Aguacongas.IdentityServer.WsFederation.Duende
9.1.2
dotnet add package Aguacongas.IdentityServer.WsFederation.Duende --version 9.1.2
NuGet\Install-Package Aguacongas.IdentityServer.WsFederation.Duende -Version 9.1.2
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.
<PackageReference Include="Aguacongas.IdentityServer.WsFederation.Duende" Version="9.1.2" />
For projects that support PackageReference, copy this XML node into the project file to reference the package.
<PackageVersion Include="Aguacongas.IdentityServer.WsFederation.Duende" Version="9.1.2" />
<PackageReference Include="Aguacongas.IdentityServer.WsFederation.Duende" />
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package.
paket add Aguacongas.IdentityServer.WsFederation.Duende --version 9.1.2
The NuGet Team does not provide support for this client. Please contact its maintainers for support.
#r "nuget: Aguacongas.IdentityServer.WsFederation.Duende, 9.1.2"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.
#:package Aguacongas.IdentityServer.WsFederation.Duende@9.1.2
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package.
#addin nuget:?package=Aguacongas.IdentityServer.WsFederation.Duende&version=9.1.2
#tool nuget:?package=Aguacongas.IdentityServer.WsFederation.Duende&version=9.1.2
The NuGet Team does not provide support for this client. Please contact its maintainers for support.
Aguacongas.IdentityServer.WsFederation.Duende
Add a WS-Federation controller to your Duende IdentityServer.
Setup
services.AddIdentityServer()
.AddKeysRotation(options => configuration.GetSection(nameof(KeyRotationOptions))?.Bind(options));
services.AddControllersWithViews()
.AddIdentityServerWsFederation();
WS-Fedration depends on a
ISigningCredentialStore. You can register it usingAddSigningCredentialwith aX509Certificate2in place ofAddKeysRotationif you prefer.
Usage
wsfederation/metadata returns the WS-Federation metadata document.
You can add a client to you configuration with wsfed as protocol type:
new Client
{
ClientId = "urn:aspnetcorerp",
ProtocolType = ProtocolTypes.WsFederation,
RedirectUris = { "http://localhost:10314/" },
FrontChannelLogoutUri = "http://localhost:10314/account/signoutcleanup",
IdentityTokenLifetime = 36000,
AllowedScopes = { "openid", "profile" }
}
And configure the client to use WS-Federation authentication:
services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = WsFederationDefaults.AuthenticationScheme;
})
.AddCookie(options =>
{
options.Cookie.Name = "aspnetcorewsfed";
})
.AddWsFederation(options =>
{
options.MetadataAddress = "https://localhost:5443/wsfederation/metadata";
options.RequireHttpsMetadata = false;
options.Wtrealm = "urn:aspnetcorerp";
options.SignOutWreply = "https://localhost:10315";
options.SkipUnrecognizedRequests = true;
});
Metadata configuration
AddIdentityServerWsFederation extension accept a IConfiguration or a WsFederationOptions parameter to configure the metadata document génération with claims lists.
mvcBuilder.AddIdentityServerWsFederation(configurationManager.GetSection(nameof(WsFederationOptions)));
"WsFederationOptions": {
"ClaimTypesOffered": [
{
"Uri": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name",
"DisplayName": "Name",
"Description": "The unique name of the user"
},
{
"Uri": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier",
"DisplayName": "Name ID",
"Description": "The SAML name identifier of the user"
},
{
"Uri": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
"DisplayName": "E-Mail Address",
"Description": "The e-mail address of the user"
},
{
"Uri": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname",
"DisplayName": "Given Name",
"Description": "The given name of the user"
},
{
"Uri": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname",
"DisplayName": "Given Name",
"Description": "The given name of the user"
},
{
"Uri": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname",
"DisplayName": "Surname",
"Description": "The surname of the user"
},
{
"Uri": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirth",
"DisplayName": "Birth date",
"Description": "The birth date of the user"
},
{
"Uri": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/webpage",
"DisplayName": "Web page",
"Description": "The wep page of the user"
}
]
}
This add the ClaimTypesOffered collection to the metadata document:
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://localhost:5443">
<md:RoleDescriptor xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:fed="http://docs.oasis-open.org/wsfed/federation/200706" xsi:type="fed:SecurityTokenServiceType" protocolSupportEnumeration="http://docs.oasis-open.org/wsfed/federation/200706">
<md:KeyDescriptor use="signing">
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
...
