Upgrade to Pro — share decks privately, control downloads, hide ads and more …

IdentityServer4 v2 on ASP.NET Core v2: An update

IdentityServer4 v2 on ASP.NET Core v2: An update

NDC London 2018

Dominick Baier

January 17, 2018
Tweet

More Decks by Dominick Baier

Other Decks in Programming

Transcript

  1. IdentityServer4 v2 on ASP.NET Core v2 an Update Dominick Baier

    & Brock Allen https://identityserver.io [email protected] @leastprivilege / @brocklallen
  2. 2 @leastprivilege / @brocklallen Agenda • The new ASP.NET Core

    authentication system • WS-Federation (aka ADFS support yay) • SAML2p • API extensibility • Configuration • Logout • Templates • Admin UI Community Edition • How to support us
  3. 9 @leastprivilege / @brocklallen IAuthenticationService public static class AuthenticationHttpContextExtensions {

    public static Task SignInAsync(this HttpContext context, ClaimsPrincipal principal) { } public static Task SignInAsync(this HttpContext context, string scheme, ClaimsPrincipal principal) { } public static Task SignOutAsync(this HttpContext context) { } public static Task SignOutAsync(this HttpContext context, string scheme) { } public static Task ChallengeAsync(this HttpContext context) { } public static Task ChallengeAsync(this HttpContext context, string scheme) { } public static Task ForbidAsync(this HttpContext context) { } public static Task ForbidAsync(this HttpContext context, string scheme) { } public static Task<AuthenticateResult> AuthenticateAsync(this HttpContext context) { } public static Task<AuthenticateResult> AuthenticateAsync(this HttpContext context, string scheme) { } }
  4. 10 @leastprivilege / @brocklallen WS-Federation • Preview2 right now –

    will be done soon (really… promised) – feel free to complain to @blowdart https://www.nuget.org/packages/Microsoft.AspNetCore.Authentication.WsFederation
  5. 11 @leastprivilege / @brocklallen Saml2p • Anders' authentication handler for

    ASP.NET Core 2 (aka SP support) – https://www.nuget.org/packages/Sustainsys.Saml2.AspNetCore2 • Rock Solid Knowledge SAML2p plugin (aka IdP support) – https://www.identityserver.com/products#SAML2P
  6. 12 @leastprivilege / @brocklallen API Extensibility • It's easy now

    to extend IdentityServer with custom API endpoints – https://identityserver4.readthedocs.io/en/release/topics/add_apis.html – https://github.com/IdentityServer/IdentityServer4.Demo
  7. 13 @leastprivilege / @brocklallen Logout is hard! • Session management

    spec – https://openid.net/specs/openid-connect-session-1_0.html • Front-channel notifications – https://openid.net/specs/openid-connect-frontchannel-1_0.html • Back-channel notifications – https://openid.net/specs/openid-connect-backchannel-1_0.html
  8. 14 @leastprivilege / @brocklallen Front-Channel Notifications Client <iframe style="visibility:hidden" src="https://client1/signout?sid=123">

    </iframe> <iframe class="visibility:hidden" src="https://client2/signout?sid=123"> </iframe> <iframe class="visibility:hidden" src="https://client3/signout?sid=123"> </iframe> <a href="https://client1">return</a> GET /end_session
  9. 15 @leastprivilege / @brocklallen Back-Channel Notifications Client GET /end_session POST

    { "iss": "https://demo.identityserver.io", "sub": "248289761001", "aud": "client1", "iat": 1471566154, "jti": "bWJq", "sid": "8u09jejd099", "events": { "http://schemas.openid.net/event/backchannel-logout": {} } }
  10. 18 @leastprivilege / @brocklallen Support Us • Up for grabs

    – http://up-for-grabs.net/#/names/identityserver4 • StackOverflow – https://stackoverflow.com/questions/tagged/?tagnames=identityserver4&sort=newest • Patreon – https://www.patreon.com/identityserver
  11. 19 @leastprivilege / @brocklallen Support You • Consulting / Training

    – https://identityserver.io • Production support – https://identityserver.com