2023-04-14 13:25:56 -04:00
|
|
|
|
using Bit.Core.Auth.Enums;
|
2021-11-09 16:37:32 +01:00
|
|
|
|
using Bit.Core.Utilities;
|
2020-09-29 17:06:17 -04:00
|
|
|
|
using Microsoft.AspNetCore.Authentication.OpenIdConnect;
|
2020-09-04 10:42:47 -04:00
|
|
|
|
|
2023-04-14 13:25:56 -04:00
|
|
|
|
namespace Bit.Core.Auth.Models.Data;
|
2022-08-29 16:06:55 -04:00
|
|
|
|
|
2020-09-04 10:42:47 -04:00
|
|
|
|
public class SsoConfigurationData
|
|
|
|
|
|
{
|
2022-03-04 07:09:55 +10:00
|
|
|
|
private static string _oidcSigninPath = "/oidc-signin";
|
|
|
|
|
|
private static string _oidcSignedOutPath = "/oidc-signedout";
|
|
|
|
|
|
private static string _saml2ModulePath = "/saml2";
|
2022-08-29 16:06:55 -04:00
|
|
|
|
|
2020-09-04 10:42:47 -04:00
|
|
|
|
public static SsoConfigurationData Deserialize(string data)
|
|
|
|
|
|
{
|
2022-03-04 07:09:55 +10:00
|
|
|
|
return CoreHelpers.LoadClassFromJsonData<SsoConfigurationData>(data);
|
2022-08-29 16:06:55 -04:00
|
|
|
|
}
|
2020-09-04 10:42:47 -04:00
|
|
|
|
|
2021-11-09 16:37:32 +01:00
|
|
|
|
public string Serialize()
|
|
|
|
|
|
{
|
|
|
|
|
|
return CoreHelpers.ClassToJsonData(this);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2020-09-04 10:42:47 -04:00
|
|
|
|
public SsoType ConfigType { get; set; }
|
2022-08-29 16:06:55 -04:00
|
|
|
|
|
2023-05-10 12:52:08 -07:00
|
|
|
|
public MemberDecryptionType MemberDecryptionType { get; set; }
|
|
|
|
|
|
|
|
|
|
|
|
/// <summary>
|
|
|
|
|
|
/// Legacy property to determine if KeyConnector was enabled.
|
|
|
|
|
|
/// Kept for backwards compatibility with old configs that will not have
|
|
|
|
|
|
/// the new <see cref="MemberDecryptionType"/> when deserialized from the database.
|
|
|
|
|
|
/// </summary>
|
|
|
|
|
|
[Obsolete("Use MemberDecryptionType instead")]
|
|
|
|
|
|
public bool KeyConnectorEnabled
|
|
|
|
|
|
{
|
|
|
|
|
|
get => MemberDecryptionType == MemberDecryptionType.KeyConnector;
|
|
|
|
|
|
set
|
|
|
|
|
|
{
|
|
|
|
|
|
if (value)
|
|
|
|
|
|
{
|
|
|
|
|
|
MemberDecryptionType = MemberDecryptionType.KeyConnector;
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
2021-11-09 16:37:32 +01:00
|
|
|
|
public string KeyConnectorUrl { get; set; }
|
2022-08-29 16:06:55 -04:00
|
|
|
|
|
|
|
|
|
|
// OIDC
|
2020-09-04 10:42:47 -04:00
|
|
|
|
public string Authority { get; set; }
|
|
|
|
|
|
public string ClientId { get; set; }
|
|
|
|
|
|
public string ClientSecret { get; set; }
|
|
|
|
|
|
public string MetadataAddress { get; set; }
|
2022-03-04 07:09:55 +10:00
|
|
|
|
public OpenIdConnectRedirectBehavior RedirectBehavior { get; set; }
|
2020-09-04 10:42:47 -04:00
|
|
|
|
public bool GetClaimsFromUserInfoEndpoint { get; set; }
|
2021-02-10 12:00:12 -05:00
|
|
|
|
public string AdditionalScopes { get; set; }
|
|
|
|
|
|
public string AdditionalUserIdClaimTypes { get; set; }
|
|
|
|
|
|
public string AdditionalEmailClaimTypes { get; set; }
|
|
|
|
|
|
public string AdditionalNameClaimTypes { get; set; }
|
|
|
|
|
|
public string AcrValues { get; set; }
|
2021-04-27 15:17:03 -04:00
|
|
|
|