</KeyInfo>
</md:KeyDescriptor>
<fed:ClaimTypesOffered>
<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" Optional="true">
<auth:DisplayName>Name</auth:DisplayName>
<auth:Description>The unique name of the user</auth:Description>
</auth:ClaimType>
<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" Optional="true">
<auth:DisplayName>Name ID</auth:DisplayName>
<auth:Description>The SAML name identifier of the user</auth:Description>
</auth:ClaimType>
<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" Optional="true">
<auth:DisplayName>E-Mail Address</auth:DisplayName>
<auth:Description>The e-mail address of the user</auth:Description>
</auth:ClaimType>
<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" Optional="true">
<auth:DisplayName>Given Name</auth:DisplayName>
<auth:Description>The given name of the user</auth:Description>
</auth:ClaimType>
<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" Optional="true">
<auth:DisplayName>Given Name</auth:DisplayName>
<auth:Description>The given name of the user</auth:Description>
</auth:ClaimType>
<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" Optional="true">
<auth:DisplayName>Surname</auth:DisplayName>
<auth:Description>The surname of the user</auth:Description>
</auth:ClaimType>
<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirth" Optional="true">
<auth:DisplayName>Birth date</auth:DisplayName>
<auth:Description>The birth date of the user</auth:Description>
</auth:ClaimType>
<auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/webpage" Optional="true">
<auth:DisplayName>Web page</auth:DisplayName>
<auth:Description>The wep page of the user</auth:Description>
</auth:ClaimType>
</fed:ClaimTypesOffered>
<fed:PassiveRequestorEndpoint>
<wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing">
<wsa:Address>https://localhost:5443/WsFederation</wsa:Address>
</wsa:EndpointReference>
</fed:PassiveRequestorEndpoint>
</md:RoleDescriptor>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
...
</Signature>
</md:EntityDescriptor>
You can also manage the ClaimTypesRequested and the TokenTypesOffered collections.
You can implement your IMetatdataSerializer if needed.
Implement your store
To access data the IWsFederationService use a IRelyingPartyStore. You can implement this interface and provide your implementation to the DI to ovveride the default IRelyingPartyStore implementation.
/// <summary>
/// Custom IRelyingPartyStore implementation
/// </summary>
/// <seealso cref="IRelyingPartyStore" />
public class MyRelyingPartyStore : IRelyingPartyStore
{
private readonly IAdminStore<Entity.Client> _clientStore;
private readonly IAdminStore<Entity.RelyingParty> _relyingPartyStore;
/// <summary>
/// Initializes a new instance of the <see cref="RelyingPartyStore" /> class.
/// </summary>
/// <param name="clientStore">The client store.</param>
/// <param name="relyingPartyStore">The relying party store.</param>
/// <exception cref="ArgumentNullException">adminStore</exception>
public MyRelyingPartyStore(IAdminStore<Entity.Client> clientStore, IAdminStore<Entity.RelyingParty> relyingPartyStore)
{
_clientStore = clientStore ?? throw new ArgumentNullException(nameof(clientStore));
_relyingPartyStore = relyingPartyStore ?? throw new ArgumentNullException(nameof(relyingPartyStore));
}
/// <summary>
/// Finds the relying party by realm.
/// </summary>
/// <param name="realm">The realm.</param>
/// <returns></returns>
public async Task<RelyingParty> FindRelyingPartyByRealm(string realm)
{
var client = await _clientStore.GetAsync(realm, null).ConfigureAwait(false);
var relyingPartyId = client.RelyingPartyId;
var entity = await _relyingPartyStore.GetAsync(relyingPartyId, new GetRequest
{
Expand = nameof(Entity.RelyingParty.ClaimMappings)
}).ConfigureAwait(false);
if (entity == null)
{
return null;
}
return new RelyingParty
{
ClaimMapping = entity.ClaimMappings.ToDictionary(m => m.FromClaimType, m => m.ToClaimType),
DigestAlgorithm = entity.DigestAlgorithm,
EncryptionCertificate = entity.EncryptionCertificate != null ? X509CertificateLoader.LoadCertificate(entity.EncryptionCertificate) : null,
Realm = entity.Id,
SamlNameIdentifierFormat = entity.SamlNameIdentifierFormat,
SignatureAlgorithm = entity.SignatureAlgorithm,
TokenType = entity.TokenType
};
}
}
The DI configuration become:
services.AddIdentityServer()
.AddKeysRotation(options => configuration.GetSection(nameof(KeyRotationOptions))?.Bind(options));
services.AddControllersWithViews()
.AddIdentityServerWsFederation();
services.AddTransient<IRelyingPartyStore, MyRelyingPartyStore>();
| Product | Versions Compatible and additional computed target framework versions. |
|---|---|
| .NET | net9.0 is compatible. net9.0-android was computed. net9.0-browser was computed. net9.0-ios was computed. net9.0-maccatalyst was computed. net9.0-macos was computed. net9.0-tvos was computed. net9.0-windows was computed. net10.0 was computed. net10.0-android was computed. net10.0-browser was computed. net10.0-ios was computed. net10.0-maccatalyst was computed. net10.0-macos was computed. net10.0-tvos was computed. net10.0-windows was computed. |
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.
