stackoom
  简体   繁体   中英

Client certificate with Hybrid Authentication Flow

 原文  2016-09-05 16:36:14       c#/ asp.net-mvc/ oauth-2.0/ identityserver3/ openid-connect

Question

I'm developing a authentication/authorization server with IdentityServer3 and everything worked fine until now.

I'm trying to verify the hybrid flow client by a X509Certificate instead of the hashed secret in the samples.

My question is: How do I configure the client application to send the certificate for the authentication flow?

I saw in the source code for X509CertificateSecretParser.cs in order to get the client certificate, the owin environment variable "ssl.ClientCertificate" must have a value, but I cannot find where this value is set, even in the Microsoft.Owin source code.

I also try to use the certificate that I'm loading on the server as the SSL certificate for the client application, but this doesn't work too.

Code for setup the client secret: 

[my client].ClientSecrets.Add(new Secret
{
    Value = Convert.ToBase64String(cert.Export(X509ContentType.Cert)),
    Type = Constants.SecretTypes.X509CertificateBase64
});

Code for setup de authentication of the client application: 

app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
    Authority = ...,
    Scope = ...,
    ClientId = ...,
    RedirectUri = ...,
    ResponseType = "code id_token token",
    ClientSecret = "" , //What should I do with this?
    SignInAsAuthenticationType = "Cookies",
    Notifications = new OpenIdConnectAuthenticationNotifications
    {
        RedirectToIdentityProvider = ...,
        AuthorizationCodeReceived = ...
    }
});

1 answers

solution1
 0  2016-09-12 16:18:40

a) You need to enable client certificates on IIS - our host has this commented out:

https://github.com/IdentityServer/IdentityServer3/blob/master/source/Host.Web/Web.config#L19

This will populate the OWIN SSL environment variable after a successful HTTPS handshake.

b) The OpenID Connect middleware will not automatically contact the token endpoint for you. You need to do that manually. This way you can configure the client cert to use. Here's a sample:

https://github.com/IdentityServer/IdentityServer3.Samples/blob/master/source/Clients/ClientCertificateConsoleClient/Program.cs#L26

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Identity Server 4 Hybrid Flow error with Client Secret Hybrid Flow Client Credentials OAuth 2.0 SignalR with Client Certificate Authentication WCF and client certificate authentication Want to add Hybrid Flow Authentication to the (dotnet) backend of a SPA Client Certificate Authentication using Owin Client certificate authentication on certain requests IdentityServer call API with token delivered to MVC client wit hybrid flow Identity Server: Add claims to access token in hybrid flow in MVC client WCF client with Client Certificate and Basic Authentication
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM