/sso-admin

The administration for Aibol2 System SSO System based on IdentityServer4.

Primary LanguageC#MIT LicenseMIT

Logo

Skoruba.IdentityServer4.Admin

The administration of the IdentityServer4 and Asp.Net Core Identity

Project Status

Build status Build Status Join the chat at https://gitter.im/skoruba/IdentityServer4.Admin

This is currently in beta version

The application is written in the Asp.Net Core MVC - using .NET Core 2.2

NOTE: Works only with IdentityServer4 version => 2.3.0 🚀

Requirements

  • Install the latest .NET Core 2.x SDK (using older versions may lead to 502.5 errors when hosted on IIS or application exiting immediately after starting when self-hosted)

Installation via dotnet new template

  • Install the dotnet new template:
dotnet new -i Skoruba.IdentityServer4.Admin.Templates::1.0.0-beta5-update2
  • Create new project:
dotnet new skoruba.is4admin --name MyProject --title MyProject --adminrole MyRole --adminclientid MyClientId

Project template options:

--name: [string value] for project name
--title: [string value] for title and footer of the administration in UI
--adminrole: [string value] for name of admin role, that is used to authorize the administration
--adminclientid: [string value] for client name, that is used in the IdentityServer4 configuration

How to use existing IdentityServer4 instance

How to configure Asp.Net Core Identity - database, primary key data type

Template uses following list of nuget packages

Running in Visual Studio

  • Set Startup projects:
    • Skoruba.IdentityServer4.Admin
    • Skoruba.IdentityServer4.STS.Identity

Configuration of Administration for Deployment

Administration UI preview

  • This administration uses bootstrap 4

Admin-preview

  • Forms:

Admin-preview-form

Cloning

git clone https://github.com/skoruba/IdentityServer4.Admin

Installation of the Client Libraries

cd src/Skoruba.IdentityServer4.Admin
npm install

cd src/Skoruba.IdentityServer4.STS.Identity
npm install

Bundling and Minification

The following Gulp commands are available:

  • gulp fonts - copy fonts to the dist folder
  • gulp styles - minify CSS, compile SASS to CSS
  • gulp scripts - bundle and minify JS
  • gulp clean - remove the dist folder
  • gulp build - run the styles and scripts tasks

EF Core & Data Access

  • Run entity framework migrations - for instance from Visual Studio command line (Nuget package manager):
Add-Migration DbInit -context AdminDbContext -output Data/Migrations
Update-Database -context AdminDbContext
  • Or via dotnet CLI:
dotnet ef migrations add DbInit -c AdminDbContext -o Data/Migrations
dotnet ef database update -c AdminDbContext

Migrations are not a part of the repository - they are ignored in .gitignore.

We suggest to use seed data:

  • In Program.cs -> Main, uncomment DbMigrationHelpers.EnsureSeedData(host) or use dotnet CLI dotnet run /seed
  • The Clients and Resources files in Configuration/IdentityServer are the initial data, based on a sample from IdentityServer4
  • The Users file in Configuration/Identity contains the default admin username and password for the first login

Using other database engines - PostgreSQL, SQLite, MySQL etc.

Authentication and Authorization

  • Change the specific URLs and names for the IdentityServer and Authentication settings in Constants/AuthenticationConsts or appsettings.json
  • Constants/AuthorizationConsts.cs contains configuration of constants connected with authorization - definition of the default name of admin policy
  • In the controllers is used the policy which name is stored in - AuthorizationConsts.AdministrationPolicy. In the policy - AuthorizationConsts.AdministrationPolicy is defined required role stored in - AuthorizationConsts.AdministrationRole.
  • With the default configuration, it is necessary to configure and run instance of IdentityServer4. It is possible to use initial migration for creating the client as it mentioned above

Localizations - labels, messages

Tests

  • The solution contains unit and integration tests.

  • Stage environment is used for integration tests:

    • DbContext contains setup for InMemory database
    • Authentication is setup for CookieAuthentication - with fake login url only for testing purpose
    • AuthenticatedTestRequestMiddleware - middleware for testing of authentication.
  • If you want to use Stage environment for deploying - it is necessary to change these settings in StartupHelpers.cs.

