Update fastfed solution

Author: habarthierry-hue

SimpleIdServer.FastFed.sln

@@ -73,6 +73,8 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "SimpleIdServer.FastFed.Iden
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "SimpleIdServer.IdServer.Saml.Sp", "src\IdServer\SimpleIdServer.IdServer.Saml.Sp\SimpleIdServer.IdServer.Saml.Sp.csproj", "{4104E18C-467E-4BA0-B8AE-925E37AEBF22}"
 EndProject
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "SimpleIdServer.FastFed.IdentityProvider.Authentication.Saml.Sid", "src\FastFed\SimpleIdServer.FastFed.IdentityProvider.Authentication.Saml.Sid\SimpleIdServer.FastFed.IdentityProvider.Authentication.Saml.Sid.csproj", "{A744CC8C-0C91-4826-85C4-20877185FF30}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -191,6 +193,10 @@ Global
 		{4104E18C-467E-4BA0-B8AE-925E37AEBF22}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{4104E18C-467E-4BA0-B8AE-925E37AEBF22}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{4104E18C-467E-4BA0-B8AE-925E37AEBF22}.Release|Any CPU.Build.0 = Release|Any CPU
+		{A744CC8C-0C91-4826-85C4-20877185FF30}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{A744CC8C-0C91-4826-85C4-20877185FF30}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{A744CC8C-0C91-4826-85C4-20877185FF30}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{A744CC8C-0C91-4826-85C4-20877185FF30}.Release|Any CPU.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -226,6 +232,7 @@ Global
 		{419C42B1-6A41-4A43-AA46-379C336B3097} = {CDB564B6-1FB0-4F6C-87FE-FF79A6FDFF64}
 		{72BAA8FC-8418-41EA-9F12-F1ABC8C7F7A5} = {E7858D10-1FFB-4682-98E1-DA5DBD40BC17}
 		{4104E18C-467E-4BA0-B8AE-925E37AEBF22} = {CC647F05-F14B-4D2C-84ED-E8E76EA6EFE1}
+		{A744CC8C-0C91-4826-85C4-20877185FF30} = {E7858D10-1FFB-4682-98E1-DA5DBD40BC17}
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {AFEA5C5B-33EB-4AEC-BB66-20E5AD9C228D}

src/FastFed/SimpleIdServer.FastFed.ApplicationProvider.Authentication.Saml/FastFedServicesBuilderExtensions.cs

@@ -5,6 +5,7 @@
 using Microsoft.Extensions.DependencyInjection;
 using SimpleIdServer.FastFed.Apis.FastFedMetadata;
 using SimpleIdServer.FastFed.ApplicationProvider.Authentication.Saml.Infrastructures;
+using SimpleIdServer.IdServer.Saml.Sp;
 using System;
 
 namespace SimpleIdServer.FastFed.ApplicationProvider.Authentication.Saml;
@@ -14,6 +15,15 @@ public static class FastFedServicesBuilderExtensions
     public static FastFedServicesBuilder AddSamlAppProviderAuthenticationProfile(this FastFedServicesBuilder builder, Action<SamlAuthenticationOptions> cb)
     {
         builder.Services.Configure(cb);
+        var opts = new SamlAuthenticationOptions();
+        cb(opts);
+        builder.Services.Configure<SamlSpOptions>(o =>
+        {
+            o.BackchannelHttpHandler = opts.BackchannelHttpHandler;
+            o.SigningCertificate = opts.SigningCertificate;
+            o.ContactPersons = opts.ContactPersons;
+            o.SPId = opts.SpId;
+        });
         builder.Services.AddTransient<IProviderMetadataEnricher, SamlAuthenticationProviderMetadataEnricher>();
         builder.Services.AddTransient<IAppProviderProvisioningService, SamlAuthenticationProvisioningService>();
         builder.Services.AddScoped<IAuthenticationHandlerProvider, DynamicSamlAuthenticationHandlerProvider>();

src/FastFed/SimpleIdServer.FastFed.ApplicationProvider.Authentication.Saml/Infrastructures/DynamicSamlAuthenticationSchemeProvider.cs

@@ -26,7 +26,6 @@ public class DynamicSamlAuthenticationSchemeProvider : AuthenticationSchemeProvi
     private readonly IBusControl _busControl;
     private readonly IServiceProvider _serviceProvider;
     private readonly SamlAuthenticationOptions _samlAuthOptions;
-    private readonly SamlSpOptions _samlSpOptions;
     private DateTime? _nextExpirationTime;
     private IEnumerable<AuthSchemeProvider> _cachedAuthSchemeProviders;
     private object _lck = new object();
@@ -35,13 +34,11 @@ public DynamicSamlAuthenticationSchemeProvider(
         IBusControl busControl,
         IServiceProvider serviceProvider,
         IOptions<SamlAuthenticationOptions> samlAuthOptions,
-        IOptions<SamlSpOptions> samlSpOptions,
         IOptions<AuthenticationOptions> options) : base(options)
     {
         _busControl = busControl;
         _serviceProvider = serviceProvider;
         _samlAuthOptions = samlAuthOptions.Value;
-        _samlSpOptions = samlSpOptions.Value;
     }
 
