WSO2 Identity Server with OpenId Connect

1
votes

I am trying to use WSO2 Identity Server (5.1.0) with Asp.Net MVC, as a proof of concept i created a sample asp.net MVC project in visual studio 2015.

Following the WSO2 Guide, i have configured the identity server as required.

https://docs.wso2.com/display/IS510/OpenID+Connect+with+the+WSO2+Identity+Server+and+WSO2+OAuth2+Playground

On the sample application, i have added reference to Microsoft.Owin.Security.OpenIdConnect and added code to ConfigureAuth in Startup.Auth.cs file.

    public void ConfigureAuth(IAppBuilder app)
    {
        // Configure the db context, user manager and signin manager to use a single instance per request
        app.CreatePerOwinContext(ApplicationDbContext.Create);
        app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
        app.CreatePerOwinContext<ApplicationSignInManager>(ApplicationSignInManager.Create);

        // Enable the application to use a cookie to store information for the signed in user
        // and to use a cookie to temporarily store information about a user logging in with a third party login provider
        // Configure the sign in cookie
        app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
            LoginPath = new PathString("/Account/Login"),
            Provider = new CookieAuthenticationProvider
            {
                // Enables the application to validate the security stamp when the user logs in.
                // This is a security feature which is used when you change a password or add an external login to your account.  
                OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
                    validateInterval: TimeSpan.FromMinutes(30),
                    regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
            }
        });            
        app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);

        // Enables the application to temporarily store user information when they are verifying the second factor in the two-factor authentication process.
        app.UseTwoFactorSignInCookie(DefaultAuthenticationTypes.TwoFactorCookie, TimeSpan.FromMinutes(5));

        // Enables the application to remember the second login verification factor such as phone or email.
        // Once you check this option, your second step of verification during the login process will be remembered on the device where you logged in from.
        // This is similar to the RememberMe option when you log in.
        app.UseTwoFactorRememberBrowserCookie(DefaultAuthenticationTypes.TwoFactorRememberBrowserCookie);

        // Uncomment the following lines to enable logging in with third party login providers
        //app.UseMicrosoftAccountAuthentication(
        //    clientId: "",
        //    clientSecret: "");

        //app.UseTwitterAuthentication(
        //   consumerKey: "",
        //   consumerSecret: "");

        //app.UseFacebookAuthentication(
        //   appId: "",
        //   appSecret: "");

        //app.UseGoogleAuthentication(new GoogleOAuth2AuthenticationOptions()
        //{
        //    ClientId = "",
        //    ClientSecret = ""
        //});

        app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
        {
            ClientId = "SENmQQ9fOWcrqXjK1u3lXINhXtEa",
            ClientSecret = "bFBJQqj4GT2Wfv8735fTTuHh3Isa",
            Authority = "https://localhost:9443",
            RedirectUri = "https://wso2openid.local.co.uk/Account/ExternalLoginCallback",
            SignInAsAuthenticationType = "ClientCredCookie",
            ResponseType = "id_token token",
            Scope = "openid",

            Configuration = new OpenIdConnectConfiguration
            {
                AuthorizationEndpoint = "https://localhost:9443/oauth2/authorize",
                TokenEndpoint = "https://localhost:9443/oauth2/token"
            },

            Notifications = new OpenIdConnectAuthenticationNotifications()
            {
                RedirectToIdentityProvider = n =>
                {
                    return Task.FromResult(0);
                },

                SecurityTokenReceived = n =>
                {
                    return Task.FromResult(0);
                },

                AuthorizationCodeReceived = n =>
                {
                    return Task.FromResult(0);
                },

                SecurityTokenValidated = n =>
                {
                    var token = n.ProtocolMessage.AccessToken;

                    // persist access token in cookie
                    if (!string.IsNullOrEmpty(token))
                    {
                        n.AuthenticationTicket.Identity.AddClaim(
                            new Claim("access_token", token));
                    }

                    return Task.FromResult(0);
                },

                AuthenticationFailed = notification =>
                {
                    if (string.Equals(notification.ProtocolMessage.Error, "access_denied", StringComparison.Ordinal))
                    {
                        notification.HandleResponse();

                        notification.Response.Redirect("/");
                    }

                    return Task.FromResult<object>(null);
                }
            }
        });
    }

When i run the application, on login it redirects to WSO2 Identity Server login and manage to login but when it redirect to Account\ExternalLoginCallback, the logininfo is always null.

var loginInfo = await AuthenticationManager.GetExternalLoginInfoAsync();

Any advise as to why this is not working will be appreciated.?

NB: I tried to put a break point on SecurityTokenValidated but it did not hit that break point. The only breakpoint which i got hit was RedirectToIdentityProvider.

1
asp.net-mvcwso2wso2is
Do you see any error printed on the console when this happens. Can you provide the debug logs to get to the root of this problem? To enable debug logs uncomment the line, #log4j.logger.org.wso2.carbon.identity.oauth2=DEBUG in the log4j.properties found under $IS_HOME/repository/conf/ where $IS_HOME is the root directory of the IS installation. Update the question with the console debug logs when you try out the flow.farasath

1 Answers

0
votes

It's work well for me:

Step1 : Config WSO2 with this: https://docs.wso2.com/display/IS570/Logging+in+to+a+.NET+application+using+the+Identity+Server

Step2:

   public async Task<RedirectResult> LoginOAuth()
    {
        var url = "https://localhost:9443/oauth2/authorize?response_type=code&client_id=5a8urZQAc0r4R7iUS9ar1wOoq9Ma&scope=openid&redirect_uri=http://localhost:49545/Home/GetCode";

        var client = new HttpClient();
        var response = await client.GetAsync(url);
        
        string urlDistance = response.RequestMessage.RequestUri.ToString();
        client.Dispose();

        return Redirect(urlDistance);
    }


    public async Task<RedirectToRouteResult> GetCode()
    {
        //باشد GetCode همشون حتما باید
        var client = new HttpClient();
        string code = Request.QueryString["code"];
        string sessionState = Request.QueryString["session_state"];
        string client_id = Request.QueryString["client_id"];
        client.Dispose();
        //از طریق ارسال کد میخواد توکن رو بگیره
        //****************
        var values = new Dictionary<string, string>
        {
            { "code", code },
            { "sessionState", sessionState },
            { "client_id", "5a8urZQAc0r4R7iUS9ar1wOoq9Ma" },
            { "client_secret", "b0yefcCc4ftVYJm7ffQi2IZZ0eMa" },
            { "grant_type", "authorization_code" },
            { "redirect_uri", "http://localhost:49545/Home/GetCode" }//??????????????
        };
        var content = new FormUrlEncodedContent(values);
        client = new HttpClient();
        var response2 = await client.PostAsync("https://localhost:9443/oauth2/token", content);
        string responseString = await response2.Content.ReadAsStringAsync();
        JObject jsonResult = JObject.Parse(responseString);

        string access_token = jsonResult["access_token"].ToString();
        string refresh_token = jsonResult["refresh_token"].ToString();
        string scope = jsonResult["scope"].ToString();
        string id_token = jsonResult["id_token"].ToString();
        string token_type = jsonResult["token_type"].ToString();
        string expires_in = jsonResult["expires_in"].ToString();
        
        //**************

        var httpClient = new HttpClient();
        httpClient.BaseAddress = new Uri("https://localhost:9443/oauth2/userinfo?schema=openid");
        httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", access_token);
        string result = await httpClient.GetStringAsync("/oauth2/userinfo?schema=openid");


        return RedirectToAction("Contact");
    }