/// <summary>
/// sets up and registers ShibbolethService, AddAuthentication (Microsoft.AspNetCore.Authentication) and AddSession(Microsoft.AspNetCore.Builder)
/// </summary>
/// <param name="svc"></param>
/// <param name="configure">configuration action</param>
/// <param name="profilesFunc">function to create profiles, if null returns array containing one default httpheader processor</param>
/// <returns></returns>
public static IServiceCollection UseShibbolethService(this IServiceCollection svc, Action <IShibbolethConfig> configure, Func <IServiceProvider, IShibbolethConfig, IClaimsProfile[]> profilesFunc)
{
IShibbolethConfig config = new ShibbolethConfig();
configure(config);
svc.AddSingleton <IShibbolethService>(p =>
new ShibbolethService()
{
Config = config,
Logger = p.GetService <ILogger <IShibbolethService> >(),
Profiles = profilesFunc(p, config) ?? new IClaimsProfile[] { ClaimProfileFactory.DefaultProfile(p.GetService <ILogger <IShibbolethService> >(), config.DefaultDomain) }
});
svc.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(options =>
{
options.Cookie.Name = config.CookieName;
options.Cookie.HttpOnly = true;
options.ExpireTimeSpan = config.ExpireTimeSpan;
options.LoginPath = config.AppLoginUrl;
options.LogoutPath = config.AppLogoutUrl;
options.AccessDeniedPath = config.AccessDeniedPath;
});
svc.AddSession(options =>
{
options.IdleTimeout = config.ExpireTimeSpan;
options.Cookie.HttpOnly = true;
});
return(svc);
}
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.TryAddSingleton <IHttpContextAccessor, HttpContextAccessor>();
services.TryAddSingleton <IURLCodec, URLCodecBase64Url>();
services.AddScoped <IServiceContext, ServiceContext>();
//list of active directoru entries to be mapped into claims
var shibbolethHeaderClaims = new [] { new ClaimEntry(ClaimTypes.GivenName, "cn") };
//array of shibboleth headers to be mapped into claims
var adClaims = new [] { new ClaimEntry(ClaimTypes.Email, "mail"), new ClaimEntry("givenName", "givenName"), new ClaimEntry("surname", "sn"), new ClaimEntry("unit", "ou"), new ClaimEntry("title", "title") };
//active directory configuration setup
services.UseActiveDirectory(options =>
{
options.Server = Configuration["AD:Server"];
options.Container = Configuration["AD:Container"];
options.User = Configuration["AD:User"];
options.Password = Configuration["AD:Password"];
options.DefaultDomain = "upol.cz";
});
//shibboleth service configuration setup
services.UseShibbolethService(options =>
{
options.SSOLoginUrlFormatString = Configuration["Shibboleth:SSOLoginUrl"];
options.SSOLogoutUrl = Configuration["Shibboleth:SSOLogoutUrl"];
options.LoginCalbackAction = "/Account/LoginCallback";
options.AfterLoginPath = Configuration["Shibboleth:AfterLoginPath"];
options.AccessDeniedPath = "/Home/AccessDenied";
options.Testing = Configuration["Shibboleth:Testing"] == "true";
options.DefaultDomain = "upol.cz";
options.CookieName = "ShibbolethLogin";
options.ExpireTimeSpan = TimeSpan.FromMinutes(30);
options.HeaderRemoteUser = "******";
options.AppLoginUrl = "/Account/Login";
options.AppLogoutUrl = "/Account/Logout";
}, (svc, options) =>
{
var logger = svc.GetService <ILoggerFactory>().CreateLogger("ShibbolethInfrastructure");
var roleResolvers = new LinkedRoleResolver(
new JsonConfigRoleResolver(Path.Combine(WebHostEnvironment.ContentRootPath, "Identity/roles.json"), logger, options.DefaultDomain),
new ADRoleResolver(svc.GetService <IADConfig>()));
var customClaimsProcessor = new CustomClaimsProcessor();
var activeDirectoryClaimsProcessor = new ActiveDirectoryAttributeClaimsProcessor(svc.GetService <IADConfig>(), adClaims);
return(new IClaimsProfile[]
{
ClaimProfileFactory.DefaultProfile(logger, options.DefaultDomain).AddProcessors(new HeaderClaimsProcessor(logger, shibbolethHeaderClaims), roleResolvers, activeDirectoryClaimsProcessor, customClaimsProcessor), //default processor
ClaimProfileFactory.DefaultProfile(logger, options.DefaultDomain).AddProcessors(roleResolvers, activeDirectoryClaimsProcessor, customClaimsProcessor, new ConstClaimsProcessor(options.ExternalUserClaimType)), //external login processor
});
});
services.AddControllersWithViews(options =>
{
options.Filters.Add(typeof(ShibbolethAutoSinginSignOffFilter));
});
}
/// <summary>
/// sets up and registers ShibbolethService only
/// </summary>
/// <param name="svc"></param>
/// <param name="configure">configuration action</param>
/// <param name="profilesFunc">function to create profiles, if null returns array containing one default httpheader processor</param>
/// <returns></returns>
public static IServiceCollection UseShibbolethServiceOnly(this IServiceCollection svc, Action <IShibbolethConfig> configure, Func <IServiceProvider, IShibbolethConfig, IClaimsProfile[]> profilesFunc)
{
IShibbolethConfig config = new ShibbolethConfig();
configure(config);
svc.AddSingleton <IShibbolethService>(p =>
new ShibbolethService()
{
Config = config,
Logger = p.GetService <ILogger <IShibbolethService> >(),
Profiles = profilesFunc(p, config) ?? new IClaimsProfile[] { ClaimProfileFactory.DefaultProfile(p.GetService <ILogger <IShibbolethService> >(), config.DefaultDomain) }
});
return(svc);
}