Merge pull request #56 from DuendeSoftware/mb/launch

Upgrade to IdentityServer v8

Author: maartenba

src/Config.cs

@@ -460,21 +460,26 @@ public class Config
                 {
                     EntityId = "https://saml-sp1.example.com",
                     DisplayName = "Simple SAML SP",
-                    AssertionConsumerServiceUrls = [new Uri("https://saml-sp1.example.com/acs")],
-                    AssertionConsumerServiceBinding = SamlBinding.HttpPost,
+                    AssertionConsumerServiceUrls = new List<IndexedEndpoint>
+                    {
+                        new IndexedEndpoint { Location = "https://saml-sp1.example.com/acs", Binding = SamlBinding.HttpPost, Index = 0, IsDefault = true }
+                    },
+                    AllowedScopes = { "openid", "profile" },
                 },
 
                 // SP with Single Logout
                 new SamlServiceProvider
                 {
                     EntityId = "https://saml-sp2.example.com",
                     DisplayName = "SAML SP with SLO",
-                    AssertionConsumerServiceUrls = [new Uri("https://saml-sp2.example.com/acs")],
-                    AssertionConsumerServiceBinding = SamlBinding.HttpPost,
-                    SingleLogoutServiceUrl = new SamlEndpointType
+                    AssertionConsumerServiceUrls = new List<IndexedEndpoint>
+                    {
+                        new IndexedEndpoint { Location = "https://saml-sp2.example.com/acs", Binding = SamlBinding.HttpPost, Index = 0, IsDefault = true }
+                    },
+                    AllowedScopes = { "openid", "profile" },
+                    SingleLogoutServiceUrls = new List<SamlEndpointType>
                     {
-                        Location = new Uri("https://saml-sp2.example.com/saml/slo"),
-                        Binding = SamlBinding.HttpPost,
+                        new SamlEndpointType { Location = "https://saml-sp2.example.com/saml/slo", Binding = SamlBinding.HttpPost }
                     },
                 },
 
@@ -483,13 +488,15 @@ public class Config
                 {
                     EntityId = "https://saml-sp3.example.com",
                     DisplayName = "SAML SP (IdP-initiated)",
-                    AssertionConsumerServiceUrls = [new Uri("https://saml-sp3.example.com/acs")],
-                    AssertionConsumerServiceBinding = SamlBinding.HttpPost,
+                    AssertionConsumerServiceUrls = new List<IndexedEndpoint>
+                    {
+                        new IndexedEndpoint { Location = "https://saml-sp3.example.com/acs", Binding = SamlBinding.HttpPost, Index = 0, IsDefault = true }
+                    },
                     AllowIdpInitiated = true,
-                    SingleLogoutServiceUrl = new SamlEndpointType
+                    AllowedScopes = { "openid", "profile" },
+                    SingleLogoutServiceUrls = new List<SamlEndpointType>
                     {
-                        Location = new Uri("https://saml-sp3.example.com/saml/slo"),
-                        Binding = SamlBinding.HttpPost,
+                        new SamlEndpointType { Location = "https://saml-sp3.example.com/saml/slo", Binding = SamlBinding.HttpPost }
                     },
                 },
             };

src/Duende.IdentityServer.Demo.csproj

@@ -8,10 +8,10 @@
 	</PropertyGroup>
 
 	<ItemGroup>
-		<PackageReference Include="Duende.IdentityModel" Version="8.0.1" />
-		<PackageReference Include="Duende.IdentityServer" Version="8.0.0-alpha.1" />
-		<PackageReference Include="Duende.IdentityServer.ConformanceReport" Version="0.1.0-alpha.0.3488" />
-		<PackageReference Include="Duende.AspNetCore.Authentication.JwtBearer" Version="1.0.1" />
+		<PackageReference Include="Duende.IdentityModel" Version="8.1.0" />
+		<PackageReference Include="Duende.IdentityServer" Version="8.0.0" />
+		<PackageReference Include="Duende.IdentityServer.ConformanceReport" Version="8.0.0" />
+		<PackageReference Include="Duende.AspNetCore.Authentication.JwtBearer" Version="1.0.2" />
 		<PackageReference Include="Serilog.AspNetCore" Version="10.0.0" />
 	</ItemGroup>
 

src/HostingExtensions.cs

@@ -53,8 +53,6 @@ public static WebApplication ConfigureServices(this WebApplicationBuilder builde
                     UseX509Certificate = true
                 });
                 options.KeyManagement.KeyPath = "/tmp/keys";
-
-                options.Endpoints.EnableSamlIdpInitiatedEndpoint = true;
             })
             .AddInMemoryApiScopes(Config.ApiScopes)
             .AddInMemoryIdentityResources(Config.IdentityResources)

src/Pages/Account/Create/Index.cshtml.cs

@@ -51,7 +51,7 @@ public async Task<IActionResult> OnPost()
                 // if the user cancels, send a result back into IdentityServer as if they 
                 // denied the consent (even if this client does not require consent).
                 // this will send back an access denied OIDC error response to the client.
-                await _interaction.DenyAuthorizationAsync(context, AuthorizationError.AccessDenied, HttpContext.RequestAborted);
+                await _interaction.DenyAuthorizationAsync(context, InteractionError.AccessDenied, HttpContext.RequestAborted);
 
                 // we can trust model.ReturnUrl since GetAuthorizationContextAsync returned non-null
                 if (context.IsNativeClient())

src/Pages/Account/Login/Index.cshtml.cs

@@ -74,7 +74,7 @@ public async Task<IActionResult> OnPost()
                 // if the user cancels, send a result back into IdentityServer as if they 
                 // denied the consent (even if this client does not require consent).
                 // this will send back an access denied OIDC error response to the client.
-                await _interaction.DenyAuthorizationAsync(context, AuthorizationError.AccessDenied, HttpContext.RequestAborted);
+                await _interaction.DenyAuthorizationAsync(context, InteractionError.AccessDenied, HttpContext.RequestAborted);
 
                 // we can trust model.ReturnUrl since GetAuthorizationContextAsync returned non-null
                 if (context.IsNativeClient())

src/Pages/Consent/Index.cshtml.cs

@@ -62,7 +62,7 @@ public async Task<IActionResult> OnPost()
         // user clicked 'no' - send back the standard 'access_denied' response
         if (Input.Button == "no")
         {
-            grantedConsent = new ConsentResponse { Error = AuthorizationError.AccessDenied };
+            grantedConsent = new ConsentResponse { Error = InteractionError.AccessDenied };
 
             // emit event
             await _events.RaiseAsync(new ConsentDeniedEvent(User.GetSubjectId(), request.Client.ClientId, request.ValidatedResources.RawScopeValues), HttpContext.RequestAborted);

src/Pages/Device/Index.cshtml.cs

@@ -73,7 +73,7 @@ public async Task<IActionResult> OnPost()
         {
             grantedConsent = new ConsentResponse
             {
-                Error = AuthorizationError.AccessDenied
+                Error = InteractionError.AccessDenied
             };
 
             // emit event

src/Pages/Index.cshtml

@@ -15,7 +15,6 @@
 <section class="text-center container border-bottom pb-3 mb-5">
     <div class="row py-lg-2">
         <div class="col-lg-6 col-md-8 mx-auto">
-            <img src="duende-logo.svg" alt="Duende Software Logo" class="img-fluid w-75"/>
             <h1 class="fw-light">
                 <a class="text-decoration-none" href="https://duendesoftware.com/products/identityserver">Welcome to Duende IdentityServer</a>
             </h1>
@@ -72,7 +71,7 @@
                 </p>
             </div>
             <div class="card-footer p-0">
-                <a href="/saml/metadata" rel="nofollow" class="btn btn-primary w-100">
+                <a href="/Saml2" rel="nofollow" class="btn btn-primary w-100">
                     Go
                     <i class="glyphicon glyphicon-chevron-right"></i>
                 </a>
@@ -324,7 +323,7 @@
     <h2 id="saml-service-providers" style="scroll-margin-top: 3em;">Demo SAML Service Providers (alpha)</h2>
     <p>
         This demo server also acts as a SAML 2.0 Identity Provider. The following service providers are configured for testing.
-        Use the <a href="/saml/metadata">SAML metadata endpoint</a> to retrieve the IdP metadata for configuring your SP.
+        Use the <a href="/Saml2">SAML metadata endpoint</a> to retrieve the IdP metadata for configuring your SP.
     </p>
 
     <div id="saml-accordion" class="mb-3">
@@ -339,14 +338,20 @@
                     <div class="card-body">
                         <div class="card-text">
                             Entity ID: <code>@sp.EntityId</code><br/>
-                            ACS Binding: <code>@sp.AssertionConsumerServiceBinding</code><br/>
                             @foreach (var acs in sp.AssertionConsumerServiceUrls)
                             {
-                                <text>ACS URL: <code>@acs</code><br/></text>
+                                <text>ACS URL: <code>@acs.Location</code> (<code>@acs.Binding</code>)<br/></text>
                             }
-                            @if (sp.SingleLogoutServiceUrl != null)
+                            @if (sp.SingleLogoutServiceUrls.Any())
                             {
-                                <text>SLO URL: <code>@sp.SingleLogoutServiceUrl.Location</code><br/></text>
+                                @foreach (var slo in sp.SingleLogoutServiceUrls)
+                                {
+                                    <text>SLO URL: <code>@slo.Location</code><br/></text>
+                                }
+                            }
+                            @foreach (var slo in sp.SingleLogoutServiceUrls)
+                            {
+                                <text>SLO URL: <code>@slo.Location</code><br/></text>
                             }
                             @if (sp.AllowIdpInitiated)
                             {

src/Pages/Index.cshtml.cs

@@ -1,7 +1,6 @@
 // Copyright (c) Duende Software. All rights reserved.
 // See LICENSE in the project root for license information.
 
-using Duende.IdentityServer;
 using System.Reflection;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc.RazorPages;
@@ -11,17 +10,11 @@ namespace IdentityServerHost.Pages.Home;
 [AllowAnonymous]
 public class Index : PageModel
 {
-    public Index(IdentityServerLicense? license = null)
-    {
-        License = license;
-    }
-
     public string Version
     {
         get => typeof(Duende.IdentityServer.Hosting.IdentityServerMiddleware).Assembly
             .GetCustomAttribute<AssemblyInformationalVersionAttribute>()
             ?.InformationalVersion.Split('+').First()
             ?? "unavailable";
     }
-    public IdentityServerLicense? License { get; }
 }

src/Pages/Saml/IdpInitiated.cshtml

@@ -0,0 +1,2 @@
+@page "/saml/idp-initiated"
+@model Duende.IdentityServer.Demo.Pages.Saml.IdpInitiatedModel