mirror of
https://github.com/bitwarden/server
synced 2025-12-27 13:43:18 +00:00
87fd4ad97d
* Upgrade to Duende.Identity * Linting * Get rid of last IdentityServer4 package * Fix identity test since Duende returns additional configuration * Use Configure PostConfigure is ran after ASP.NET's PostConfigure so ConfigurationManager was already configured and our HttpHandler wasn't being respected. * Regenerate lockfiles * Move to 6.0.4 for patches * fixes with testing * Add additional grant type supported in 6.0.4 and beautify * Lockfile refresh * Reapply lockfiles * Apply change to new WebAuthn logic * When automated merging fails me --------- Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com> Co-authored-by: Kyle Spearrin <kyle.spearrin@gmail.com>
79 lines
3.1 KiB
C#
79 lines
3.1 KiB
C#
using Bit.Core.Business.Sso;
|
|
using Bit.Core.Settings;
|
|
using Bit.Core.Utilities;
|
|
using Bit.SharedWeb.Utilities;
|
|
using Bit.Sso.IdentityServer;
|
|
using Bit.Sso.Models;
|
|
using Duende.IdentityServer.Models;
|
|
using Duende.IdentityServer.ResponseHandling;
|
|
using Microsoft.AspNetCore.Authentication.OpenIdConnect;
|
|
using Sustainsys.Saml2.AspNetCore2;
|
|
|
|
namespace Bit.Sso.Utilities;
|
|
|
|
public static class ServiceCollectionExtensions
|
|
{
|
|
public static IServiceCollection AddSsoServices(this IServiceCollection services,
|
|
GlobalSettings globalSettings)
|
|
{
|
|
// SAML SP Configuration
|
|
var samlEnvironment = new SamlEnvironment
|
|
{
|
|
SpSigningCertificate = CoreHelpers.GetIdentityServerCertificate(globalSettings),
|
|
};
|
|
services.AddSingleton(s => samlEnvironment);
|
|
|
|
services.AddSingleton<Microsoft.AspNetCore.Authentication.IAuthenticationSchemeProvider,
|
|
DynamicAuthenticationSchemeProvider>();
|
|
// Oidc
|
|
services.AddSingleton<Microsoft.Extensions.Options.IPostConfigureOptions<OpenIdConnectOptions>,
|
|
OpenIdConnectPostConfigureOptions>();
|
|
services.AddSingleton<Microsoft.Extensions.Options.IOptionsMonitorCache<OpenIdConnectOptions>,
|
|
ExtendedOptionsMonitorCache<OpenIdConnectOptions>>();
|
|
// Saml2
|
|
services.AddSingleton<Microsoft.Extensions.Options.IPostConfigureOptions<Saml2Options>,
|
|
PostConfigureSaml2Options>();
|
|
services.AddSingleton<Microsoft.Extensions.Options.IOptionsMonitorCache<Saml2Options>,
|
|
ExtendedOptionsMonitorCache<Saml2Options>>();
|
|
|
|
return services;
|
|
}
|
|
|
|
public static IIdentityServerBuilder AddSsoIdentityServerServices(this IServiceCollection services,
|
|
IWebHostEnvironment env, GlobalSettings globalSettings)
|
|
{
|
|
services.AddTransient<IDiscoveryResponseGenerator, DiscoveryResponseGenerator>();
|
|
|
|
var issuerUri = new Uri(globalSettings.BaseServiceUri.InternalSso);
|
|
var identityServerBuilder = services
|
|
.AddIdentityServer(options =>
|
|
{
|
|
options.IssuerUri = $"{issuerUri.Scheme}://{issuerUri.Host}";
|
|
if (env.IsDevelopment())
|
|
{
|
|
options.Authentication.CookieSameSiteMode = Microsoft.AspNetCore.Http.SameSiteMode.Unspecified;
|
|
}
|
|
else
|
|
{
|
|
options.UserInteraction.ErrorUrl = "/Error";
|
|
options.UserInteraction.ErrorIdParameter = "errorId";
|
|
}
|
|
options.InputLengthRestrictions.UserName = 256;
|
|
options.KeyManagement.Enabled = false;
|
|
})
|
|
.AddInMemoryCaching()
|
|
.AddInMemoryClients(new List<Client>
|
|
{
|
|
new OidcIdentityClient(globalSettings)
|
|
})
|
|
.AddInMemoryIdentityResources(new List<IdentityResource>
|
|
{
|
|
new IdentityResources.OpenId(),
|
|
new IdentityResources.Profile()
|
|
})
|
|
.AddIdentityServerCertificate(env, globalSettings);
|
|
|
|
return identityServerBuilder;
|
|
}
|
|
}
|