Authentication 使用ComponentSpace为IdentityServer4加载动态SAML方案
我们集中了一个IdentityServer4,它将充当服务提供商,并且有多个身份提供商,如Active Directory、Google、Facebook以及基于每个租户的其他SAML提供商。i、 例如,一个服务提供商和多个身份提供商 为了从数据库中加载openId配置,我完全遵循了,它按照openId的预期工作,现在我需要以相同的方式集成SAML提供程序 我经历了来自的“SAMLv20.Core评估”,并且能够成功地使用appsettings.json进行集成 但我不确定如何按照中给出的那样以编程方式集成它 以下是我迄今为止所做的工作Authentication 使用ComponentSpace为IdentityServer4加载动态SAML方案,authentication,asp.net-core,identityserver4,saml,component-space,Authentication,Asp.net Core,Identityserver4,Saml,Component Space,我们集中了一个IdentityServer4,它将充当服务提供商,并且有多个身份提供商,如Active Directory、Google、Facebook以及基于每个租户的其他SAML提供商。i、 例如,一个服务提供商和多个身份提供商 为了从数据库中加载openId配置,我完全遵循了,它按照openId的预期工作,现在我需要以相同的方式集成SAML提供程序 我经历了来自的“SAMLv20.Core评估”,并且能够成功地使用appsettings.json进行集成 但我不确定如何按照中给出的那样以
public class AccountController : ControllerBase
{
private readonly IOptionsMonitorCache<OpenIdConnectOptions> _openIdOptionsCache;
private readonly IOptionsMonitorCache<SamlAuthenticationOptions> _samlOptionsCache;
private readonly OpenIdConnectPostConfigureOptions _postConfigureOptions;
private readonly SamlPostConfigureAuthenticationOptions _samlPostConfigureOptions;
public AccountController(
IOptionsMonitorCache<OpenIdConnectOptions> openidOptionsCache,
IOptionsMonitorCache<SamlAuthenticationOptions> samlOptionsCache,
OpenIdConnectPostConfigureOptions postConfigureOptions,
SamlPostConfigureAuthenticationOptions samlPostConfigureOptions
)
{
_openIdOptionsCache = openidOptionsCache;
_samlOptionsCache = samlOptionsCache;
_postConfigureOptions = postConfigureOptions;
_samlPostConfigureOptions = samlPostConfigureOptions;
}
private async Task<IEnumerable<AuthenticationScheme>> LoadAuthenticationSchemesByTenant(IEnumerable<AuthenticationScheme> schemes, AuthProviderSetting tenantAuthProviderSetting)
{
dynamic configJson = JsonConvert.DeserializeObject(tenantAuthProviderSetting.tenantConfigJson);
switch (tenantAuthProviderSetting.AuthenticationType)
{
case AuthenticationTypes.OpenID:
var oidcOptions = new OpenIdConnectOptions
{
SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme,
SignOutScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme,
SaveTokens = true,
Authority = configJson.Authority,
ClientId = configJson.ClientId,
ClientSecret = configJson.ClientSecret,
TokenValidationParameters = new TokenValidationParameters
{
NameClaimType = "name",
RoleClaimType = "role",
ValidateIssuer = false
}
};
_schemeProvider.AddScheme(new AuthenticationScheme(tenantAuthProviderSetting.AuthenticationScheme, tenantAuthProviderSetting.DisplayName, typeof(OpenIdConnectHandler)));
_postConfigureOptions.PostConfigure(tenantAuthProviderSetting.AuthenticationScheme, oidcOptions);
_openIdOptionsCache.TryAdd(tenantAuthProviderSetting.AuthenticationScheme, oidcOptions);
schemes = await _schemeProvider.GetAllSchemesAsync();
break;
case AuthenticationTypes.SAML:
var samlOptions = new SamlAuthenticationOptions
{
PartnerName = delegate () { return "https://ExampleIdentityProvider"; },
SingleLogoutServicePath = "https://localhost:44313/SAML/SingleLogoutService",
// Not sure how to set other parameters here
};
_schemeProvider.AddScheme(new AuthenticationScheme(tenantAuthProviderSetting.AuthenticationScheme, tenantAuthProviderSetting.DisplayName, typeof(SamlAuthenticationHandler)));
_samlPostConfigureOptions.PostConfigure(tenantAuthProviderSetting.AuthenticationScheme, samlOptions);
_samlOptionsCache.TryAdd(tenantAuthProviderSetting.AuthenticationScheme, samlOptions);
schemes = await _schemeProvider.GetAllSchemesAsync();
break;
default:
schemes = await _schemeProvider.GetAllSchemesAsync();
break;
}
return schemes;
}
}
只是确认一下,您想动态添加SAML配置吗 实现这一点的最佳方法是按照《配置指南》中“实现ISamlConfigurationResolver”一节中的描述实现ISamlConfigurationResolver 只要需要配置,就会调用ISamlConfigurationResolver的实现。这意味着SAML配置是完全动态的
"SAML": {
"$schema": "https://www.componentspace.com/schemas/saml-config-schema-v1.0.json",
"Configurations": [
{
"LocalServiceProviderConfiguration": {
"Name": "https://IdentityServer4",
"Description": "IdentityServer4",
"AssertionConsumerServiceUrl": "http://localhost:44380/SAML/AssertionConsumerService",
"SingleLogoutServiceUrl": "http://localhost:44380/SAML/SingleLogoutService",
"LocalCertificates": [
{
"FileName": "certificates/sp.pfx",
"Password": "password"
}
]
},
"PartnerIdentityProviderConfigurations": [
{
"Name": "https://ExampleIdentityProvider",
"Description": "Example Identity Provider",
"SignAuthnRequest": true,
"SingleSignOnServiceUrl": "https://localhost:44313/SAML/SingleSignOnService",
"SingleLogoutServiceUrl": "https://localhost:44313/SAML/SingleLogoutService",
"PartnerCertificates": [
{
"FileName": "certificates/idp.cer"
}
]
}
]
}
]
},
"PartnerName": "https://ExampleIdentityProvider"