WIP

Author: habarthierry-hue

src/FastFed/SimpleIdServer.FastFed.ApplicationProvider.Authentication.Saml/Infrastructures/DynamicSamlAuthenticationSchemeProvider.cs

@@ -26,6 +26,7 @@ public class DynamicSamlAuthenticationSchemeProvider : AuthenticationSchemeProvi
     private readonly IBusControl _busControl;
     private readonly IServiceProvider _serviceProvider;
     private readonly SamlAuthenticationOptions _samlAuthOptions;
+    private readonly FastFedApplicationProviderOptions _fastFedApplicationProviderOptions;
     private DateTime? _nextExpirationTime;
     private IEnumerable<AuthSchemeProvider> _cachedAuthSchemeProviders;
     private object _lck = new object();
@@ -34,11 +35,13 @@ public DynamicSamlAuthenticationSchemeProvider(
         IBusControl busControl,
         IServiceProvider serviceProvider,
         IOptions<SamlAuthenticationOptions> samlAuthOptions,
+        IOptions<FastFedApplicationProviderOptions> fastFedApplicationProviderOptions,
         IOptions<AuthenticationOptions> options) : base(options)
     {
         _busControl = busControl;
         _serviceProvider = serviceProvider;
         _samlAuthOptions = samlAuthOptions.Value;
+        _fastFedApplicationProviderOptions = fastFedApplicationProviderOptions.Value;
     }
 
     public async override Task<IEnumerable<AuthenticationScheme>> GetAllSchemesAsync()
@@ -57,6 +60,8 @@ public async override Task<IEnumerable<AuthenticationScheme>> GetAllSchemesAsync
         return rules;
     }
 
+    public override Task<IEnumerable<AuthenticationScheme>> GetRequestHandlerSchemesAsync() => GetAllSchemesAsync();
+
     public override async Task<AuthenticationScheme> GetSchemeAsync(string name) => (await GetSamlSchemeAsync(name)).AuthScheme;
 
     public async Task<SamlAuthenticationScheme> GetSamlSchemeAsync(string name)
@@ -79,11 +84,13 @@ private SamlAuthenticationScheme Convert(AuthSchemeProvider provider)
             {
                 SPId = _samlAuthOptions.SpId,
                 IdpMetadataUrl = provider.SamlMetadataUri,
-                SigningCertificate = _samlAuthOptions.SigningCertificate
+                SigningCertificate = _samlAuthOptions.SigningCertificate,
+                SignInScheme = _fastFedApplicationProviderOptions.AuthScheme.Cookie
             };
+            var monitoredOpts = new ConcreteOptionsMonitor<SamlSpOptions>(options);
             if (options.Backchannel == null)
                 options.Backchannel = new HttpClient(_samlAuthOptions.BackchannelHttpHandler ?? new HttpClientHandler());
-            return new SamlAuthenticationScheme(new AuthenticationScheme(provider.Name, provider.DisplayName, handlerType), options);
+            return new SamlAuthenticationScheme(new AuthenticationScheme(provider.Name, provider.DisplayName, handlerType), monitoredOpts);
         }
     }
 
@@ -128,4 +135,24 @@ private async Task<IEnumerable<AuthSchemeProvider>> GetAuthenticationSchemeProvi
             return authenticationSchemeProviders;
         }
     }
+
+    private class ConcreteOptionsMonitor<T> : IOptionsMonitor<T> where T : class
+    {
+        public ConcreteOptionsMonitor(T value)
+        {
+            CurrentValue = value;
+        }
+
+        public T CurrentValue { get; private set; }
+
+        public T Get(string name)
+        {
+            return CurrentValue;
+        }
+
+        public IDisposable OnChange(Action<T, string> listener)
+        {
+            return null;
+        }
+    }
 }

src/FastFed/SimpleIdServer.FastFed.ApplicationProvider.Authentication.Saml/Infrastructures/SamlAuthenticationScheme.cs

@@ -1,6 +1,7 @@
 // Copyright (c) SimpleIdServer. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
 using Microsoft.AspNetCore.Authentication;
+using Microsoft.Extensions.Options;
 using SimpleIdServer.IdServer.Saml.Sp;
 
 namespace SimpleIdServer.FastFed.ApplicationProvider.Authentication.Saml.Infrastructures;
@@ -12,12 +13,12 @@ public SamlAuthenticationScheme(AuthenticationScheme authScheme)
         AuthScheme = authScheme;
     }
 
