// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.TryAddSingleton <IHttpContextAccessor, HttpContextAccessor>();
services.TryAddSingleton <IURLCodec, URLCodecBase64Url>();
services.AddScoped <IServiceContext, ServiceContext>();
//list of active directoru entries to be mapped into claims
var shibbolethHeaderClaims = new [] { new ClaimEntry(ClaimTypes.GivenName, "cn") };
//array of shibboleth headers to be mapped into claims
var adClaims = new [] { new ClaimEntry(ClaimTypes.Email, "mail"), new ClaimEntry("givenName", "givenName"), new ClaimEntry("surname", "sn"), new ClaimEntry("unit", "ou"), new ClaimEntry("title", "title") };
//active directory configuration setup
services.UseActiveDirectory(options =>
{
options.Server = Configuration["AD:Server"];
options.Container = Configuration["AD:Container"];
options.User = Configuration["AD:User"];
options.Password = Configuration["AD:Password"];
options.DefaultDomain = "upol.cz";
});
//shibboleth service configuration setup
services.UseShibbolethService(options =>
{
options.SSOLoginUrlFormatString = Configuration["Shibboleth:SSOLoginUrl"];
options.SSOLogoutUrl = Configuration["Shibboleth:SSOLogoutUrl"];
options.LoginCalbackAction = "/Account/LoginCallback";
options.AfterLoginPath = Configuration["Shibboleth:AfterLoginPath"];
options.AccessDeniedPath = "/Home/AccessDenied";
options.Testing = Configuration["Shibboleth:Testing"] == "true";
options.DefaultDomain = "upol.cz";
options.CookieName = "ShibbolethLogin";
options.ExpireTimeSpan = TimeSpan.FromMinutes(30);
options.HeaderRemoteUser = "******";
options.AppLoginUrl = "/Account/Login";
options.AppLogoutUrl = "/Account/Logout";
}, (svc, options) =>
{
var logger = svc.GetService <ILoggerFactory>().CreateLogger("ShibbolethInfrastructure");
var roleResolvers = new LinkedRoleResolver(
new JsonConfigRoleResolver(Path.Combine(WebHostEnvironment.ContentRootPath, "Identity/roles.json"), logger, options.DefaultDomain),
new ADRoleResolver(svc.GetService <IADConfig>()));
var customClaimsProcessor = new CustomClaimsProcessor();
var activeDirectoryClaimsProcessor = new ActiveDirectoryAttributeClaimsProcessor(svc.GetService <IADConfig>(), adClaims);
return(new IClaimsProfile[]
{
ClaimProfileFactory.DefaultProfile(logger, options.DefaultDomain).AddProcessors(new HeaderClaimsProcessor(logger, shibbolethHeaderClaims), roleResolvers, activeDirectoryClaimsProcessor, customClaimsProcessor), //default processor
ClaimProfileFactory.DefaultProfile(logger, options.DefaultDomain).AddProcessors(roleResolvers, activeDirectoryClaimsProcessor, customClaimsProcessor, new ConstClaimsProcessor(options.ExternalUserClaimType)), //external login processor
});
});
services.AddControllersWithViews(options =>
{
options.Filters.Add(typeof(ShibbolethAutoSinginSignOffFilter));
});
}
public void LinkedResolver()
{
ILogger logger = NullLogger.Instance;
var jsonRoles = new JsonConfigRoleResolver(Path.Combine(Directory.GetParent(Environment.CurrentDirectory).Parent.Parent.FullName, "roles.json"), logger);
var linkedResolver = new LinkedRoleResolver(jsonRoles, new ADRoleResolver(new ADConfig(logger)));
Assert.AreEqual(linkedResolver.GetUserRoles("user1", new string[] { }).Count(), 2);
Assert.IsTrue(linkedResolver.IsInRole("user4", "student", new string[] { }));
Assert.IsFalse(linkedResolver.IsInRole("user5", "employee", new string[] { }));
Assert.AreEqual(linkedResolver.GetUserRoles("user8", new string[] { "zamestnanec", "student" }).Count(), 2);
Assert.IsNotNull(linkedResolver.GetUserRoles("user8", new string[] { }));
}