-
net9.0
- Aguacongas.IdentityServer.Duende (>= 9.1.2)
- Aguacongas.IdentityServer.KeysRotation.Duende (>= 9.1.2)
- Aguacongas.IdentityServer.WsFederation (>= 9.1.2)
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.
| Version | Downloads | Last Updated |
|---|---|---|
| 9.1.2 | 117 | 9/7/2025 |
| 9.1.1 | 482 | 3/18/2025 |
| 9.1.1-preview21- | 145 | 3/18/2025 |
| 9.1.0 | 191 | 2/22/2025 |
| 9.0.0 | 139 | 2/22/2025 |
| 9.0.0-preview106- | 96 | 2/22/2025 |
| 8.3.0 | 328 | 12/28/2024 |
| 8.2.1 | 140 | 12/28/2024 |
| 8.2.0 | 217 | 11/9/2024 |
| 8.1.1 | 149 | 11/9/2024 |
| 8.1.0-preview57- | 108 | 11/3/2024 |
| 8.0.1 | 944 | 9/22/2024 |
| 8.0.0 | 597 | 3/9/2024 |
| 8.0.0-preview1-0001 | 253 | 11/18/2023 |
| 7.4.6 | 524 | 10/28/2023 |
| 7.4.5 | 229 | 10/12/2023 |
| 7.4.4 | 353 | 8/10/2023 |
| 7.4.3 | 273 | 7/20/2023 |
| 7.4.2 | 287 | 7/13/2023 |
| 7.4.1 | 275 | 6/15/2023 |
| 7.4.0 | 251 | 6/4/2023 |
| 7.3.0 | 338 | 4/13/2023 |
| 7.3.0-preview1-0073 | 195 | 4/10/2023 |
| 7.2.2 | 338 | 3/20/2023 |
| 7.2.1 | 560 | 3/16/2023 |
| 7.1.2 | 418 | 2/3/2023 |
| 7.1.1 | 417 | 1/26/2023 |
| 7.1.0 | 385 | 1/21/2023 |
| 7.0.3 | 371 | 1/18/2023 |
| 7.0.2 | 429 | 12/15/2022 |
| 7.0.1 | 448 | 11/23/2022 |
| 7.0.0 | 416 | 11/21/2022 |
| 7.0.0-preview1-0250 | 223 | 11/9/2022 |
| 6.3.1 | 408 | 12/15/2022 |
| 6.3.0 | 764 | 7/1/2022 |
| 6.2.1 | 618 | 6/13/2022 |
| 6.2.0 | 559 | 6/12/2022 |
| 6.1.0 | 607 | 5/29/2022 |
| 6.0.1 | 587 | 5/24/2022 |
| 6.0.1-fix-release-6-0-01-0002 | 255 | 5/24/2022 |
| 6.0.0 | 578 | 5/21/2022 |
| 5.0.0-preview1-0264 | 257 | 5/21/2022 |
| 5.0.0-preview1-0020 | 282 | 5/8/2022 |
| 5.0.0-preview1-0019 | 261 | 5/8/2022 |
| 5.0.0-preview1-0018 | 258 | 5/7/2022 |
| 5.0.0-preview1-0017 | 276 | 5/7/2022 |
| 5.0.0-merge-release4-6-61-0194 | 248 | 5/12/2022 |
| 4.7.0-preview1-0125 | 264 | 4/23/2022 |
| 4.6.6 | 548 | 5/12/2022 |
| 4.6.5 | 812 | 4/28/2022 |
| 4.6.4 | 627 | 4/21/2022 |
| 4.6.3 | 633 | 4/14/2022 |
| 4.6.2 | 707 | 4/2/2022 |
| 4.6.1 | 669 | 3/31/2022 |
| 4.6.0 | 638 | 3/30/2022 |
| 4.5.3 | 696 | 3/23/2022 |
| 4.5.2 | 701 | 3/19/2022 |
| 4.5.1 | 663 | 3/17/2022 |
| 4.5.0 | 656 | 3/13/2022 |
| 4.4.0 | 750 | 2/13/2022 |
| 4.3.3 | 747 | 2/9/2022 |
| 4.3.2 | 775 | 2/3/2022 |
| 4.3.1 | 742 | 1/28/2022 |
| 4.3.0 | 753 | 1/17/2022 |
| 4.2.0 | 957 | 10/17/2021 |
| 4.1.0 | 1,003 | 10/13/2021 |
| 4.0.1 | 913 | 10/9/2021 |
| 4.0.0 | 960 | 9/21/2021 |
| 4.0.0-preview1-0046 | 418 | 9/18/2021 |
| 4.0.0-preview1-0003 | 381 | 9/18/2021 |
| 4.0.0-preview1-0002 | 400 | 9/18/2021 |