IdentityServer3.Admin icon indicating copy to clipboard operation
IdentityServer3.Admin copied to clipboard
verified publisher icon IdentityServer

More configuration options

Open eddietisma opened this issue 8 years ago • 1 comments

I'm running IdentityServer3 and trying to host the admin interface on different URL than IdentityServer3, and ran into some configuration issues.

  1. The authorization endpoint for oidc-token-manager is hard-coded to use request path + "/authorize".
  2. I want to use my own AdminSecurityConfiguration based on UseIdentityServerBearerTokenAuthentication in IdentityServer3.AccessTokenValidation nuget. Currently this is not possible due to internal constructor.
  3. The client_id for oidc-token-manager is harded-coded to use Constants.IdAdmMgrClientId.

I would rather get this into your nuget instead of having my own fork. What do you think?

eddietisma avatar Jun 23 '17 01:06 eddietisma

To get a better picture, this is what I'm trying to achieve:

public static class IdentityServerAdminConfig
{
    public static void Configuration(IAppBuilder app)
    {
        JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary<string, string>();
            
        var options = new IdentityAdminOptions
        {
            AdminSecurityConfiguration = new IdentityServerAdminBearerTokenConfig
            {
                RequireSsl = false,
                BearerAuthenticationType = Constants.BearerAuthenticationType,
                AdminRoleName = "OidcAdmin",
                OidcSettings = new
                {
                    authority = AuthorityConfig.Authority,
                    response_type = "id_token token",
                    scope = "openid profile roles oidc.adminApi",
                    client_id = "oidc.admin",
                    redirect_uri = AuthorityConfig.Authority + "/admin" + Constants.CallbackFragment,
                    authorization_endpoint = AuthorityConfig.AuthorizeEndpoint,
                }
            },
            Factory = TacdisIdentityServerAdminServiceFactory.CreateFactory(),
        };

        app.UseIdentityAdmin(options);
    }
}

public class IdentityServerAdminBearerTokenConfig : AdminSecurityConfiguration
{
    public override void Configure(IAppBuilder app)
    {
        JwtSecurityTokenHandler.InboundClaimTypeMap.Clear();

        var options = new IdentityServerBearerTokenAuthenticationOptions
        {
            Authority = AuthorityConfig.Authority,
            ValidationMode = ValidationMode.Local,
            AuthenticationMode = AuthenticationMode.Active,
            RequiredScopes = new[] { "oidc.adminApi" },
            DelayLoadMetadata = true,
        };

        app.UseIdentityServerBearerTokenAuthentication(options);
    }
}

eddietisma avatar Jun 23 '17 02:06 eddietisma