-
Notifications
You must be signed in to change notification settings - Fork 6
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* Update IdentityProvidersHandler.cs * Update SpidCieOIDCConfiguration.cs * Update RPOpenIdFederationMiddleware.cs * Managed SA and code refactoring
- Loading branch information
1 parent
359d801
commit f7c4f92
Showing
126 changed files
with
1,830 additions
and
1,317 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -180,7 +180,8 @@ In particular, a 'SpidCie' section can be added to the configuration which has t | |
"AuthorityHints": [ "http://trust-anchor.org:8000" ], | ||
"TrustMarks": [ | ||
{ | ||
"id": "https://www.spid.gov.it/openid-federation/agreement/sp-private", | ||
"id": "https://preprod.oidc.registry.servizicie.interno.gov.it/intermediate/private", | ||
"issuer": "https://preprod.oidc.registry.servizicie.interno.gov.it" | ||
"trust_mark": "eyJhbGc...." | ||
} | ||
], | ||
|
@@ -200,8 +201,18 @@ In particular, a 'SpidCie' section can be added to the configuration which has t | |
"MetadataPolicy": {}, | ||
"RelyingParties": [ | ||
{ | ||
"AuthorityHints": [ | ||
"http://aspnetcore.aggregator.org:5000/" | ||
], | ||
"Id": "http://aspnetcore.aggregator.org:5000/TestRP/", | ||
"Name": "RP Test", | ||
"OpenIdCoreCertificates": [ | ||
{ | ||
"Algorithm": "RS256", //Or RSA-OAEP-256 | ||
"Certificate": "base64", | ||
"KeyUsage": "Signature" //Or Encryption | ||
} | ||
], | ||
"OrganizationName": "RP Test", | ||
"OrganizationType": "Public", // or Private | ||
"HomepageUri": "http://aspnetcore.aggregator.org:5000/TestRP/", | ||
|
@@ -210,6 +221,9 @@ In particular, a 'SpidCie' section can be added to the configuration which has t | |
"SecurityLevel": 2, | ||
"Contacts": [ "[email protected]" ], | ||
"LongSessionsEnabled": true, | ||
"RedirectUris": [ | ||
"http://aspnetcore.aggregator.org:5000/TestRP/signin-oidc-spidcie" | ||
] | ||
"RequestedClaims": [ | ||
"Name", | ||
"FamilyName", | ||
|
@@ -218,9 +232,11 @@ In particular, a 'SpidCie' section can be added to the configuration which has t | |
"DateOfBirth", | ||
"PlaceOfBirth" | ||
], | ||
"SecurityLevel": "L1", //Or L2 or L3 | ||
"TrustMarks": [ | ||
{ | ||
"Id": "https://registry.interno.gov.it/openid_relying_party/public/", | ||
"Issuer": "http://aspnetcore.aggregator.org:5000", | ||
"TrustMark": "eyJhbGc...." | ||
} | ||
] | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -3,6 +3,7 @@ | |
using Microsoft.AspNetCore.TestHost; | ||
using Microsoft.IdentityModel.Protocols.OpenIdConnect; | ||
using Spid.Cie.OIDC.AspNetCore.Configuration; | ||
using Spid.Cie.OIDC.AspNetCore.Enums; | ||
using Spid.Cie.OIDC.AspNetCore.Helpers; | ||
using Spid.Cie.OIDC.AspNetCore.Models; | ||
using System; | ||
|
@@ -47,7 +48,7 @@ public TestSettings(Action<SpidCieOptions> configure) | |
Contacts = new() { "[email protected]" }, | ||
AuthorityHints = new() { "http://127.0.0.1:8000/oidc/op/" }, | ||
RedirectUris = new() { "http://127.0.0.1:5000/signin-spidcie" }, | ||
SecurityLevel = SecurityLevel.L2, | ||
SecurityLevel = SecurityLevels.L2, | ||
LongSessionsEnabled = false, | ||
TrustMarks = new() | ||
{ | ||
|
@@ -57,7 +58,21 @@ public TestSettings(Action<SpidCieOptions> configure) | |