     public async override Task<IEnumerable<AuthenticationScheme>> GetAllSchemesAsync()
@@ -80,12 +77,12 @@ private SamlAuthenticationScheme Convert(AuthSchemeProvider provider)
             var handlerType = typeof(SamlSpHandler);
             var options = new SamlSpOptions
             {
-                SPId = _samlSpOptions.SPId,
+                SPId = _samlAuthOptions.SpId,
                 IdpMetadataUrl = provider.SamlMetadataUri,
-                SigningCertificate = _samlSpOptions.SigningCertificate
+                SigningCertificate = _samlAuthOptions.SigningCertificate
             };
             if (options.Backchannel == null)
-                options.Backchannel = new HttpClient(_samlSpOptions.BackchannelHttpHandler ?? new HttpClientHandler());
+                options.Backchannel = new HttpClient(_samlAuthOptions.BackchannelHttpHandler ?? new HttpClientHandler());
             return new SamlAuthenticationScheme(new AuthenticationScheme(provider.Name, provider.DisplayName, handlerType), options);
         }
     }

src/FastFed/SimpleIdServer.FastFed.ApplicationProvider.Authentication.Saml/SamlAuthenticationOptions.cs

@@ -1,14 +1,28 @@
 // Copyright (c) SimpleIdServer. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
 
+using ITfoxtec.Identity.Saml2.Schemas.Metadata;
 using SimpleIdServer.FastFed.Authentication.Saml;
+using System.Collections.Generic;
+using System.Net.Http;
+using System.Security.Cryptography.X509Certificates;
 
 namespace SimpleIdServer.FastFed.ApplicationProvider.Authentication.Saml;
 
 public class SamlAuthenticationOptions
 {
     public string SpId { get; set; } = "samlApplicationProvider";
     public string SamlMetadataUri { get; set; }
+    public X509Certificate2 SigningCertificate { get; set; }
+    public HttpClientHandler BackchannelHttpHandler { get; set; }
+    public IEnumerable<ContactPerson> ContactPersons { get; set; } = new List<ContactPerson>
+    {
+        new ContactPerson(ContactTypes.Technical)
+        {
+            Company = "SimpleIdServer",
+            EmailAddress = "agentsimpleidserver@gmail.com"
+        }
+    };
     public SamlEntrepriseMappingsResult Mappings { get; set; }
     public int? CacheSamlAuthProvidersInSeconds { get; set; }
 }

src/FastFed/SimpleIdServer.FastFed.ApplicationProvider.Startup/Program.cs

@@ -3,6 +3,7 @@
 using Microsoft.AspNetCore.Builder;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
+using SimpleIdServer.FastFed;
 using SimpleIdServer.FastFed.ApplicationProvider.Authentication.Saml;
 using SimpleIdServer.FastFed.ApplicationProvider.Options;
 using SimpleIdServer.FastFed.ApplicationProvider.Provisioning.Scim;
@@ -64,6 +65,7 @@
     };
 })
     .AddFastFedApplicationProvider(cbChooser: (t) => t.UseInMemoryEfStore())
+    .UseDefaultAppProviderSecurity(authOptions: authOptions)
     .AddAppProviderScimProvisioning(cb =>
     {
         cb.ScimServiceUri = scimOptions.Url;
@@ -89,6 +91,7 @@
     .AddSamlAppProviderAuthenticationProfile(cb =>
     {
         cb.SamlMetadataUri = "https://localhost:5021/saml-metadata.xml";
+        cb.SigningCertificate = KeyGenerator.GenerateSelfSignedCertificate();
         cb.Mappings = new SamlEntrepriseMappingsResult
         {
             SamlSubject = new SamlSubject
@@ -110,8 +113,7 @@
                 }
             }
         };
-    })
-    .UseDefaultAppProviderSecurity(authOptions: authOptions);
+    });
 builder.Services.AddControllersWithViews();
 
 var app = builder.Build();

src/FastFed/SimpleIdServer.FastFed.ApplicationProvider/Services/FastFedService.cs

@@ -164,7 +164,7 @@ public async Task<ValidationResult<Dictionary<string, JsonObject>>> Register(str
                     IdProviderConfiguration = claim.Value
                 });
             }
-            dic.Add(service.Name, enableResult);
+            dic.Add(service.RegisterConfigurationName, enableResult);
         }
 
         idProviderFederation.LastCapabilities.Status = IdentityProviderStatus.CONFIRMED;

src/FastFed/SimpleIdServer.FastFed.IdentityProvider.Authentication.Saml.Sid/FastFedServicesBuilderExtensions.cs

@@ -0,0 +1,18 @@
+// Copyright (c) SimpleIdServer. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
+
+using MassTransit;
+using Microsoft.Extensions.DependencyInjection;
+using System;
+
+namespace SimpleIdServer.FastFed.IdentityProvider.Authentication.Saml.Sid;
+
+public static class FastFedServicesBuilderExtensions
+{
+    public static FastFedServicesBuilder AddSidSamlAuthentication(this FastFedServicesBuilder builder, Action<FastFedSidSamlAuthenticationOptions> cb = null)
+    {
+        builder.Services.Configure(cb);
+        builder.Services.AddTransient<ISamlClientProvisioningService, SidSamlClientProvisioningService>();
+        return builder;
+    }
+}

src/FastFed/SimpleIdServer.FastFed.IdentityProvider.Authentication.Saml.Sid/FastFedSidSamlAuthenticationOptions.cs

