Authentication 使用ComponentSpace为IdentityServer4加载动态SAML方案

我们集中了一个IdentityServer4，它将充当服务提供商，并且有多个身份提供商，如Active Directory、Google、Facebook以及基于每个租户的其他SAML提供商。i、 例如，一个服务提供商和多个身份提供商

为了从数据库中加载openId配置，我完全遵循了，它按照openId的预期工作，现在我需要以相同的方式集成SAML提供程序

我经历了来自的“SAMLv20.Core评估”，并且能够成功地使用appsettings.json进行集成

但我不确定如何按照中给出的那样以编程方式集成它

以下是我迄今为止所做的工作

public class AccountController : ControllerBase
{
    private readonly IOptionsMonitorCache<OpenIdConnectOptions> _openIdOptionsCache;
    private readonly IOptionsMonitorCache<SamlAuthenticationOptions> _samlOptionsCache;
    private readonly OpenIdConnectPostConfigureOptions _postConfigureOptions;
    private readonly SamlPostConfigureAuthenticationOptions _samlPostConfigureOptions;

    public AccountController(
        IOptionsMonitorCache<OpenIdConnectOptions> openidOptionsCache,
        IOptionsMonitorCache<SamlAuthenticationOptions> samlOptionsCache,
        OpenIdConnectPostConfigureOptions postConfigureOptions,
        SamlPostConfigureAuthenticationOptions samlPostConfigureOptions
        )
    {
        _openIdOptionsCache = openidOptionsCache;
        _samlOptionsCache = samlOptionsCache;
        _postConfigureOptions = postConfigureOptions;
        _samlPostConfigureOptions = samlPostConfigureOptions;
    }



    private async Task<IEnumerable<AuthenticationScheme>> LoadAuthenticationSchemesByTenant(IEnumerable<AuthenticationScheme> schemes, AuthProviderSetting tenantAuthProviderSetting)
    {
            dynamic configJson = JsonConvert.DeserializeObject(tenantAuthProviderSetting.tenantConfigJson);
            switch (tenantAuthProviderSetting.AuthenticationType)
            {
                case AuthenticationTypes.OpenID:
                    var oidcOptions = new OpenIdConnectOptions
                    {
                        SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme,
                        SignOutScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme,
                        SaveTokens = true,
                        Authority = configJson.Authority, 
                        ClientId = configJson.ClientId, 
                        ClientSecret = configJson.ClientSecret, 

                        TokenValidationParameters = new TokenValidationParameters
                        {
                            NameClaimType = "name",
                            RoleClaimType = "role",
                            ValidateIssuer = false
                        }
                    };
                    _schemeProvider.AddScheme(new AuthenticationScheme(tenantAuthProviderSetting.AuthenticationScheme, tenantAuthProviderSetting.DisplayName, typeof(OpenIdConnectHandler)));
                    _postConfigureOptions.PostConfigure(tenantAuthProviderSetting.AuthenticationScheme, oidcOptions);
                    _openIdOptionsCache.TryAdd(tenantAuthProviderSetting.AuthenticationScheme, oidcOptions);
                    schemes = await _schemeProvider.GetAllSchemesAsync();
                    break;

                case AuthenticationTypes.SAML:
                    var samlOptions = new SamlAuthenticationOptions
                    {

                        PartnerName = delegate () { return "https://ExampleIdentityProvider"; },
                        SingleLogoutServicePath = "https://localhost:44313/SAML/SingleLogoutService",

                        // Not sure how to set other parameters here

                    };

                    _schemeProvider.AddScheme(new AuthenticationScheme(tenantAuthProviderSetting.AuthenticationScheme, tenantAuthProviderSetting.DisplayName, typeof(SamlAuthenticationHandler)));
                    _samlPostConfigureOptions.PostConfigure(tenantAuthProviderSetting.AuthenticationScheme, samlOptions);
                    _samlOptionsCache.TryAdd(tenantAuthProviderSetting.AuthenticationScheme, samlOptions);
                    schemes = await _schemeProvider.GetAllSchemesAsync();
                    break;
                default:
                    schemes = await _schemeProvider.GetAllSchemesAsync();
                    break;

            }
        return schemes;
    }
}

---

只是确认一下，您想动态添加SAML配置吗

实现这一点的最佳方法是按照《配置指南》中“实现ISamlConfigurationResolver”一节中的描述实现ISamlConfigurationResolver

只要需要配置，就会调用ISamlConfigurationResolver的实现。这意味着SAML配置是完全动态的

"SAML": {
  "$schema": "https://www.componentspace.com/schemas/saml-config-schema-v1.0.json",
  "Configurations": [
    {
      "LocalServiceProviderConfiguration": {
        "Name": "https://IdentityServer4",
        "Description": "IdentityServer4",
        "AssertionConsumerServiceUrl": "http://localhost:44380/SAML/AssertionConsumerService",
        "SingleLogoutServiceUrl": "http://localhost:44380/SAML/SingleLogoutService",
        "LocalCertificates": [
          {
            "FileName": "certificates/sp.pfx",
            "Password": "password"
          }
        ]
      },
      "PartnerIdentityProviderConfigurations": [
        {
          "Name": "https://ExampleIdentityProvider",
          "Description": "Example Identity Provider",
          "SignAuthnRequest": true,
          "SingleSignOnServiceUrl": "https://localhost:44313/SAML/SingleSignOnService",
          "SingleLogoutServiceUrl": "https://localhost:44313/SAML/SingleLogoutService",
          "PartnerCertificates": [
            {
              "FileName": "certificates/idp.cer"
            }
          ]
        }
      ]
    }
  ]
},
"PartnerName": "https://ExampleIdentityProvider"