public void Properties_Map() { var model = new OidcProvider() { Enabled = false, Authority = "auth", ClientId = "client", ClientSecret = "secret", DisplayName = "name", ResponseType = "rt", Scheme = "scheme", Scope = "scope", }; var mappedEntity = model.ToEntity(); mappedEntity.DisplayName.Should().Be("name"); mappedEntity.Scheme.Should().Be("scheme"); mappedEntity.Type.Should().Be("oidc"); mappedEntity.Properties.Should().NotBeNullOrEmpty(); var mappedModel = new OidcProvider(mappedEntity.ToModel()); mappedModel.Authority.Should().Be("auth"); mappedModel.ClientId.Should().Be("client"); mappedModel.ClientSecret.Should().Be("secret"); mappedModel.DisplayName.Should().Be("name"); mappedModel.ResponseType.Should().Be("rt"); mappedModel.Scheme.Should().Be("scheme"); mappedModel.Scope.Should().Be("scope"); mappedModel.Type.Should().Be("oidc"); }
public ActionResult Index(LoginViewModel loginModel) { OidcProvider oidcProvider = new OidcProvider(); // TODO: provide proper success and error page urls through widget properties var successRedirectUrl = "http://localhost:60876/"; var errorRedirectUrl = "http://localhost:60876/"; // Get access token var token = oidcProvider.LoginUser(loginModel.Username, loginModel.Password); if (!string.IsNullOrEmpty(token.AccessToken)) { // Get user information var oidcUser = oidcProvider.GetUserInfo(token.AccessToken); if (oidcUser != null) { UserService service = new UserService(); var sitefinityUser = service.Authenticate(oidcUser); if (sitefinityUser != null) { var reason = SecurityManager.SkipAuthenticationAndLogin(sitefinityUser.ProviderName, sitefinityUser.UserName, true, successRedirectUrl, errorRedirectUrl); } } } ModelState.AddModelError(string.Empty, "Login failed"); return(View(loginModel)); }
public IActionResult Edit([FromRoute] string providerId, [FromForm] OidcProviderUpdateViewModel vm) { if (!ModelState.IsValid) { return(View(vm)); } try { OidcProvider updatedProvider = new OidcProvider(); updatedProvider.OidcProviderId = providerId.ToLower(); updatedProvider.Name = vm.Name; updatedProvider.AuthorityUrl = vm.AuthorityUrl; updatedProvider.ClientId = vm.ClientId; updatedProvider.ClientSecret = vm.ClientSecret; updatedProvider.CreationDate = DateTime.UtcNow; updatedProvider.ExpectedResponseType = vm.ExpectedResponseType; updatedProvider.RequireHttpsMetadata = vm.RequireHttpsMetadata; updatedProvider.ScopesToRequest = vm.ScopesToRequest.Split(" ").ToList(); _oidcProviderStore.Update(updatedProvider); } catch (Exception ex) { ModelState.AddModelError(string.Empty, ex.ToString()); return(View(vm)); } return(RedirectToAction(nameof(List))); }
public void CanMapIdp() { var model = new OidcProvider(); var mappedEntity = model.ToEntity(); var mappedModel = mappedEntity.ToModel(); Assert.NotNull(mappedModel); Assert.NotNull(mappedEntity); }
/// <summary> /// Performs a AccessToken Request as described in https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.3 /// </summary> public Task <OidcCodeResponse> GetTokens(string authorizationCode, OidcProvider provider, string redirect_uri) { OidcCodeResponse codeResponse = new OidcCodeResponse { AccessToken = authorizationCode, IdToken = authorizationCode }; return(Task.FromResult(codeResponse)); }
/// <summary> /// Configure the OIDC providers /// </summary> public static IServiceCollection ConfigureOidcProviders( this IServiceCollection services, IConfigurationSection section) { IEnumerable <IConfigurationSection> providerSections = section.GetChildren(); foreach (IConfigurationSection providerSection in providerSections) { OidcProvider prov = new OidcProvider(); providerSection.Bind(prov); prov.IssuerKey = providerSection.Key; services.Configure <OidcProviderSettings>(x => x.Add(prov.IssuerKey, prov)); } return(services); }
public async Task <IActionResult> Edit([FromRoute] string providerId) { OidcProvider provider = await _oidcProviderStore.GetById(providerId); OidcProviderUpdateViewModel vm = new OidcProviderUpdateViewModel(); vm.AuthorityUrl = provider.AuthorityUrl; vm.ClientId = provider.ClientId; vm.ClientSecret = provider.ClientSecret; vm.ExpectedResponseType = provider.ExpectedResponseType; vm.Name = provider.Name; vm.ProviderId = provider.OidcProviderId; vm.RequireHttpsMetadata = provider.RequireHttpsMetadata; vm.ScopesToRequest = string.Join(" ", provider.ScopesToRequest); return(View(vm)); }
