Add custom External Provider
rahmanny opened this issue · 8 comments
Hi,
What is the correct order to follow when adding my custom External Provider?
For a test, I checked the example from the WIKI
$c = Get-MFAProvider -ProviderType External $c.TimeOut = 300 $c.IsTwoWay = $True $c.Company = "contoso corp" $c.FullQualifiedImplementation = "Neos.IdentityServer.MultiFactor.Samples.QuizProviderSample,Neos.IdentityServer.MultiFactor.Samples, Version=3.0.0.0, Culture=neutral, PublicKeyToken=175aa5ee756d2aa2>" Set-MFAProvider -ProviderType External $c
this example works. For the test, I completely copied the contents of the Neos.IdentityServer.Multifactor.Providers.Samples.cs file and transferred it to my project with the provider (changing the namespace). Set up project signing with my pfx certificate. Moved the DLL to the C:\Program Files\MFA folder, registered FullQualifiedImplementation:
$c.FullQualifiedImplementation = "Neos.IdentityServer.Multifactor.SMS.Test.QuizProviderSample,Neos.IdentityServer.Multifactor.SMS.Test, Version=1.0.2.23985, Culture=neutral, PublicKeyToken=39d63029c0d8ae76"
After that, there are no errors in MMC, my provider is visible, but there is no choice of this provider in the web interface.
How can I add my DLL correctly? Do I need to register my external provider DLL with the GAC?
Hi,
To register your provider you must use the cmdlet Set-MFAProvider -ProviderType External -FullQualifiedImplementation xxxx and so on.
Register your assembly in the GAC. ADFS does not load assemblies from program files folder.
Yo have also to put your new registered provider Active (in poweshell or MMC)
regards
Hi,
I removed the DLL from the C:\Program Files\MFA directory, registered it in the GAC:
$dllpath = C:\Distr\Neos.IdentityServer.Multifactor.SMS.Test.dll
[System.Reflection.Assembly]::Load("System.EnterpriseServices, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a")
$publish = New-Object System.EnterpriseServices.Internal.Publish
$publish.GacInstall($dllpath)
After that I checked that the DLL was in the folder C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Neos.IdentityServer.Multifactor.SMS.Test\v4.0_1.0.2.23985__39d63029c0d8ae76
PS C:\Distr> [System.Reflection.AssemblyName]::GetAssemblyName("C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Neos.IdentityServer.Multifactor.SMS.Test\v4.0_1.0.2.23985__39d63029c0d8ae76\Neos.IdentityServer.Multifactor.SMS.Test.dll").FullName
>Neos.IdentityServer.Multifactor.SMS.Test, Version=1.0.2.23985, Culture=neutral, PublicKeyToken=39d63029c0d8ae76
I registered an external provider
PS C:\> Set-MFAProvider -ProviderType External -FullyQualifiedImplementation "Neos.IdentityServer.Multifactor.SMS.Test.QuizProviderSample,Neos.IdentityServer.Multifactor.SMS.Test, Version=1.0.2.23985, Culture=neutral, PublicKeyToken=39d63029c0d8ae76"
I checked that the external provider is enabled in MMC and the correct FullyQualifiedImplementation is specified
But the provider does not appear in the ADFS web interface
But the provider does not appear in the ADFS web interface, but if I register a test provider
Set-MFAProvider -ProviderType External -FullyQualifiedImplementation "Neos.IdentityServer.MultiFactor.Samples.QuizProviderSample,Neos.IdentityServer.MultiFactor.Samples, Version=3.0.0.0, Culture=neutral, PublicKeyToken=175aa5ee756d2aa2"
It immediately appears in the web interface
In the Visual Studio project, the only file with two classes from the example
Also in the project settings, the assembly is signed with a PFX certificate
Can you help with this?
Hi,
The Provider external registration operations appear to be correct.
however, this assembly does not seem to load.
Do you have messages in the eventLog ?
The .net framework used for the build must be 4.7.2 or 4.8.
.Net Framework 4.7.2
There are two errors in the Application Event log:
and
The second error, as far as I understand, refers to the biometrics provider, which is disabled:
There is no Internet access on the ADFS server and it is normal that the biometrics provider is not working.
Hi,
For the 1st message, it doesn't matter too much, but you can restart the "mfanotifhub" service
Restart-Service mfanotifhub.
For the second, your server does not have internet access, it is trying to retrieve metadata for biometrics from the FIDO alliance. In this case you must indicate that you are using a repository constraint: Biometrics Security in this case no download will be attempted.
But nothing that indicates a problem loading your provider.
Are you using nuget packages, if so, the assemblies must also be in the GAC.
Can you send me your project (without confidential information)?
regards
Hi,
I don't use any nuget packages, only dependencies on Neos.IdentityServer.MultiFactor.Common and Neos.IdentityServer.MultiFactor.DataTypes
I uploaded a test project https://github.com/rahmanny/Neos.IdentityServer.Multifactor.SMS.Test
Strangely, after restarting the mfanotifhub service, ADFS loaded my assembly.
Great !
I was about to look at your problem.
If everything works now, enjoy
regards