ellenfieldn / identityserver4.wsfederation Goto Github PK

Handle wfresh

• wfresh is not included - Used cached authentication as usual
• wfresh is included and set to n where n >0 - Used cached authentication if it is less than n minutes old
• wfresh is included and set to 0 - Force reauthentication

Currently SAML 2.0 tokens are supported.

For deserialization, support a list of supported token types.
For serialization, support a default token type option.

I'd like to create functional tests that exercise the workflows from the perspective of the user without having to deal with deployment (yet). For now, we'll just POC it and see how it goes.

What is the current status of this project? I see that identityserver guys archived the project and are now selling it instead of posting it on GitHub which lead me here. Is this project active and can you use it?

Currently, there's no good way to customize the claims that are output in a token.

Ideally, the relying party should be able to specify default claims as well as restrict which claims can be issued.

Name Identifier is missing in the WS Federation token, here is the XML tag:

      <saml:Subject>
        <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer" />
      </saml:Subject>

a very fast fix:

        public async Task<string> GenerateSerializedRstr(ValidatedWsFederationSigninRequest request)
        {
            var principal = request.Subject.Identity as ClaimsIdentity;
            if (principal.FindFirst(ClaimTypes.NameIdentifier) == null) {
                principal.AddClaim(new Claim(ClaimTypes.NameIdentifier, principal.Name));
            }
          .......

I may create a PR with the code change

This makes the extension methods more discoverable. Otherwise, with certain IDEs, uses will have to find our extension method namespace before being able to see the extension methods.

I see it done in a lot of asp.net core middleware, and I guess this is the reason.

Add support for IdentityServer4 events.

Need to implement logging in the standard asp.net core way.

Functional testing coverage is pretty light. Would like to fill in a bit more

Some stuff got a little messy with the signout support

Both, Created and Expires XML elements have wrong date format according to the rest of the elements in the Assertion:

<Lifetime>
    <Created xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">7/4/2019 9:26:14 AM</Created>
    <Expires xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">7/4/2019 9:31:14 AM</Expires>
</Lifetime>

If a wreply is not specified in the original signin message, use a default one.

It's about time to add WsFederationOptions. For now, we'll start by making it possible to enable and disable the various WsFederationEndpoints:

• Metadata
• Signin
• Singout

Version 0.1 will likely just have support for the signin workflow

Currently we use the .All package.