@@ -0,0 +1,11 @@
+// Copyright (c) SimpleIdServer. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
+
+namespace SimpleIdServer.FastFed.IdentityProvider.Authentication.Saml.Sid;
+
+public class FastFedSidSamlAuthenticationOptions
+{
+    public string SidBaseUrl { get; set; }
+    public string ClientId { get; set; }
+    public string ClientSecret { get; set; }
+}

src/FastFed/SimpleIdServer.FastFed.IdentityProvider.Authentication.Saml.Sid/SidSamlClientProvisioningService.cs

@@ -0,0 +1,78 @@
+// Copyright (c) SimpleIdServer. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
+
+using Microsoft.Extensions.Options;
+using System;
+using System.Collections.Generic;
+using System.Text;
+using System.Text.Json;
+using System.Text.Json.Nodes;
+using System.Threading;
+using System.Threading.Tasks;
+
+namespace SimpleIdServer.FastFed.IdentityProvider.Authentication.Saml.Sid;
+
+public class SidSamlClientProvisioningService : ISamlClientProvisioningService
+{
+    private readonly IdServer.Helpers.IHttpClientFactory _httpClientFactory;
+    private readonly FastFedSidSamlAuthenticationOptions _options;
+
+    public SidSamlClientProvisioningService(
+        IdServer.Helpers.IHttpClientFactory httpClientFactory,
+        IOptions<FastFedSidSamlAuthenticationOptions> options)
+    {
+        _httpClientFactory = httpClientFactory;
+        _options = options.Value;
+    }
+
+    public async Task Provision(string clientId, string metadataUrl, CancellationToken cancellationToken)
+    {
+        using (var httpClient = _httpClientFactory.GetHttpClient())
+        {
+            var client = new IdServer.Domains.Client
+            {
+                Id = Guid.NewGuid().ToString(),
+                ClientSecret = Guid.NewGuid().ToString(),
+                ClientId = clientId,
+                ClientType = "SAML",
+                CreateDateTime = DateTime.UtcNow,
+                UpdateDateTime = DateTime.UtcNow,
+                Parameters = new JsonObject
+                {
+                    { "SAML2_SP_METADATA", metadataUrl }
+                }
+            };
+            var requestMessage = new System.Net.Http.HttpRequestMessage
+            {
+                RequestUri = new Uri($"{_options.SidBaseUrl}/clients"),
+                Method = System.Net.Http.HttpMethod.Post,
+                Content = new System.Net.Http.StringContent(JsonSerializer.Serialize(client), Encoding.UTF8, "application/json")
+            };
+            var accessToken = await GetAccessToken(httpClient);
+            requestMessage.Headers.Add("Authorization", $"Bearer {accessToken}");
+            var httpResult = await httpClient.SendAsync(requestMessage);
+            string ss = "";
+        }
+    }
+
+    private async Task<string> GetAccessToken(System.Net.Http.HttpClient httpClient)
+    {
+        var content = new List<KeyValuePair<string, string>>
+        {
+            new KeyValuePair<string, string>("client_id", _options.ClientId),
+            new KeyValuePair<string, string>("client_secret", _options.ClientSecret),
+            new KeyValuePair<string, string>("scope", "clients"),
+            new KeyValuePair<string, string>("grant_type", "client_credentials")
+        };
+        var httpRequest = new System.Net.Http.HttpRequestMessage
+        {
+            Method = System.Net.Http.HttpMethod.Post,
+            RequestUri = new Uri($"{_options.SidBaseUrl}/token"),
+            Content = new System.Net.Http.FormUrlEncodedContent(content)
+        };
+        var httpResult = await httpClient.SendAsync(httpRequest);
+        var json = await httpResult.Content.ReadAsStringAsync();
+        var accessToken = JsonObject.Parse(json)["access_token"].GetValue<string>();
+        return accessToken;
+    }
+}

src/FastFed/SimpleIdServer.FastFed.IdentityProvider.Authentication.Saml.Sid/SimpleIdServer.FastFed.IdentityProvider.Authentication.Saml.Sid.csproj

@@ -0,0 +1,10 @@
+<Project Sdk="Microsoft.NET.Sdk">
+	<PropertyGroup>
+		<TargetFramework>net8.0</TargetFramework>
+		<Description>Add saml authentication support and provision SAML clients to SimpleIdServer.</Description>
+	</PropertyGroup>
+	<ItemGroup>
+	  <ProjectReference Include="..\..\IdServer\SimpleIdServer.IdServer.Domains\SimpleIdServer.IdServer.Domains.csproj" />
+	  <ProjectReference Include="..\SimpleIdServer.FastFed.IdentityProvider.Authentication.Saml\SimpleIdServer.FastFed.IdentityProvider.Authentication.Saml.csproj" />
+	</ItemGroup>
+</Project>