Skip to content

ellenfieldn/IdentityServer4.WsFederation

BranchesTags

Repository files navigation

IdentityServer4.WsFederation

Plugin for IdentityServer4 that enables IdentityServer to function as a Ws-Federation Identity Provider.

Build status

Getting Started

The easiest way to get started is to:

  1. Clone the IdentityServer4.Quickstart project of your choice (unless you plan to build the UI from scratch)
  2. Install the IdentityServer4.Contrib.WsFederation package.
  3. Configure Startup.cs as below

Also, see the Samples folders for a working server (src/SampleServer) and client (src/SampleClient).

The code

Do the following in Startup.cs to use this plugin with Asp.net Core. If you don't use MVC, obviously take that out.

public void ConfigureServices(IServiceCollection services)
{
    services.AddMvc();
    // If you don't manually specify the digest and signature algorithms, it'll fail.
    var certificate = new X509Certificate2("IdentityServer4.WsFederation.Testing.pfx", "pw");
    var signingCredentials = new SigningCredentials(new X509SecurityKey(certificate), SecurityAlgorithms.RsaSha256Signature, SecurityAlgorithms.Sha256Digest);

    var builder = services.AddIdentityServer(options => 
    {
        options.IssuerUri = "urn:idsrv4:wsfed:server:sample";
    })
    .AddSigningCredential(signingCredentials) // Must use this overload.
    .AddTestUsers(TestUsers.Users)
    .AddInMemoryClients(Clients.TestClients)
    .AddInMemoryApiResources(new List<ApiResource>())
    .AddWsFederation();
}

public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
    //OtherStuff
    app.UseIdentityServer();
    // app.UseMvc.....
}

Supported Functionality

Right now, this library is in alpha. Consequently, only a subset of the WsFederation standard is supported. It's also likely that some features of IdentityServer aren't well integrated yet.

Supported Workflows

  • Signin
  • Metadata
  • Signout

Supported Parameters

  • wa
  • wreply
  • wctx
  • wfresh

Supported Outputs

  • wa
  • wresult
  • wctx

Something Vaguely Resembling a Roadmap

I plan to do this stuff.

Near-term features

These things are pretty much goals for the mid-term.

  • Supporting the rest of the request parameters
  • Better input validation.
  • Events.

Long-term features

These will mostly correspond to the parts of WsFederation that were not mentioned above.

  • Rst as an input parameter.
  • Pointers to the incoming rst or outgoing rstr.
  • Encryption?
  • Different token types - SAML 1.1 vs SAML 2.0

About

Full .Net Core implementation of WsFederation for IdentityServer4

Topics

security identity authentication aspnet-core identityserver4 netcore2 aspnet-core-2 wsfederation

Resources

Readme

License

Apache-2.0 license
Activity

Stars

12 stars

Watchers

4 watching

Forks

6 forks
Report repository

Releases 3

v0.2 - Signout workflow Latest
May 21, 2019
+ 2 releases

Sponsor this project

 
Learn more about GitHub Sponsors

Packages

No packages published

Languages