public HelseIdClientOptions GetClientConfiguration() { var authority = AuthoritiesComboBox.SelectedValue as string; var clientId = ClientIdTextBox.Text.Trim(); var scope = ConfiguredScopes.ToSpaceSeparatedList(); var secret = SecretTextBox.Text; var redirectUrl = RedirectUrlTextBox.Text; var preselectIdP = PreselectIdpTextBox.Text; var options = new HelseIdClientOptions() { Authority = authority, ClientId = clientId, RedirectUri = redirectUrl, Scope = scope, ClientSecret = secret, PreselectIdp = preselectIdP }; if (UseADFSCheckBox.IsChecked.HasValue && UseADFSCheckBox.IsChecked.Value) { options.Policy = new Policy() { RequireAccessTokenHash = false, //ADFS 2016 spesific code - don't require hash for access_token }; } options.BrowserTimeout = TimeSpan.FromSeconds(5); options.Flow = OidcClientOptions.AuthenticationFlow.Hybrid; return(options); }
private void OkButton_Click(object sender, RoutedEventArgs e) { UpdateSelected(PresetComboBox.SelectedItem as Setting); Config.Save(Settings.ToList()); _options = GetClientConfiguration(); var name = NameTextBox.Text; OptionsChanged?.Invoke(this, new OidcOptionsChangedEventArgs(_options, ConfiguredScopes, name)); DialogResult = true; Close(); }
private void ConfigSettings_Click(object sender, RoutedEventArgs e) { var settingsWindow = new OidcClientSettingsWindow(_selected); settingsWindow.OptionsChanged += (s, updatedOptions) => { _selected = updatedOptions.Name; _options = updatedOptions.Options; _configuredScopes = updatedOptions.Scopes; UpdateConfigurationView(); UpdateScopesList(); }; var result = settingsWindow.ShowDialog(); }
public HomeController() { var opt = new HelseIdClientOptions { ClientId = WebConfigurationManager.AppSettings["ClientId"], ClientSecret = WebConfigurationManager.AppSettings["ClientSecret"], Authority = WebConfigurationManager.AppSettings["Authority"], RedirectUri = WebConfigurationManager.AppSettings["RedirectUri"], SigningMethod = (JwtGenerator.SigningMethod)Enum.Parse(typeof(JwtGenerator.SigningMethod), WebConfigurationManager.AppSettings["SigningMethod"]), CertificateThumbprint = WebConfigurationManager.AppSettings["CertificateThumbprint"], PreselectIdp = WebConfigurationManager.AppSettings["PreselectIdp"], }; _client = new HelseIdClient(opt); }
public async Task <TokenResponse> RsaSignIn(string clientId, string scope) { var options = new HelseIdClientOptions { Authority = _settings.Authority, ClientId = clientId, RedirectUri = _settings.RedirectUri, Scope = scope, FilterClaims = false, Flow = OidcClientOptions.AuthenticationFlow.AuthorizationCode, ResponseMode = OidcClientOptions.AuthorizeResponseMode.Redirect, SigningMethod = Common.Jwt.JwtGenerator.SigningMethod.RsaSecurityKey }; var client = new HelseIdClient(options); var result = await client.ClientCredentialsSignIn(); return(result); }
public async Task <string> SignIn() { var options = new HelseIdClientOptions { Authority = _settings.Authority, ClientId = _settings.ClientId, RedirectUri = _settings.RedirectUri, Scope = "openid profile helseid://scopes/client/dcr https://ehelse.no/kjernejournal/nokkeladmin_api", FilterClaims = false, Flow = OidcClientOptions.AuthenticationFlow.AuthorizationCode, ResponseMode = OidcClientOptions.AuthorizeResponseMode.Redirect, CertificateThumbprint = _settings.Thumbprint, SigningMethod = Common.Jwt.JwtGenerator.SigningMethod.X509EnterpriseSecurityKey }; var client = new HelseIdClient(options); var result = await client.Login(); return(result.AccessToken); }
public async Task <string> SignIn() { var options = new HelseIdClientOptions { Authority = _settings.Authority, ClientId = _settings.ClientId, RedirectUri = _settings.RedirectUri, Scope = new[] { StandardScopes.OpenId, StandardScopes.Profile, ClientScopes.Dcr, ClientScopes.Kj }.ToSpaceSeparatedList(), FilterClaims = false, Flow = OidcClientOptions.AuthenticationFlow.AuthorizationCode, ResponseMode = OidcClientOptions.AuthorizeResponseMode.Redirect, CertificateThumbprint = _settings.Thumbprint, LoadProfile = false, SigningMethod = Common.Jwt.JwtGenerator.SigningMethod.X509EnterpriseSecurityKey }; var client = new HelseIdClient(options); var result = await client.Login(); return(result.AccessToken); }
public LoginWindow(HelseIdClientOptions options) { InitializeComponent(); _clientOptions = options; }
public void ConfigureServices(IServiceCollection services) { var settings = Config.Setting(); services.AddMvc(); var opt = new HelseIdClientOptions { ClientId = settings.ClientId, ClientSecret = settings.ClientSecret, Authority = settings.Authority, RedirectUri = settings.RedirectUri, PostLogoutRedirectUri = settings.PostLogoutRedirectUri, SigningMethod = (JwtGenerator.SigningMethod)Enum.Parse(typeof(JwtGenerator.SigningMethod), settings.SigningMethod), CertificateThumbprint = settings.CertificateThumbprint, Scope = settings.Scope }; var client = new HelseIdClient(opt); services.AddSingleton <IHelseIdClient>(client); services.AddAuthentication(options => { options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme; options.DefaultChallengeScheme = "oidc"; }) .AddCookie(options => { options.ExpireTimeSpan = TimeSpan.FromMinutes(60); options.Cookie.Name = "HelseId.Clients.Core.MvcHybrid"; }) .AddOpenIdConnect("oidc", options => { options.Authority = settings.Authority; options.RequireHttpsMetadata = true; options.ClientSecret = settings.ClientSecret; options.ClientId = settings.ClientId; options.ResponseType = settings.ResponseType; options.Scope.Clear(); foreach (var scope in settings.Scope.FromSpaceSeparatedToList()) { options.Scope.Add(scope); } options.GetClaimsFromUserInfoEndpoint = true; options.SaveTokens = true; options.Events = new OpenIdConnectEvents { OnAuthorizationCodeReceived = async ctx => { var result = await client.AcquireTokenByAuthorizationCodeAsync(ctx.ProtocolMessage.Code); var response = new OpenIdConnectMessage { AccessToken = result.AccessToken, IdToken = result.IdentityToken, RefreshToken = result.RefreshToken }; ctx.HandleCodeRedemption(response); }, OnRedirectToIdentityProvider = redirectContext => { var provider = settings.IdentityProvider; var level = settings.OnlyLevel4 ? "Level4" : string.Empty; var testPid = settings.TestPid; var testHprNumber = settings.TestHprNumber; var testSecurityLevel = settings.TestSecurityLevel; var prompt = settings.ForceLogin ? "login" : string.Empty; if (!string.IsNullOrWhiteSpace(provider)) { redirectContext.ProtocolMessage.AcrValues = $"idp:{provider} {level}"; } else if (!string.IsNullOrWhiteSpace(level)) { redirectContext.ProtocolMessage.AcrValues = level; } if (!string.IsNullOrWhiteSpace(prompt)) { redirectContext.ProtocolMessage.Prompt = "login"; } if (!string.IsNullOrEmpty(testPid)) { redirectContext.ProtocolMessage.SetParameter("test_pid", testPid); if (!string.IsNullOrEmpty(testSecurityLevel)) { redirectContext.ProtocolMessage.SetParameter("test_security_level", testSecurityLevel); } } if (!string.IsNullOrEmpty(testHprNumber)) { redirectContext.ProtocolMessage.SetParameter("test_hpr_number", testHprNumber); } return(Task.CompletedTask); } }; }); }
public OidcOptionsChangedEventArgs(HelseIdClientOptions options, List <string> configuredScopes, string name) { Options = options; Scopes = configuredScopes; Name = name; }
public void Configuration(IAppBuilder app) { var settings = Config.Setting(); app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationType = "Cookies" }); app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions { ResponseType = settings.ResponseType, SignInAsAuthenticationType = "Cookies", ClientId = settings.ClientId, ClientSecret = settings.ClientSecret, Authority = settings.Authority, RedirectUri = settings.RedirectUri, PostLogoutRedirectUri = settings.PostLogoutRedirectUri, Scope = settings.Scope, Notifications = new OpenIdConnectAuthenticationNotifications { AuthorizationCodeReceived = async n => { var opt = new HelseIdClientOptions { ClientId = n.Options.ClientId, ClientSecret = n.Options.ClientSecret, Authority = n.Options.Authority, RedirectUri = settings.RedirectUri, SigningMethod = (JwtGenerator.SigningMethod)Enum.Parse(typeof(JwtGenerator.SigningMethod), settings.SigningMethod), CertificateThumbprint = settings.CertificateThumbprint }; var client = new HelseIdClient(opt); var tokenResponse = await client.AcquireTokenByAuthorizationCodeAsync(n.ProtocolMessage.Code); //// create new identity var id = new ClaimsIdentity(n.AuthenticationTicket.Identity.AuthenticationType); id.AddClaims(n.AuthenticationTicket.Identity.Claims); id.AddClaim(new Claim("access_token", tokenResponse.AccessToken)); id.AddClaim(new Claim("expires_at", DateTime.Now.AddSeconds(tokenResponse.ExpiresIn).ToLocalTime().ToString())); id.AddClaim(new Claim("refresh_token", tokenResponse.RefreshToken)); id.AddClaim(new Claim("id_token", n.ProtocolMessage.IdToken)); id.AddClaim(new Claim("sid", n.AuthenticationTicket.Identity.FindFirst("sid").Value)); n.AuthenticationTicket = new AuthenticationTicket( new ClaimsIdentity(id.Claims, n.AuthenticationTicket.Identity.AuthenticationType), n.AuthenticationTicket.Properties); }, RedirectToIdentityProvider = redirectContext => { var provider = settings.IdentityProvider; var level = settings.OnlyLevel4 ? "Level4" : string.Empty; var testPid = settings.TestPid; var testHprNumber = settings.TestHprNumber; var testSecurityLevel = settings.TestSecurityLevel; var prompt = settings.ForceLogin ? "login" : string.Empty; if (!string.IsNullOrWhiteSpace(provider)) { redirectContext.ProtocolMessage.AcrValues = $"idp:{provider} {level}"; } else if (!string.IsNullOrWhiteSpace(level)) { redirectContext.ProtocolMessage.AcrValues = level; } if (!string.IsNullOrWhiteSpace(prompt)) { redirectContext.ProtocolMessage.Prompt = "login"; } if (!string.IsNullOrEmpty(testPid)) { redirectContext.ProtocolMessage.SetParameter("test_pid", testPid); if (!string.IsNullOrEmpty(testSecurityLevel)) { redirectContext.ProtocolMessage.SetParameter("test_security_level", testSecurityLevel); } } if (!string.IsNullOrEmpty(testHprNumber)) { redirectContext.ProtocolMessage.SetParameter("test_hpr_number", testHprNumber); } return(Task.CompletedTask); } } }); }