Merge remote-tracking branch 'origin/master' into feature/SLO

Author: JoStevensRSK

DuendeIdentityServer/DuendeIdP/Config.cs

@@ -56,7 +56,14 @@ public static IEnumerable<ServiceProvider> GetServiceProviders()
             {
                 EntityId = "https://localhost:5002/saml",
                 AssertionConsumerServices =
-                    {new Service(SamlConstants.BindingTypes.HttpPost, "https://localhost:5002/signin-saml-3")}
+                {
+                    new Service(SamlConstants.BindingTypes.HttpPost , "https://localhost:5002/saml/sso"),
+                    new Service(SamlConstants.BindingTypes.HttpPost, "https://localhost:5002/signin-saml-3")
+                },
+                SingleLogoutServices =
+                {
+                    new Service(SamlConstants.BindingTypes.HttpRedirect , "https://localhost:5002/saml/slo")
+                }
             }
         };
     }

DuendeIdentityServer/DuendeIdP/HostingExtensions.cs

@@ -36,8 +36,8 @@ public static WebApplication ConfigureServices(this WebApplicationBuilder builde
 
         isBuilder.AddSamlPlugin(options =>
             {
-                options.Licensee = "/* your DEMO Licensee */";
-                options.LicenseKey = "/* your DEMO LicenseKey */";
+                options.Licensee = "DEMO";
+                options.LicenseKey = "eyJTb2xkRm9yIjowLjAsIktleVByZXNldCI6NiwiU2F2ZUtleSI6ZmFsc2UsIkxlZ2FjeUtleSI6ZmFsc2UsIlJlbmV3YWxTZW50VGltZSI6IjAwMDEtMDEtMDFUMDA6MDA6MDAiLCJhdXRoIjoiREVNTyIsImV4cCI6IjIwMjMtMDMtMjRUMDA6MDA6MDAiLCJpYXQiOiIyMDIzLTAyLTI0VDA5OjIyOjA3Iiwib3JnIjoiREVNTyIsImF1ZCI6Mn0=.n2rMJsO+GWfSEYFnBoweBGqQjBLpUBELo4O2iHvJwFjuifXSsaTc6cyJG50SF3z3tnLylY+yueEmV2SXr86IG/IltNB/+Cip/V7g3l5tHMbla5QYr5aYbyaUPASfs+sPXW750sx++pR/4WC4sDzgckeDANhZl6A2fIPUOXM/BG+V8cvsb6xhY6+XfRCMAqPKW3XLxG8cPZBQ6teAdPrtDJuI1UNVtkFwtjBypjr/hgMHxW7oVT0GV7mBQknqqrvq6dQjLqGgxvdamxkmBWMTfFTrysqwvK2eVJsOV0IlIYUCwz2c2H//1cvW4o5K8tkSpwp/uwjXdpz1pB3jzwGPzl/kZ1PTiZOh1uFTEGhRhn2A93vFT1dcSaSsGDG0Excu2H66nuCw4OsUr4sUZm5+Y57/xHlFfTo5wbymSSMXLVpzL3brzfOvOewAawDq5HNjBmPjOaCpWaz6hygT/mOdqr+0T0W+l84XEdoxyP1GuVwN/eCL7qkroHUsksXqbmQmCUioV3wK5+sKeVmMB/vOBUQnJJR0snV6pBAvEVCLcGw/8Nu2+ZreYDdTNy6CSYlGjQi5b6GxKBMCifv15uoeVeEej/UXtKTJRVe72B6oS6tZupvw3evm8nruTM9QObUqESgF+M0hVuyB0/eVngC+gNo6DKkDdS8I++ZivAn2AsI=";
 
                 options.WantAuthenticationRequestsSigned = false;
             })

Saml.sln

@@ -1,4 +1,4 @@
-
+
 Microsoft Visual Studio Solution File, Format Version 12.00
 # Visual Studio Version 17
 VisualStudioVersion = 17.0.31903.59
@@ -35,6 +35,8 @@ Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "WebClient.SAML.1", "DuendeI
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "WebClient.SAML.2", "DuendeIdentityServer\SLO\SamlOidcSLO\WebClient.SAML.2\WebClient.SAML.2.csproj", "{20851470-CF31-4F28-B2ED-E201814909E7}"
 EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "spWithSingleIdp", "spWithSingleIdp\spWithSingleIdp.csproj", "{08734969-2F2A-4D9C-96F4-C2F4A2A68467}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -93,6 +95,10 @@ Global
 		{20851470-CF31-4F28-B2ED-E201814909E7}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{20851470-CF31-4F28-B2ED-E201814909E7}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{20851470-CF31-4F28-B2ED-E201814909E7}.Release|Any CPU.Build.0 = Release|Any CPU
+		{08734969-2F2A-4D9C-96F4-C2F4A2A68467}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{08734969-2F2A-4D9C-96F4-C2F4A2A68467}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{08734969-2F2A-4D9C-96F4-C2F4A2A68467}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{08734969-2F2A-4D9C-96F4-C2F4A2A68467}.Release|Any CPU.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE

spWithMultipleIdps/spWithMultipleIdps.csproj

@@ -5,7 +5,7 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Rsk.Saml" Version="5.0.0" />
+    <PackageReference Include="Rsk.Saml" Version="6.0.0" />
   </ItemGroup>
 
