Fix safari sso header size (#1065)

* Safari SSO header size fix - in progress * Cleanup of memoryCacheTicketStore * Redis cache ticket store + registration * Revert some unecessary changes * temp - distributed cookie: idsrv.external * Ticket data cached storage added * OIDC working w/ substantially reduced cookie size * Added distributed cache cookie manager * Removed hybrid OIDC flow * Enable self-hosted folks to use Redis for SSO * Also allow self-hosted to use Redis cont...
2025-12-18 17:23:28 +00:00 · 2021-01-11 11:03:46 -05:00
parent 5aba9f7549
commit 99b95b5330
17 changed files with 398 additions and 36 deletions
--- a/src/Core/IdentityServer/ConfigureOpenIdConnectDistributedOptions.cs
+++ b/src/Core/IdentityServer/ConfigureOpenIdConnectDistributedOptions.cs
@@ -0,0 +1,53 @@
+using System;
+using IdentityServer4.Configuration;
+using Microsoft.AspNetCore.Authentication.Cookies;
+using Microsoft.AspNetCore.Http;
+using Microsoft.Extensions.Caching.Redis;
+using Microsoft.Extensions.Options;
+
+namespace Bit.Core.IdentityServer
+{
+    public class ConfigureOpenIdConnectDistributedOptions : IPostConfigureOptions<CookieAuthenticationOptions>
+    {
+        private readonly IdentityServerOptions _idsrv;
+        private readonly IHttpContextAccessor _httpContextAccessor;
+        private readonly GlobalSettings _globalSettings;
+
+        public ConfigureOpenIdConnectDistributedOptions(IHttpContextAccessor httpContextAccessor, GlobalSettings globalSettings,
+            IdentityServerOptions idsrv)
+        {
+            _httpContextAccessor = httpContextAccessor ?? throw new ArgumentNullException(nameof(httpContextAccessor));
+            _globalSettings = globalSettings;
+            _idsrv = idsrv;
+        }
+
+        public void PostConfigure(string name, CookieAuthenticationOptions options)
+        {
+            options.CookieManager = new DistributedCacheCookieManager();
+
+            if (name != AuthenticationSchemes.BitwardenExternalCookieAuthenticationScheme)
+            {
+                // Ignore
+                return;
+            }
+
+            options.Cookie.Name = AuthenticationSchemes.BitwardenExternalCookieAuthenticationScheme;
+            options.Cookie.IsEssential = true;
+            options.Cookie.SameSite = _idsrv.Authentication.CookieSameSiteMode;
+            options.TicketDataFormat = new DistributedCacheTicketDataFormatter(_httpContextAccessor, name);
+
+            if (string.IsNullOrWhiteSpace(_globalSettings.IdentityServer?.RedisConnectionString))
+            {
+                options.SessionStore = new MemoryCacheTicketStore();
+            }
+            else
+            {
+                var redisOptions = new RedisCacheOptions
+                {
+                    Configuration = _globalSettings.IdentityServer.RedisConnectionString,
+                };
+                options.SessionStore = new RedisCacheTicketStore(redisOptions);
+            }
+        }
+    }
+}