Overview

Solution structure:

  • STS:

  • Admin UI:

    • Skoruba.IdentityServer4.Admin - ASP.NET Core MVC application that contains Admin UI

    • Skoruba.IdentityServer4.Admin.BusinessLogic - project that contains Dtos, Repositories, Services and Mappers for the IdentityServer4

    • Skoruba.IdentityServer4.Admin.BusinessLogic.Identity - project that contains Dtos, Repositories, Services and Mappers for the Asp.Net Core Identity

    • Skoruba.IdentityServer4.Admin.BusinessLogic.Shared - project that contains shared Dtos and ExceptionHandling for the Business Logic layer of the IdentityServer4 and Asp.Net Core Identity

    • Skoruba.IdentityServer4.Admin.EntityFramework - EF Core data layer that contains Entities for the IdentityServer4

    • Skoruba.IdentityServer4.Admin.EntityFramework.Identity - EF Core data layer that contains Entities for the Asp.Net Core Identity

    • Skoruba.IdentityServer4.Admin.EntityFramework.DbContexts - project that contains AdminDbContext for the administration

  • Tests:

    • Skoruba.IdentityServer4.Admin.IntegrationTests - xUnit project that contains the integration tests

    • Skoruba.IdentityServer4.Admin.UnitTests - xUnit project that contains the unit tests

The admininistration contains the following sections:

Skoruba.IdentityServer4.Admin App

IdentityServer4

Clients

It is possible to define the configuration according the client type - by default the client types are used:

  • Empty

  • Web Application - Server side - Implicit flow

  • Web Application - Server side - Hybrid flow

  • Single Page Application - Javascript - Implicit flow

  • Native Application - Mobile/Desktop - Hybrid flow

  • Machine/Robot - Resource Owner Password and Client Credentials flow

  • TV and Limited-Input Device Application - Device flow

  • Actions: Add, Update, Clone, Remove

  • Entities:

    • Client Cors Origins
    • Client Grant Types
    • Client IdP Restrictions
    • Client Post Logout Redirect Uris
    • Client Properties
    • Client Redirect Uris
    • Client Scopes
    • Client Secrets

API Resources

  • Actions: Add, Update, Remove
  • Entities:
    • Api Claims
    • Api Scopes
    • Api Scope Claims
    • Api Secrets

Identity Resources

  • Actions: Add, Update, Remove
  • Entities:
    • Identity Claims

Asp.Net Core Identity

Users

  • Actions: Add, Update, Delete
  • Entities:
    • User Roles
    • User Logins
    • User Claims

Roles

  • Actions: Add, Update, Delete
  • Entities:
    • Role Claims

Application Diagram

Skoruba.IdentityServer4.Admin Diagram

Plan & Vision

1.0.0:

  • Create the Business Logic & EF layers - available as a nuget package
  • Create a project template using dotnet CLI - dotnet new template
    • First template: The administration of the IdentityServer4 and Asp.Net Core Identity
  • Add logging into
    • Database
    • File
  • Add localization for other languages
    • English
    • Chinese
    • Russian

1.1.0:

  • Add audit logs to track changes (#61)
  • Create a project template using dotnet CLI - dotnet new template
    • Second template: The administration of the IdentityServer4 (without Asp.Net Core Identity) (#79)
  • User registration / Password reset
  • Account linking
  • Manage profile

2.0.0:

  • Add API:
    • IdentityServer4
    • Asp.Net Core Identity
    • Add swagger support

Future:

  • Add UI tests
  • Add more unit and integration tests 😊
  • Extend administration for another protocols
  • Create separate UI using Razor Class Library

Licence

This repository is licensed under the terms of the MIT license.

NOTE: This repository uses the source code from https://github.com/IdentityServer/IdentityServer4.Quickstart.UI which is under the terms of the Apache License 2.0.

Acknowledgements

This web application is based on these projects:

  • ASP.NET Core
  • IdentityServer4.EntityFramework
  • ASP.NET Core Identity
  • XUnit
  • Fluent Assertions
  • Bogus
  • AutoMapper
  • Serilog

Thanks to Tomáš Hübelbauer for the initial code review.

Thanks to Dominick Baier and Brock Allen - the creators of IdentityServer4.

Contributors

Thanks goes to these wonderful people (emoji key):


Jan Škoruba

💻 💬 📖 💡 🤔

Tomáš Hübelbauer

💻 👀 📖 🤔

Michał Drzał

💻 👀 📖 💡 🤔

cerginio

💻 🐛 💡 🤔

Sven Dummis

📖

Seaear

💻 🌍

Rune Antonsen

🐛

Sindre Njøsen

💻

Alevtina Brown

🌍

This project follows the all-contributors specification. Contributions of any kind are welcome!

Contact and Suggestion

I am happy to share my attempt of the implementation of the administration for IdentityServer4 and ASP.NET Core Identity.

Any feedback is welcome - feel free to create an issue or send me an email - jan@skoruba.com. Thank you 😊