TrustMark = "eyJhbGciOiJSUzI1NiIsImtpZCI6IkZpZll4MDNibm9zRDhtNmdZUUlmTkhOUDljTV9TYW05VGM1bkxsb0lJcmMiLCJ0eXAiOiJ0cnVzdC1tYXJrK2p3dCJ9.eyJpc3MiOiJodHRwOi8vMTI3LjAuMC4xOjgwMDAvIiwic3ViIjoiaHR0cDovL2xvY2FsaG9zdDo1MDAwLyIsImlhdCI6MTY0NzI3Njc2NiwiaWQiOiJodHRwczovL3d3dy5zcGlkLmdvdi5pdC9jZXJ0aWZpY2F0aW9uL3JwIiwibWFyayI6Imh0dHBzOi8vd3d3LmFnaWQuZ292Lml0L3RoZW1lcy9jdXN0b20vYWdpZC9sb2dvLnN2ZyIsInJlZiI6Imh0dHBzOi8vZG9jcy5pdGFsaWEuaXQvaXRhbGlhL3NwaWQvc3BpZC1yZWdvbGUtdGVjbmljaGUtb2lkYy9pdC9zdGFiaWxlL2luZGV4Lmh0bWwifQ.uTbO9gbx3cyNgs4LS-zij9kOC1alQuxFytsPNjwloGdnoGj_4PCJasMxmKVyUJXkXKQGeiG69oXBnf6sL9McYP6RYklhqFBR0hW4X5H5qc4vDYetDo8ajzocMZm050YzTrUObwy3OLOQRGLuWvg2uifRy8YCC0xD0OxoeBaEeURM_zkU3PFQ76RLP2W8b63J37behBevrO1lKJHhyfE4oJ6qFpR2Vk0367mMu7c0vhuTZYw8a5UkDbYR4L77vyzVlpE1duL5ibvREV4YMuMtWbI9fn1nlpgtmTp1Z089PN_PHVQHBrmHRG6jcwU6JCOdNXFBTsXtglU-xRng99Z6aQ" | ||
} | ||
}, | ||
OpenIdCoreCertificates = new() { certificate }, | ||
OpenIdCoreCertificates = | ||
[ | ||
new RPOpenIdCoreCertificate | ||
{ | ||
Algorithm = "RS256", | ||
Certificate = certificate, | ||
KeyUsage = KeyUsageTypes.Signature | ||
}, | ||
new RPOpenIdCoreCertificate | ||
{ | ||
Algorithm = "RSA-OAEP-256", | ||
Certificate = certificate, | ||
KeyUsage = KeyUsageTypes.Encryption | ||
}, | ||
], | ||
OpenIdFederationCertificates = new() { certificate }, | ||
RequestedClaims = new() | ||
{ | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,5 +1,6 @@ | ||
using Microsoft.Extensions.Options; | ||
using Spid.Cie.OIDC.AspNetCore.Configuration; | ||
using Spid.Cie.OIDC.AspNetCore.Enums; | ||
using Spid.Cie.OIDC.AspNetCore.Models; | ||
using System; | ||
using System.Security.Cryptography.X509Certificates; | ||
|
@@ -34,7 +35,7 @@ public SpidCieOptions Get(string name) | |
Contacts = new() { "[email protected]" }, | ||
AuthorityHints = new() { "http://127.0.0.1:8000/" }, | ||
RedirectUris = new() { "http://127.0.0.1:5000/signin-oidc" }, | ||
SecurityLevel = SecurityLevel.L2, | ||
SecurityLevel = SecurityLevels.L2, | ||
LongSessionsEnabled = false, | ||
TrustMarks = new() | ||
{ | ||
|
@@ -44,7 +45,21 @@ public SpidCieOptions Get(string name) | |
TrustMark = "eyJhbGciOiJSUzI1NiIsImtpZCI6IkZpZll4MDNibm9zRDhtNmdZUUlmTkhOUDljTV9TYW05VGM1bkxsb0lJcmMiLCJ0eXAiOiJ0cnVzdC1tYXJrK2p3dCJ9.eyJpc3MiOiJodHRwOi8vMTI3LjAuMC4xOjgwMDAvIiwic3ViIjoiaHR0cDovL2xvY2FsaG9zdDo1MDAwLyIsImlhdCI6MTY0NzI3Njc2NiwiaWQiOiJodHRwczovL3d3dy5zcGlkLmdvdi5pdC9jZXJ0aWZpY2F0aW9uL3JwIiwibWFyayI6Imh0dHBzOi8vd3d3LmFnaWQuZ292Lml0L3RoZW1lcy9jdXN0b20vYWdpZC9sb2dvLnN2ZyIsInJlZiI6Imh0dHBzOi8vZG9jcy5pdGFsaWEuaXQvaXRhbGlhL3NwaWQvc3BpZC1yZWdvbGUtdGVjbmljaGUtb2lkYy9pdC9zdGFiaWxlL2luZGV4Lmh0bWwifQ.uTbO9gbx3cyNgs4LS-zij9kOC1alQuxFytsPNjwloGdnoGj_4PCJasMxmKVyUJXkXKQGeiG69oXBnf6sL9McYP6RYklhqFBR0hW4X5H5qc4vDYetDo8ajzocMZm050YzTrUObwy3OLOQRGLuWvg2uifRy8YCC0xD0OxoeBaEeURM_zkU3PFQ76RLP2W8b63J37behBevrO1lKJHhyfE4oJ6qFpR2Vk0367mMu7c0vhuTZYw8a5UkDbYR4L77vyzVlpE1duL5ibvREV4YMuMtWbI9fn1nlpgtmTp1Z089PN_PHVQHBrmHRG6jcwU6JCOdNXFBTsXtglU-xRng99Z6aQ" | ||
} | ||
}, | ||
OpenIdCoreCertificates = _noKeys ? new() : new() { certificate }, | ||
OpenIdCoreCertificates = _noKeys ? new() : new() | ||
{ | ||
new RPOpenIdCoreCertificate | ||
{ | ||
Algorithm = "RS256", | ||
Certificate = certificate, | ||
KeyUsage = KeyUsageTypes.Signature | ||
}, | ||
new RPOpenIdCoreCertificate | ||
{ | ||
Algorithm = "RSA-OAEP-256", | ||
Certificate = certificate, | ||
KeyUsage = KeyUsageTypes.Encryption | ||
} | ||
}, | ||
OpenIdFederationCertificates = _noKeys ? new() : new() { certificate }, | ||
}); ; | ||
} | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.