using Bit.Core.Business.Sso; using Bit.Core.IdentityServer; using Bit.Core.Settings; using Bit.Core.Utilities; using Bit.SharedWeb.Utilities; using Bit.Sso.Models; using IdentityServer4.Models; using IdentityServer4.ResponseHandling; using Microsoft.AspNetCore.Authentication.OpenIdConnect; using Sustainsys.Saml2.AspNetCore2; namespace Bit.Sso.Utilities { public static class ServiceCollectionExtensions { public static IServiceCollection AddSsoServices(this IServiceCollection services, GlobalSettings globalSettings) { // SAML SP Configuration var samlEnvironment = new SamlEnvironment { SpSigningCertificate = CoreHelpers.GetIdentityServerCertificate(globalSettings), }; services.AddSingleton(s => samlEnvironment); services.AddSingleton(); // Oidc services.AddSingleton, OpenIdConnectPostConfigureOptions>(); services.AddSingleton, ExtendedOptionsMonitorCache>(); // Saml2 services.AddSingleton, PostConfigureSaml2Options>(); services.AddSingleton, ExtendedOptionsMonitorCache>(); return services; } public static IIdentityServerBuilder AddSsoIdentityServerServices(this IServiceCollection services, IWebHostEnvironment env, GlobalSettings globalSettings) { services.AddTransient(); var issuerUri = new Uri(globalSettings.BaseServiceUri.InternalSso); var identityServerBuilder = services .AddIdentityServer(options => { options.IssuerUri = $"{issuerUri.Scheme}://{issuerUri.Host}"; if (env.IsDevelopment()) { options.Authentication.CookieSameSiteMode = Microsoft.AspNetCore.Http.SameSiteMode.Unspecified; } else { options.UserInteraction.ErrorUrl = "/Error"; options.UserInteraction.ErrorIdParameter = "errorId"; } options.InputLengthRestrictions.UserName = 256; }) .AddInMemoryCaching() .AddInMemoryClients(new List { new OidcIdentityClient(globalSettings) }) .AddInMemoryIdentityResources(new List { new IdentityResources.OpenId(), new IdentityResources.Profile() }) .AddIdentityServerCertificate(env, globalSettings); return identityServerBuilder; } } }