        {
            Expand = nameof(Entity.RelyingParty.ClaimMappings)
        }).ConfigureAwait(false);

        if (entity == null)
        {
            return null;
        }

        return new RelyingParty
        {
            ClaimMapping = entity.ClaimMappings.ToDictionary(m => m.FromClaimType, m => m.ToClaimType),
            DigestAlgorithm = entity.DigestAlgorithm,
            EncryptionCertificate = entity.EncryptionCertificate != null ? new X509Certificate2(entity.EncryptionCertificate) : null,
            Realm = entity.Id,
            SamlNameIdentifierFormat = entity.SamlNameIdentifierFormat,
            SignatureAlgorithm = entity.SignatureAlgorithm,
            TokenType = entity.TokenType
        };
    }
}

The DI configuration become:

services.AddIdentityServer()
    .AddKeysRotation(options => configuration.GetSection(nameof(KeyRotationOptions))?.Bind(options));

services.AddControllersWithViews()
    .AddIdentityServerWsFederation();

services.AddTransient<IRelyingPartyStore, MyRelyingPartyStore>();
Product Compatible and additional computed target framework versions.
.NET net7.0 is compatible.  net7.0-android was computed.  net7.0-ios was computed.  net7.0-maccatalyst was computed.  net7.0-macos was computed.  net7.0-tvos was computed.  net7.0-windows was computed.  net8.0 was computed.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last updated
7.0.0-preview1-0250 157 11/9/2022
6.3.0 762 7/1/2022
6.2.1 567 6/13/2022
6.2.0 518 6/12/2022
6.1.0 540 5/29/2022
6.0.1 535 5/24/2022
6.0.1-fix-release-6-0-01-0002 186 5/24/2022
6.0.0 545 5/21/2022
5.0.0-preview1-0264 161 5/21/2022
5.0.0-preview1-0020 215 5/8/2022
5.0.0-preview1-0019 211 5/8/2022
5.0.0-preview1-0018 187 5/7/2022
5.0.0-preview1-0017 197 5/7/2022
5.0.0-merge-release4-6-61-0194 181 5/12/2022
4.7.0-preview1-0125 179 4/23/2022
4.6.6 516 5/12/2022
4.6.5 598 4/28/2022
4.6.4 585 4/21/2022
4.6.3 562 4/14/2022
4.6.2 608 4/2/2022
4.6.1 624 3/31/2022
4.6.0 579 3/30/2022
4.5.3 612 3/23/2022
4.5.2 606 3/19/2022
4.5.1 600 3/17/2022
4.5.0 611 3/13/2022
4.4.0 694 2/13/2022
4.3.3 639 2/9/2022
4.3.2 683 2/3/2022
4.3.1 679 1/28/2022
4.3.0 678 1/17/2022
4.2.0 1,092 10/17/2021
4.1.0 874 10/13/2021
4.0.1 886 10/9/2021
4.0.0 862 9/21/2021
4.0.0-preview1-0046 306 9/20/2021