public async Task correctly_populated_idp_should_succeed() { var idp = new OidcProvider { Scheme = "scheme", ClientId = "client", ClientSecret = "secret", Authority = "authority", ResponseType = "code", Scope = "openid scope", }; var ctx = new IdentityProviderConfigurationValidationContext(idp); await _validator.ValidateAsync(ctx); ctx.IsValid.Should().BeTrue(); }
public async Task when_implicit_flow_missing_clientid_should_succeed() { var idp = new OidcProvider { Scheme = "scheme", ClientId = "client", ClientSecret = "", Authority = "authority", ResponseType = "id_token", Scope = "openid scope", }; var ctx = new IdentityProviderConfigurationValidationContext(idp); await _validator.ValidateAsync(ctx); ctx.IsValid.Should().BeTrue(); }
public async Task missing_scope_should_fail() { var idp = new OidcProvider { Scheme = "scheme", ClientId = "client", ClientSecret = "secret", Authority = "authority", ResponseType = "code", Scope = "", }; var ctx = new IdentityProviderConfigurationValidationContext(idp); await _validator.ValidateAsync(ctx); ctx.IsValid.Should().BeFalse(); ctx.ErrorMessage.ToLowerInvariant().Should().Contain("scope"); }
public async Task missing_secret_should_be_allowed() { // we allow no secret because they might pull it from somewhere else var idp = new OidcProvider { Scheme = "scheme", ClientId = "client", ClientSecret = "", Authority = "authority", ResponseType = "code", Scope = "openid scope", }; var ctx = new IdentityProviderConfigurationValidationContext(idp); await _validator.ValidateAsync(ctx); ctx.IsValid.Should().BeTrue(); }
public async Task GetBySchemeAsync_should_filter_by_scheme_casing(DbContextOptions <ConfigurationDbContext> options) { using (var context = new ConfigurationDbContext(options)) { var idp = new OidcProvider { Scheme = "SCHEME3", Type = "oidc" }; context.IdentityProviders.Add(idp.ToEntity()); context.SaveChanges(); } using (var context = new ConfigurationDbContext(options)) { var store = new IdentityProviderStore(context, FakeLogger <IdentityProviderStore> .Create(), new NoneCancellationTokenProvider()); var item = await store.GetBySchemeAsync("scheme3"); item.Should().BeNull(); } }
/// <summary> /// Performs a AccessToken Request as described in https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.3 /// </summary> public async Task <OidcCodeResponse> GetTokens(string authorizationCode, OidcProvider provider, string redirect_uri) { OidcCodeResponse codeResponse = null; Dictionary <string, string> kvps = new Dictionary <string, string>(); // REQUIRED. The authorization code received from the authorization server. kvps.Add("code", authorizationCode); // REQUIRED, if the "redirect_uri" parameter was included in the // authorization request as described in Section 4.1.1, and their values MUST be identical. kvps.Add("redirect_uri", redirect_uri); // REQUIRED. Value MUST be set to "authorization_code". kvps.Add("grant_type", "authorization_code"); // REQUIRED. Value MUST be set to "client_id". kvps.Add("client_id", provider.ClientId); // Client secret. Set if configured if (!string.IsNullOrEmpty(provider.ClientSecret)) { kvps.Add("client_secret", provider.ClientSecret); } FormUrlEncodedContent formUrlEncodedContent = new FormUrlEncodedContent(kvps); HttpResponseMessage response = await _httpClient.PostAsync(provider.TokenEndpoint, formUrlEncodedContent); if (response.StatusCode == System.Net.HttpStatusCode.OK) { string content = await response.Content.ReadAsStringAsync(); codeResponse = JsonSerializer.Deserialize <OidcCodeResponse>(content); } else { _logger.LogError("Getting tokens from code failed with statuscode {StatusCode}", response.StatusCode); } return(codeResponse); }
public ActionResult Logout() { ClaimsPrincipal principal = HttpContext.User; string orgIss = principal.GetClaim(OriginalIssClaimName); OidcProvider provider = GetOidcProvider(orgIss); if (provider == null) { return(Redirect(_generalSettings.SBLLogoutEndpoint)); } CookieOptions opt = new CookieOptions() { Domain = _generalSettings.HostName, Secure = true, HttpOnly = true }; Response.Cookies.Delete(_generalSettings.SblAuthCookieName, opt); Response.Cookies.Delete(_generalSettings.JwtCookieName, opt); return(Redirect(provider.LogoutEndpoint)); }