-    public SamlAuthenticationScheme(AuthenticationScheme authScheme, SamlSpOptions samlSpOptions) : this(authScheme)
+    public SamlAuthenticationScheme(AuthenticationScheme authScheme, IOptionsMonitor<SamlSpOptions> samlSpOptions) : this(authScheme)
     {
         SamlSpOptions = samlSpOptions;
     }
 
 
     public AuthenticationScheme AuthScheme { get; set; }
-    public SamlSpOptions SamlSpOptions { get; set; }
+    public IOptionsMonitor<SamlSpOptions> SamlSpOptions { get; set; }
 }

src/FastFed/SimpleIdServer.FastFed.ApplicationProvider.Authentication.Saml/SimpleIdServer.FastFed.ApplicationProvider.Authentication.Saml.csproj

@@ -5,6 +5,7 @@
 	</PropertyGroup>
 	<ItemGroup>
 	  <ProjectReference Include="..\..\IdServer\SimpleIdServer.IdServer.Saml.Sp\SimpleIdServer.IdServer.Saml.Sp.csproj" />
+	  <ProjectReference Include="..\SimpleIdServer.FastFed.ApplicationProvider\SimpleIdServer.FastFed.ApplicationProvider.csproj" />
 	  <ProjectReference Include="..\SimpleIdServer.FastFed.Authentication.Saml\SimpleIdServer.FastFed.Authentication.Saml.csproj" />
 	  <ProjectReference Include="..\SimpleIdServer.FastFed\SimpleIdServer.FastFed.csproj" />
 	</ItemGroup>

src/FastFed/SimpleIdServer.FastFed.ApplicationProvider.Startup/Program.cs

@@ -90,7 +90,8 @@
     })
     .AddSamlAppProviderAuthenticationProfile(cb =>
     {
-        cb.SamlMetadataUri = "https://localhost:5021/saml-metadata.xml";
+        cb.SpId = "https://localhost:5021";
+        cb.SamlMetadataUri = "https://localhost:5021/Metadata";
         cb.SigningCertificate = KeyGenerator.GenerateSelfSignedCertificate();
         cb.Mappings = new SamlEntrepriseMappingsResult
         {

src/FastFed/SimpleIdServer.FastFed.ApplicationProvider.Startup/Resources/AuthenticateResource.Designer.cs

@@ -0,0 +1,126 @@
+<?xml version="1.0" encoding="utf-8"?>
+<root>
+  <!-- 
+    Microsoft ResX Schema 
+    
+    Version 2.0
+    
+    The primary goals of this format is to allow a simple XML format 
+    that is mostly human readable. The generation and parsing of the 
+    various data types are done through the TypeConverter classes 
+    associated with the data types.
+    
+    Example:
+    
+    ... ado.net/XML headers & schema ...
+    <resheader name="resmimetype">text/microsoft-resx</resheader>
+    <resheader name="version">2.0</resheader>
+    <resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
+    <resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
+    <data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
+    <data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
+    <data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
+        <value>[base64 mime encoded serialized .NET Framework object]</value>
+    </data>
+    <data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+        <value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
+        <comment>This is a comment</comment>
+    </data>
+                
+    There are any number of "resheader" rows that contain simple 
+    name/value pairs.
+    
+    Each data row contains a name, and value. The row also contains a 
+    type or mimetype. Type corresponds to a .NET class that support 
+    text/value conversion through the TypeConverter architecture. 
+    Classes that don't support this are serialized and stored with the 
+    mimetype set.
+    
+    The mimetype is used for serialized objects, and tells the 
+    ResXResourceReader how to depersist the object. This is currently not 
+    extensible. For a given mimetype the value must be set accordingly:
+    
+    Note - application/x-microsoft.net.object.binary.base64 is the format 
+    that the ResXResourceWriter will generate, however the reader can 
+    read any of the formats listed below.
+    
+    mimetype: application/x-microsoft.net.object.binary.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
+            : and then encoded with base64 encoding.
+    
+    mimetype: application/x-microsoft.net.object.soap.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Soap.SoapFormatter
+            : and then encoded with base64 encoding.
+
+    mimetype: application/x-microsoft.net.object.bytearray.base64
+    value   : The object must be serialized into a byte array 
+            : using a System.ComponentModel.TypeConverter
+            : and then encoded with base64 encoding.
+    -->
+  <xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
+    <xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
+    <xsd:element name="root" msdata:IsDataSet="true">
+      <xsd:complexType>
+        <xsd:choice maxOccurs="unbounded">
+          <xsd:element name="metadata">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" />
+              </xsd:sequence>
+              <xsd:attribute name="name" use="required" type="xsd:string" />
+              <xsd:attribute name="type" type="xsd:string" />
+              <xsd:attribute name="mimetype" type="xsd:string" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="assembly">
+            <xsd:complexType>
+              <xsd:attribute name="alias" type="xsd:string" />
+              <xsd:attribute name="name" type="xsd:string" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="data">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+                <xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
+              <xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
+              <xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="resheader">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" />
+            </xsd:complexType>
+          </xsd:element>
+        </xsd:choice>
+      </xsd:complexType>
+    </xsd:element>
+  </xsd:schema>
+  <resheader name="resmimetype">
+    <value>text/microsoft-resx</value>
+  </resheader>
+  <resheader name="version">
+    <value>2.0</value>
+  </resheader>
+  <resheader name="reader">
+    <value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <resheader name="writer">
+    <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <data name="Title" xml:space="preserve">
+    <value>Authenticate</value>
+  </data>
+  <data name="Authenticate" xml:space="preserve">
+    <value>Authenticate</value>
+  </data>
+</root>