   <ItemGroup>

spWithSingleIdp/Controllers/HomeController.cs

@@ -0,0 +1,36 @@
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+
+namespace spWithSingleIdp.Controllers;
+
+public class HomeController : Controller
+{
+    [Route("/")]
+    public ViewResult Index()
+    {
+        return View();
+    }
+
+    [Route("/sign-in")]
+    [Authorize]
+    public IActionResult SignIn()
+    {
+        return Redirect("/");
+    }
+
+    [Route("/sign-out")]
+    public IActionResult FullLogout()
+    {
+        // Sign out of the application session ( cookie )
+        // Sign out of the saml scheme, this will cause a redirect to SAML IDP to sign out
+        return SignOut( "cookie", "saml");
+    }
+    
+    [Route("/app-sign-out")]
+    public async Task<IActionResult> Logout()
+    {
+        await HttpContext.SignOutAsync("cookie");
+        return Redirect("/");
+    }
+}

spWithSingleIdp/Program.cs

@@ -0,0 +1,48 @@
+using Rsk.AspNetCore.Authentication.Saml2p;
+
+var builder = WebApplication.CreateBuilder(args);
+
+builder.Services.AddAuthentication(options =>
+    {
+        options.DefaultScheme = "cookie";
+        options.DefaultChallengeScheme = "saml";
+    })
+    .AddCookie("cookie")
+    .AddSaml2p("saml",options=>
+    {
+        options.Licensee = "/* your DEMO Licensee */";
+        options.LicenseKey = "/* your DEMO LicenseKey */";
+        
+        options.IdentityProviderMetadataAddress = "https://localhost:5003/saml/metadata";
+
+        options.CallbackPath = "/saml/sso";
+        
+        options.SignInScheme = "cookie";
+        
+        options.ServiceProviderOptions = new SpOptions
+        {
+            EntityId = "https://localhost:5002/saml",
+            MetadataPath = "/saml/metadata",
+            SignAuthenticationRequests = false,
+        };
+    });
+
+builder.Services.AddAuthorization();
+builder.Services.AddControllers();
+builder.Services.AddRazorPages();
+
+var app = builder.Build();
+
+app.UseAuthentication();
+
+
+app.UseRouting();
+app.UseAuthorization();
+app.UseEndpoints(c =>
+{
+    c.MapDefaultControllerRoute();
+});
+    
+
+
+app.Run();

spWithSingleIdp/Properties/launchSettings.json

@@ -0,0 +1,28 @@
+{
+  "iisSettings": {
+    "windowsAuthentication": false,
+    "anonymousAuthentication": true,
+    "iisExpress": {
+      "applicationUrl": "http://localhost:37339",
+      "sslPort": 44328
+    }
+  },
+  "profiles": {
+    "spWithSingleIdp": {
+      "commandName": "Project",
+      "dotnetRunMessages": true,
+      "launchBrowser": true,
+      "applicationUrl": "https://localhost:5002",
+      "environmentVariables": {
+        "ASPNETCORE_ENVIRONMENT": "Development"
+      }
+    },
+    "IIS Express": {
+      "commandName": "IISExpress",
+      "launchBrowser": true,
+      "environmentVariables": {
+        "ASPNETCORE_ENVIRONMENT": "Development"
+      }
+    }
+  }
+}

spWithSingleIdp/Views/Home/Index.cshtml

@@ -0,0 +1,39 @@
+@model dynamic
+
+@{
+    Layout = null;
+}
+
+<!DOCTYPE html>
+
+<html>
+<head>
+    <title>Home</title>
+</head>
+<body>
+<div>
+    <H1>Welcome</h1>
+    
+    @if (Context.User.Identity?.IsAuthenticated ?? false)
+    {
+        
+        <h2>Authenticated</h2>
+        <ul>
+            @foreach (var claim in Context.User.Claims)
+            {
+                <li><strong>@claim.Type:</strong> @claim.Value</li>
+            }
+        </ul>
+        <br/>
+        @Html.ActionLink("Logout", "Logout");
+        <br/>
+        @Html.ActionLink("SSO Logout", "FullLogout");
+    }
+    else
+    {
+        <p>Anonymous</p>
+        @Html.ActionLink("Sign-in" , "SignIn")
+    }
+</div>
+</body>
+</html>

spWithSingleIdp/appsettings.Development.json

@@ -0,0 +1,8 @@
+{
+  "Logging": {
+    "LogLevel": {
+      "Default": "Information",
+      "Microsoft.AspNetCore": "Warning"
+    }
+  }
+}

spWithSingleIdp/appsettings.json

@@ -0,0 +1,9 @@
+{
+  "Logging": {
+    "LogLevel": {
+      "Default": "Information",
+      "Microsoft.AspNetCore": "Warning"
+    }
+  },
+  "AllowedHosts": "*"
+}