AspNetCore.IdentityServer4.Sample icon indicating copy to clipboard operation
AspNetCore.IdentityServer4.Sample copied to clipboard

verified publisher icon KarateJB

Metadata

Identity Server 4 + OpenLDAP sample code

License

Features

Supported Grant types

  • Resource Owner Password
  • Client Credential
  • Authorization Code (PKCE)
    • MVC Cookie based
    • JS client

Supported Deploy methodology

  • Docker Compose
  • Kubernetes

Tutorials

Open API document

After start the Identity Server, you can find the Open API document on

https://localhost:6001/swagger

LDAP User Management

Route Http method Description
/api/LdapUser POST Create a LDAP User
/api/LdapUser PUT Update a LDAP User
/api/LdapUser/ResetPwd PUT Reset password
/api/LdapUser/{userName} DELETE Remove a LDAP user

Get started

(Optional) Update appsettings.json file

Update the following config to connect to your own OpenOLAP service.

"LdapServer": {
    "Url": "localhost",
    "Port": 389,
    "Ssl": false,
    "BindDn": "cn=admin,dc=example,dc=org",
    "BindCredentials": "admin",
    "SearchBase": "dc=example,dc=org",
    "searchFilter": "(&(objectClass=person)(uid={0}))"
  }

To support authentication by multiple LDAP, use the configuration of appsettings.MultiLdap.json

Restore packages

$ cd src
$ dotnet restore

(Optional) Use Gulp to Run multple applications in the same time

You can use gulp to run Auth Serice and API Service in the same time

  1. Install package globally
$ npm install -g gulp
$ npm install -g gulp-exec
  1. Create npm link locally
$ npm link gulp
$ npm link gulp-exec
  1. Run applications
$ gulp run

or run Auth Service(auth) or API Service(webapi) individually.

$ gulp auth
$ gulp webapi

Run on docker

Method 1. Build Docker images and start containers on local Docker host

$ cd docker
$ docker-compose build [--no-cache]
$ docker-compose up -d

Method 2. Build Docker images and start containers on ubuntu

Use Ansible playbook to install Docker and deploy, see the sample playbook here

Run on Kubernetes

1. Refine the internal IP of files in kubernets/artifects/

2. Execute commands

$ cd kubernetes
$ kubectl apply -f kubernetes-namespace.yml
$ kubectl create secret generic secret-appsettings-auth --from-file=./artifects/auth/appsettings.Kubernetes.json --namespace idsrv-demo
$ kubectl create secret generic secret-appsettings-backend --from-file=./artifects/backend/appsettings.Kubernetes.json --namespace idsrv-demo
$ kubectl create secret generic secret-js-appconfig-backend --from-file=./artifects/backend/app-config.js --namespace idsrv-demo
$ kubectl create secret generic secret-appsettings-health --from-file=./artifects/health/appsettings.Kubernetes.json --namespace idsrv-demo
$ kubectl apply -f kubernetes-idsrv-deployments.yml --namespace idsrv-demo

Appedix

Create certificate by OpenSSL

$ openssl req -newkey rsa:4096 -nodes -sha256 -keyout certs/Docker.key -x509 -days 3650 -out certs/Docker.crt
$ openssl pkcs12 -export -out certs/Docker.pfx -inkey certs/Docker.key -in certs/Docker.crt

How to trust Self-signed certificate in Linux container

$ apt-get install ca-certificates

$ CERT=Docker.crt
$ cp /etc/docker/$CERT /usr/share/ca-certificates

Then include the certificate,

$ dpkg-reconfigure ca-certificates

Choose 3. ask options and select the Self-signed certificate.

Finally,

$ CERT=Docker.crt
$ echo "+$CERT" >/etc/ca-certificates/update.d/activate_my_cert
$ cp /etc/docker/$CERT /usr/local/share/ca-certificates/
$ update-ca-certificates

Reference

Metadata

40
Stars
21
Forks
Watchers

Owner

verified publisher icon KarateJB

Metadata

Identity Server 4 + OpenLDAP sample code

Back