src/FastFed/SimpleIdServer.FastFed.ApplicationProvider.Startup/Resources/AuthenticateResource.resx

@@ -25,6 +25,11 @@
 		  <AutoGen>True</AutoGen>
 		  <DependentUpon>HomeResource.resx</DependentUpon>
 		</Compile>
+		<Compile Update="Resources\AuthenticateResource.Designer.cs">
+			<DesignTime>True</DesignTime>
+			<AutoGen>True</AutoGen>
+			<DependentUpon>AuthenticateResource.resx</DependentUpon>
+		</Compile>
 		<Compile Update="Resources\LayoutResource.Designer.cs">
 			<DesignTime>True</DesignTime>
 			<AutoGen>True</AutoGen>
@@ -53,5 +58,9 @@
 			<Generator>PublicResXFileCodeGenerator</Generator>
 			<LastGenOutput>IdentityProvidersResource.Designer.cs</LastGenOutput>
 		</EmbeddedResource>
+		<EmbeddedResource Update="Resources\AuthenticateResource.resx">
+			<Generator>PublicResXFileCodeGenerator</Generator>
+			<LastGenOutput>AuthenticateResource.Designer.cs</LastGenOutput>
+		</EmbeddedResource>
 	</ItemGroup>
 </Project>

src/FastFed/SimpleIdServer.FastFed.ApplicationProvider.Startup/SimpleIdServer.FastFed.ApplicationProvider.Startup.csproj

@@ -0,0 +1,30 @@
+@model SimpleIdServer.FastFed.ApplicationProvider.UIs.ViewModels.AuthenticateViewModel
+@using SimpleIdServer.FastFed.ApplicationProvider.Startup.Resources
+
+@{
+    ViewBag.Title = AuthenticateResource.Title;
+    Layout = "~/Views/Shared/_Layout.cshtml";
+}
+
+<div>
+    <div class="card">
+        <div class="card-body">
+            <div>
+                <a class="btn btn-secondary" href="@Url.Action("Login", "Home")">@AuthenticateResource.Authenticate</a>
+            </div>
+            <div class="divider">
+                <p class="fw-bold text">OR</p>
+            </div>
+            <div>
+                <ul class="extauth">
+                    @foreach(var provider in Model.ExternalIdProviders)
+                    {
+                        <li>
+                            <a class="btn btn-secondary" href="@Url.Action("ExternalLogin", "Home", new { scheme = provider.AuthenticationScheme })">@provider.DisplayName</a>
+                        </li>
+                    }
+                </ul>
+            </div>
+        </div>
+    </div>
+</div>