// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.Configure <CookiePolicyOptions>(options =>
{
// This lambda determines whether user consent for non-essential cookies is needed for a given request.
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
services.Configure <Settings>(Configuration.GetSection("Settings"));
services.Configure <Settings>(settings =>
{
foreach (var rp in settings.RelyingParties)
{
var entityDescriptor = new EntityDescriptor();
entityDescriptor.ReadSPSsoDescriptorFromUrl(new Uri(rp.SpMetadata));
if (entityDescriptor.SPSsoDescriptor != null)
{
rp.Issuer = entityDescriptor.EntityId;
rp.SingleSignOnDestination = entityDescriptor.SPSsoDescriptor.AssertionConsumerServices.First().Location;
var singleLogoutService = entityDescriptor.SPSsoDescriptor.SingleLogoutServices.First();
rp.SingleLogoutDestination = singleLogoutService.Location;
rp.SingleLogoutResponseDestination = singleLogoutService.ResponseLocation ?? singleLogoutService.Location;
rp.SignatureValidationCertificate = entityDescriptor.SPSsoDescriptor.SigningCertificates.First();
if (entityDescriptor.SPSsoDescriptor.EncryptionCertificates?.Count() > 0)
{
rp.EncryptionCertificate = entityDescriptor.SPSsoDescriptor.EncryptionCertificates.First();
}
}
else
{
throw new Exception("IdPSsoDescriptor not loaded from metadata.");
}
}
});
services.Configure <Saml2Configuration>(Configuration.GetSection("Saml2"));
services.Configure <Saml2Configuration>(saml2Configuration =>
{
saml2Configuration.SigningCertificate = TestCertificate.GetSelfSignedCertificate(AppEnvironment.ContentRootPath, "test-sign-cert");
saml2Configuration.AllowedAudienceUris.Add(saml2Configuration.Issuer);
});
services.AddTransient <IdPSessionCookieRepository>();
services.AddSaml2();
services.AddControllersWithViews();
services.AddHttpContextAccessor();
}
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.Configure <CookiePolicyOptions>(options =>
{
// This lambda determines whether user consent for non-essential cookies is needed for a given request.
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
services.AddTransient <IdPSelectionCookieRepository>();
services.Configure <Settings>(Configuration.GetSection("Settings"));
services.Configure <Saml2Configuration>(Configuration.GetSection("Saml2"));
services.Configure <Saml2Configuration>(saml2Configuration =>
{
//saml2Configuration.SignAuthnRequest = true;
saml2Configuration.SigningCertificate = TestCertificate.GetSelfSignedCertificate(AppEnvironment.ContentRootPath, "test-sign-cert");
saml2Configuration.AllowedAudienceUris.Add(saml2Configuration.Issuer);
var entityDescriptor = new EntityDescriptor();
entityDescriptor.ReadIdPSsoDescriptorFromUrl(new Uri(Configuration["Saml2:IdPMetadata"]));
if (entityDescriptor.IdPSsoDescriptor != null)
{
saml2Configuration.AllowedIssuer = entityDescriptor.EntityId;
saml2Configuration.SingleSignOnDestination = entityDescriptor.IdPSsoDescriptor.SingleSignOnServices.First().Location;
saml2Configuration.SingleLogoutDestination = entityDescriptor.IdPSsoDescriptor.SingleLogoutServices.First().Location;
saml2Configuration.SignatureValidationCertificates.AddRange(entityDescriptor.IdPSsoDescriptor.SigningCertificates);
if (entityDescriptor.IdPSsoDescriptor.WantAuthnRequestsSigned.HasValue)
{
saml2Configuration.SignAuthnRequest = entityDescriptor.IdPSsoDescriptor.WantAuthnRequestsSigned.Value;
}
}
else
{
throw new Exception("IdPSsoDescriptor not loaded from metadata.");
}
});
// Required SameSiteMode.None to support OpenID Connect Front channel logout
services.AddSaml2("/Saml/Login", cookieSameSite: SameSiteMode.None);
services.AddControllersWithViews();
services.AddHttpContextAccessor();
}