// This method gets called by the runtime. Use this method to add services to the container. public void ConfigureServices(IServiceCollection services) { services.Configure <CookiePolicyOptions>(options => { // This lambda determines whether user consent for non-essential cookies is needed for a given request. options.CheckConsentNeeded = context => true; options.MinimumSameSitePolicy = SameSiteMode.None; }); services.Configure <Settings>(Configuration.GetSection("Settings")); services.Configure <Settings>(settings => { foreach (var rp in settings.RelyingParties) { var entityDescriptor = new EntityDescriptor(); entityDescriptor.ReadSPSsoDescriptorFromUrl(new Uri(rp.SpMetadata)); if (entityDescriptor.SPSsoDescriptor != null) { rp.Issuer = entityDescriptor.EntityId; rp.SingleSignOnDestination = entityDescriptor.SPSsoDescriptor.AssertionConsumerServices.First().Location; var singleLogoutService = entityDescriptor.SPSsoDescriptor.SingleLogoutServices.First(); rp.SingleLogoutDestination = singleLogoutService.Location; rp.SingleLogoutResponseDestination = singleLogoutService.ResponseLocation ?? singleLogoutService.Location; rp.SignatureValidationCertificate = entityDescriptor.SPSsoDescriptor.SigningCertificates.First(); if (entityDescriptor.SPSsoDescriptor.EncryptionCertificates?.Count() > 0) { rp.EncryptionCertificate = entityDescriptor.SPSsoDescriptor.EncryptionCertificates.First(); } } else { throw new Exception("IdPSsoDescriptor not loaded from metadata."); } } }); services.Configure <Saml2Configuration>(Configuration.GetSection("Saml2")); services.Configure <Saml2Configuration>(saml2Configuration => { saml2Configuration.SigningCertificate = TestCertificate.GetSelfSignedCertificate(AppEnvironment.ContentRootPath, "test-sign-cert"); saml2Configuration.AllowedAudienceUris.Add(saml2Configuration.Issuer); }); services.AddTransient <IdPSessionCookieRepository>(); services.AddSaml2(); services.AddControllersWithViews(); services.AddHttpContextAccessor(); }
// This method gets called by the runtime. Use this method to add services to the container. public void ConfigureServices(IServiceCollection services) { services.Configure <CookiePolicyOptions>(options => { // This lambda determines whether user consent for non-essential cookies is needed for a given request. options.CheckConsentNeeded = context => true; options.MinimumSameSitePolicy = SameSiteMode.None; }); services.AddTransient <IdPSelectionCookieRepository>(); services.Configure <Settings>(Configuration.GetSection("Settings")); services.Configure <Saml2Configuration>(Configuration.GetSection("Saml2")); services.Configure <Saml2Configuration>(saml2Configuration => { //saml2Configuration.SignAuthnRequest = true; saml2Configuration.SigningCertificate = TestCertificate.GetSelfSignedCertificate(AppEnvironment.ContentRootPath, "test-sign-cert"); saml2Configuration.AllowedAudienceUris.Add(saml2Configuration.Issuer); var entityDescriptor = new EntityDescriptor(); entityDescriptor.ReadIdPSsoDescriptorFromUrl(new Uri(Configuration["Saml2:IdPMetadata"])); if (entityDescriptor.IdPSsoDescriptor != null) { saml2Configuration.AllowedIssuer = entityDescriptor.EntityId; saml2Configuration.SingleSignOnDestination = entityDescriptor.IdPSsoDescriptor.SingleSignOnServices.First().Location; saml2Configuration.SingleLogoutDestination = entityDescriptor.IdPSsoDescriptor.SingleLogoutServices.First().Location; saml2Configuration.SignatureValidationCertificates.AddRange(entityDescriptor.IdPSsoDescriptor.SigningCertificates); if (entityDescriptor.IdPSsoDescriptor.WantAuthnRequestsSigned.HasValue) { saml2Configuration.SignAuthnRequest = entityDescriptor.IdPSsoDescriptor.WantAuthnRequestsSigned.Value; } } else { throw new Exception("IdPSsoDescriptor not loaded from metadata."); } }); // Required SameSiteMode.None to support OpenID Connect Front channel logout services.AddSaml2("/Saml/Login", cookieSameSite: SameSiteMode.None); services.AddControllersWithViews(); services.AddHttpContextAccessor(); }