This is a fork of https://github.com/IdentityServer/IdentityServer4. The latest original commit of this fork is e70eac45b8ae8cf5b4e8c75496005c7198387ee3. See ChangesMade for the applied specific changes.
IdentityServer4 already included ConsolePrivateKeyJwtClient, but this standard client only included a single certificate. This was extended by the Industrie 4.0 certificate chain. By JWT and X5C this certificate chain is transmitted to the IdentityServer4. The certificate chain is checked against root-certifcates which are loaded at startup from the /root directory. The signature of the JWT is also checked by the just transmitted user certificate as part of the chain. See admin-shell-io.com/screencast with a running demo.
There is no specific release published. Please compile with build.sh or build.ps1 yourself.
For your convenience we provide docker images built and published automatically on every push to the master branch of this forked repository. The images are available on DockerHub: https://hub.docker.com/repository/docker/adminshellio/aasx-identity-server4
Pull the latest image from the repository first:
docker pull adminshellio/aasx-identity-server4
Then run the docker:
docker run \
--detach \
--network host \
--volume /path/to/certificate.pfx:/aasx-IdentityServer4/certificate.pfx \
adminshellio/aasx-identity-server4
Mind that you have to mount your PFX certificate to the container's /aasx-IdentityServer4/certificate.pfx.
(The path on the host must be an absolute one. Otherwise, the docker will silently ignore the volume!)
The password for the certificate is hard-coded to i40. For further hard-coded settings, see
src/IdentityServer4/host/appsettings.json.
The image is set to run on ports 50000 and 50001, respectively. If you need different ports, you can set them in
docker run:
docker run \
--detach \
--network host \
--volume /path/to/certificate.pfx:/aasx-IdentityServer4/certificate.pfx \
-p 12345:50000 \
-p 54321:50001 \
adminshellio/aasx-identity-server4
where 12345 and 54321 are host's ports.
An example IdentityServer4 is running on https://admin-shell-io.com:50001/.well-known/openid-configuration.
Take also a look on the Security demo on http://admin-shell-io.com/screencasts/. An authentication flow together with AASX Package Explorer and an AAS download from an AASX Server are shown in that demo. (Remark: the screencast will be updated to the actual extended implementation soon.)
IdentityServer is a free, open source OpenID Connect and OAuth 2.0 framework for ASP.NET Core. Founded and maintained by Dominick Baier and Brock Allen, IdentityServer4 incorporates all the protocol implementations and extensibility points needed to integrate token-based authentication, single-sign-on and API access control in your applications. IdentityServer4 is officially certified by the OpenID Foundation and thus spec-compliant and interoperable. It is part of the .NET Foundation, and operates under their code of conduct. It is licensed under Apache 2 (an OSI approved license).
For project documentation, please visit readthedocs.
Active development happens on the main branch. This always contains the latest version. Each (pre-) release is tagged with the corresponding version. The aspnetcore1 and aspnetcore2 branches contain the latest versions of the older ASP.NET Core based versions.
- Install the latest .NET Core 3.1 SDK
- Install Git
- Run
build.ps1orbuild.shin the root of the repo
For project documentation, please visit readthedocs.
See here for the 1.x docs, and here for the 2.x docs.
Please use the issue tracker for that. We only support the latest version for free. For older versions, you can get a commercial support agreement with us.
If you need help with implementing IdentityServer4 or your security architecture in general, there are both free and commercial support options. See here for more details.
If you are a fan of the project or a company that relies on IdentityServer, you might want to consider sponsoring. This will help us devote more time to answering questions and doing feature development. If you are interested please head to our Patreon page which has further details.
Ritter Insurance Marketing
ExtraNetUserManager
Knab
You can see a list of our current sponsors here - and for companies we have some nice advertisement options as well.
IdentityServer4 is built using the following great open source projects and free services:
..and last but not least a big thanks to all our contributors!