// This method gets called by the runtime. Use this method to add services to the container. public void ConfigureServices(IServiceCollection services) { services.TryAddSingleton <IHttpContextAccessor, HttpContextAccessor>(); services.TryAddSingleton <IURLCodec, URLCodecBase64Url>(); services.AddScoped <IServiceContext, ServiceContext>(); //list of active directoru entries to be mapped into claims var shibbolethHeaderClaims = new [] { new ClaimEntry(ClaimTypes.GivenName, "cn") }; //array of shibboleth headers to be mapped into claims var adClaims = new [] { new ClaimEntry(ClaimTypes.Email, "mail"), new ClaimEntry("givenName", "givenName"), new ClaimEntry("surname", "sn"), new ClaimEntry("unit", "ou"), new ClaimEntry("title", "title") }; //active directory configuration setup services.UseActiveDirectory(options => { options.Server = Configuration["AD:Server"]; options.Container = Configuration["AD:Container"]; options.User = Configuration["AD:User"]; options.Password = Configuration["AD:Password"]; options.DefaultDomain = "upol.cz"; }); //shibboleth service configuration setup services.UseShibbolethService(options => { options.SSOLoginUrlFormatString = Configuration["Shibboleth:SSOLoginUrl"]; options.SSOLogoutUrl = Configuration["Shibboleth:SSOLogoutUrl"]; options.LoginCalbackAction = "/Account/LoginCallback"; options.AfterLoginPath = Configuration["Shibboleth:AfterLoginPath"]; options.AccessDeniedPath = "/Home/AccessDenied"; options.Testing = Configuration["Shibboleth:Testing"] == "true"; options.DefaultDomain = "upol.cz"; options.CookieName = "ShibbolethLogin"; options.ExpireTimeSpan = TimeSpan.FromMinutes(30); options.HeaderRemoteUser = "******"; options.AppLoginUrl = "/Account/Login"; options.AppLogoutUrl = "/Account/Logout"; }, (svc, options) => { var logger = svc.GetService <ILoggerFactory>().CreateLogger("ShibbolethInfrastructure"); var roleResolvers = new LinkedRoleResolver( new JsonConfigRoleResolver(Path.Combine(WebHostEnvironment.ContentRootPath, "Identity/roles.json"), logger, options.DefaultDomain), new ADRoleResolver(svc.GetService <IADConfig>())); var customClaimsProcessor = new CustomClaimsProcessor(); var activeDirectoryClaimsProcessor = new ActiveDirectoryAttributeClaimsProcessor(svc.GetService <IADConfig>(), adClaims); return(new IClaimsProfile[] { ClaimProfileFactory.DefaultProfile(logger, options.DefaultDomain).AddProcessors(new HeaderClaimsProcessor(logger, shibbolethHeaderClaims), roleResolvers, activeDirectoryClaimsProcessor, customClaimsProcessor), //default processor ClaimProfileFactory.DefaultProfile(logger, options.DefaultDomain).AddProcessors(roleResolvers, activeDirectoryClaimsProcessor, customClaimsProcessor, new ConstClaimsProcessor(options.ExternalUserClaimType)), //external login processor }); }); services.AddControllersWithViews(options => { options.Filters.Add(typeof(ShibbolethAutoSinginSignOffFilter)); }); }
public void LinkedResolver() { ILogger logger = NullLogger.Instance; var jsonRoles = new JsonConfigRoleResolver(Path.Combine(Directory.GetParent(Environment.CurrentDirectory).Parent.Parent.FullName, "roles.json"), logger); var linkedResolver = new LinkedRoleResolver(jsonRoles, new ADRoleResolver(new ADConfig(logger))); Assert.AreEqual(linkedResolver.GetUserRoles("user1", new string[] { }).Count(), 2); Assert.IsTrue(linkedResolver.IsInRole("user4", "student", new string[] { })); Assert.IsFalse(linkedResolver.IsInRole("user5", "employee", new string[] { })); Assert.AreEqual(linkedResolver.GetUserRoles("user8", new string[] { "zamestnanec", "student" }).Count(), 2); Assert.IsNotNull(linkedResolver.GetUserRoles("user8", new string[] { })); }