Giters

guidmaster / Saml2.Authentication.Core

A SAML 2.0 middleware for ASP.NET Core

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Saml2.Authentication.Core

A SAML 2.0 authentication middleware for ASP.NET Core

This project is a fork of the OIOSAML.Net implementation of SAML 2.0 framework from digitaliser.dk. It has been ported and modified to support ASP.NET Core with all dependencies to ASP.NET removed.

Features

Supports the following SAML 2.0 features for Web Browser SSO and Single Logout profiles

  • HTTP Redirect Binding
    SP Redirect Request; IdP POST/Redirect Response
  • HTTP Artifact Binding
    SP Redirect Request; IdP Redirect Artifact Response
  • SP-Initiated Single Logout with Multiple SPs
  • HTTP POST Binding
  • IDP-Initiated Single Logout

Configuration

Startup

  // This method gets called by the runtime. Use this method to add services to the container.
  public void ConfigureServices(IServiceCollection services)
  {
      services.AddScoped<IUserClaimsPrincipalFactory<TUser>, DemoWebAppClaimsPrincipalFactory>();		
      services.Configure<Saml2Configuration>(Configuration.GetSection("Saml2"));

      services.AddSaml();
      services.AddSigningCertificates(
          Configuration["Saml2:ServiceProviderConfiguration:SigningCertificateThumprint"],
          Configuration["Saml2:IdentityProviderConfiguration:SigningCertificateThumprint"]);

      services.AddAuthentication()
          .AddCookie()
          .AddSaml(options => { options.SignInScheme = "SignInSchemeName"; });

      services.AddMvc();
  }

appsettings.json

"Saml2": {
    "ForceAuth": "false",
    "IsPassive": "false",
    "IdentityProviderConfiguration": {
      "EntityId": "EntityId of idp",
      "Name": "Name of idp",
      "SigningCertificateThumprint": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
      "SingleSignOnService": "https://XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
      "SingleSignOutService": "https://XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
      "ProtocolBinding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
    },
    "ServiceProviderConfiguration": {
      "EntityId": "EntityId of sp",
      "Name": "Name of sp",
      "SigningCertificateThumprint": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
    }
  }

ClaimsPrincipalFactory

The SessionIndex and Subject claims are required for SLO. These needs to be stored and availed during logout. This example keeps all the claims from the idp in session cookie if using Identity

  public class DemoWebAppClaimsPrincipalFactory : UserClaimsPrincipalFactory<ApplicationUser>
  {
      private readonly IHttpContextAccessor _httpContextAccessor;

      public DemoWebAppClaimsPrincipalFactory(UserManager<ApplicationUser> userManager,
          IOptions<IdentityOptions> optionsAccessor, IHttpContextAccessor httpContextAccessor) : base(userManager,
          optionsAccessor)
      {
          _httpContextAccessor = httpContextAccessor;
      }

      protected override async Task<ClaimsIdentity> GenerateClaimsAsync(ApplicationUser user)
      {
          var service = (SignInManager<ApplicationUser>) _httpContextAccessor.HttpContext.RequestServices.GetService(
                  typeof(SignInManager<ApplicationUser>));
          var info = await service.GetExternalLoginInfoAsync();

          var claimsIdentity = await base.GenerateClaimsAsync(user);
          claimsIdentity.AddClaims(info.Principal.Claims); 
          return claimsIdentity;
      }
  }

About

A SAML 2.0 middleware for ASP.NET Core

License:Mozilla Public License 2.0

Languages

Language:C# 93.2%Language:HTML 6.7%Language:CSS 0.1%Language:JavaScript 0.0%