IdentityServer4 v2 on ASP.NET Core v2 an Update Dominick Baier & Brock Allen https://identityserver.io identity@leastprivilege.com @leastprivilege / @brocklallen

2 @leastprivilege / @brocklallen Agenda • The new ASP.NET Core authentication system • WS-Federation (aka ADFS support yay) • SAML2p • API extensibility • Configuration • Logout • Templates • Admin UI Community Edition • How to support us

3 @leastprivilege / @brocklallen The dark ages…

4 @leastprivilege / @brocklallen Katana Middleware 1 Middleware 2 Middleware n

5 @leastprivilege / @brocklallen Authentication in Katana wtf?

6 @leastprivilege / @brocklallen Authentication in ASP.NET Core 1 wtf?

7 @leastprivilege / @brocklallen Authentication in ASP.NET Core 2 !

8 @leastprivilege / @brocklallen Configuring Authentication in ASP.NET Core 2 wtaf?

9 @leastprivilege / @brocklallen IAuthenticationService public static class AuthenticationHttpContextExtensions { public static Task SignInAsync(this HttpContext context, ClaimsPrincipal principal) { } public static Task SignInAsync(this HttpContext context, string scheme, ClaimsPrincipal principal) { } public static Task SignOutAsync(this HttpContext context) { } public static Task SignOutAsync(this HttpContext context, string scheme) { } public static Task ChallengeAsync(this HttpContext context) { } public static Task ChallengeAsync(this HttpContext context, string scheme) { } public static Task ForbidAsync(this HttpContext context) { } public static Task ForbidAsync(this HttpContext context, string scheme) { } public static Task AuthenticateAsync(this HttpContext context) { } public static Task AuthenticateAsync(this HttpContext context, string scheme) { } }

10 @leastprivilege / @brocklallen WS-Federation • Preview2 right now – will be done soon (really… promised) – feel free to complain to @blowdart https://www.nuget.org/packages/Microsoft.AspNetCore.Authentication.WsFederation

11 @leastprivilege / @brocklallen Saml2p • Anders' authentication handler for ASP.NET Core 2 (aka SP support) – https://www.nuget.org/packages/Sustainsys.Saml2.AspNetCore2 • Rock Solid Knowledge SAML2p plugin (aka IdP support) – https://www.identityserver.com/products#SAML2P

12 @leastprivilege / @brocklallen API Extensibility • It's easy now to extend IdentityServer with custom API endpoints – https://identityserver4.readthedocs.io/en/release/topics/add_apis.html – https://github.com/IdentityServer/IdentityServer4.Demo

13 @leastprivilege / @brocklallen Logout is hard! • Session management spec – https://openid.net/specs/openid-connect-session-1_0.html • Front-channel notifications – https://openid.net/specs/openid-connect-frontchannel-1_0.html • Back-channel notifications – https://openid.net/specs/openid-connect-backchannel-1_0.html

14 @leastprivilege / @brocklallen Front-Channel Notifications Client return GET /end_session

15 @leastprivilege / @brocklallen Back-Channel Notifications Client GET /end_session POST { "iss": "https://demo.identityserver.io", "sub": "248289761001", "aud": "client1", "iat": 1471566154, "jti": "bWJq", "sid": "8u09jejd099", "events": { "http://schemas.openid.net/event/backchannel-logout": {} } }

16 @leastprivilege / @brocklallen Templates https://github.com/IdentityServer/IdentityServer4.Templates

17 @leastprivilege / @brocklallen Admin UI Community Edition • 10 users, 2 clients

18 @leastprivilege / @brocklallen Support Us • Up for grabs – http://up-for-grabs.net/#/names/identityserver4 • StackOverflow – https://stackoverflow.com/questions/tagged/?tagnames=identityserver4&sort=newest • Patreon – https://www.patreon.com/identityserver

19 @leastprivilege / @brocklallen Support You • Consulting / Training – https://identityserver.io • Production support – https://identityserver.com

20 @leastprivilege / @brocklallen Thanks! slides: https://speakerdeck.com/leastprivilege