-
Notifications
You must be signed in to change notification settings - Fork 30
/
Startup.cs
87 lines (73 loc) · 3.47 KB
/
Startup.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
using System.Security.Cryptography.X509Certificates;
using IdentityServer4;
using IdentityServer4.Quickstart.UI;
using Microsoft.AspNetCore.Builder;
using Microsoft.Extensions.DependencyInjection;
using Rsk.AspNetCore.Authentication.Saml2p;
using Rsk.Saml.Configuration;
namespace sp
{
public class Startup
{
public void ConfigureServices(IServiceCollection services)
{
services.AddControllersWithViews();
var builder = services.AddIdentityServer(options =>
{
options.Events.RaiseErrorEvents = true;
options.Events.RaiseInformationEvents = true;
options.Events.RaiseFailureEvents = true;
options.Events.RaiseSuccessEvents = true;
})
.AddTestUsers(TestUsers.Users)
.AddInMemoryIdentityResources(Config.GetIdentityResources())
.AddInMemoryApiResources(Config.GetApis())
.AddInMemoryClients(Config.GetClients())
.AddSigningCredential(new X509Certificate2("testclient.pfx", "test"));
// OPTIONAL - only required if you want to be a SAML IdP too
builder.AddSamlPlugin(options =>
{
options.Licensee = "";
options.LicenseKey = "";
options.WantAuthenticationRequestsSigned = false;
})
.AddInMemoryServiceProviders(Config.GetServiceProviders());
// SP configuration
services.AddAuthentication()
.AddSaml2p("saml2p", options => {
options.Licensee = "";
options.LicenseKey = "";
// The IdP you want to integrate with
options.IdentityProviderOptions = new IdpOptions
{
EntityId = "https://localhost:5000",
SigningCertificates = {new X509Certificate2("idsrv3test.cer")},
SingleSignOnEndpoint = new SamlEndpoint("https://localhost:5000/saml/sso", SamlBindingTypes.HttpRedirect),
SingleLogoutEndpoint = new SamlEndpoint("https://localhost:5000/saml/slo", SamlBindingTypes.HttpRedirect),
};
// Details about yourself (the SP)
options.ServiceProviderOptions = new SpOptions
{
EntityId = "https://localhost:5001/saml",
MetadataPath = "/saml/metadata",
SignAuthenticationRequests = true, // OPTIONAL - use if you want to sign your auth requests
SigningCertificate = new X509Certificate2("testclient.pfx", "test")
};
options.NameIdClaimType = "sub";
options.CallbackPath = "/signin-saml";
options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;
});
}
public void Configure(IApplicationBuilder app)
{
app.UseHttpsRedirection();
app.UseDeveloperExceptionPage();
app.UseStaticFiles();
app.UseRouting();
app.UseIdentityServer()
.UseIdentityServerSamlPlugin(); // OPTIONAL - only required if you want to be a SAML IdP too
app.UseAuthorization();
app.UseEndpoints(endpoints => endpoints.MapDefaultControllerRoute());
}
}
}