public string ExpectedReturnAcrValue { get; set; }
|
2022-08-29 16:06:55 -04:00
|
|
|
|
|
2020-09-04 10:42:47 -04:00
|
|
|
|
// SAML2 IDP
|
|
|
|
|
|
public string IdpEntityId { get; set; }
|
|
|
|
|
|
public string IdpSingleSignOnServiceUrl { get; set; }
|
|
|
|
|
|
public string IdpSingleLogoutServiceUrl { get; set; }
|
2021-02-10 12:00:12 -05:00
|
|
|
|
public string IdpX509PublicCert { get; set; }
|
2022-03-04 07:09:55 +10:00
|
|
|
|
public Saml2BindingType IdpBindingType { get; set; }
|
2021-02-10 12:00:12 -05:00
|
|
|
|
public bool IdpAllowUnsolicitedAuthnResponse { get; set; }
|
2021-11-09 16:37:32 +01:00
|
|
|
|
public string IdpArtifactResolutionServiceUrl { get => null; set { /*IGNORE*/ } }
|
|
|
|
|
|
public bool IdpDisableOutboundLogoutRequests { get; set; }
|
2020-09-04 10:42:47 -04:00
|
|
|
|
public string IdpOutboundSigningAlgorithm { get; set; }
|
|
|
|
|
|
public bool IdpWantAuthnRequestsSigned { get; set; }
|
2022-08-29 16:06:55 -04:00
|
|
|
|
|
2020-09-04 10:42:47 -04:00
|
|
|
|
// SAML2 SP
|
2024-01-18 16:54:01 -05:00
|
|
|
|
public bool SpUniqueEntityId { get; set; }
|
2022-03-04 07:09:55 +10:00
|
|
|
|
public Saml2NameIdFormat SpNameIdFormat { get; set; }
|
|
|
|
|
|
public string SpOutboundSigningAlgorithm { get; set; }
|
2021-11-09 16:37:32 +01:00
|
|
|
|
public Saml2SigningBehavior SpSigningBehavior { get; set; }
|
|
|
|
|
|
public bool SpWantAssertionsSigned { get; set; }
|
|
|
|
|
|
public bool SpValidateCertificates { get; set; }
|
|
|
|
|
|
public string SpMinIncomingSigningAlgorithm { get; set; }
|
2022-08-29 16:06:55 -04:00
|
|
|
|
|
2020-09-04 10:42:47 -04:00
|
|
|
|
public static string BuildCallbackPath(string ssoUri = null)
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2021-11-09 16:37:32 +01:00
|
|
|
|
return BuildSsoUrl(_oidcSigninPath, ssoUri);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2020-09-04 10:42:47 -04:00
|
|
|
|
public static string BuildSignedOutCallbackPath(string ssoUri = null)
|
2021-02-10 12:00:12 -05:00
|
|
|
|
{
|
2020-09-04 10:42:47 -04:00
|
|
|
|
return BuildSsoUrl(_oidcSignedOutPath, ssoUri);
|
2021-11-09 16:37:32 +01:00
|
|
|
|
}
|
2020-09-04 10:42:47 -04:00
|
|
|
|
|
2022-03-04 07:09:55 +10:00
|
|
|
|
public static string BuildSaml2ModulePath(string ssoUri = null, string scheme = null)
|
2020-09-04 10:42:47 -04:00
|
|
|
|
{
|
|
|
|
|
|
return string.Concat(BuildSsoUrl(_saml2ModulePath, ssoUri),
|
|
|
|
|
|
string.IsNullOrWhiteSpace(scheme) ? string.Empty : $"/{scheme}");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2022-03-04 07:09:55 +10:00
|
|
|
|
public static string BuildSaml2AcsUrl(string ssoUri = null, string scheme = null)
|
2020-09-04 10:42:47 -04:00
|
|
|
|
{
|
2020-10-01 15:05:09 -04:00
|
|
|
|
return string.Concat(BuildSaml2ModulePath(ssoUri, scheme), "/Acs");
|
2020-09-04 10:42:47 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
2022-03-04 07:09:55 +10:00
|
|
|
|
public static string BuildSaml2MetadataUrl(string ssoUri = null, string scheme = null)
|
2020-09-08 13:04:26 -04:00
|
|
|
|
{
|
2020-10-01 15:05:09 -04:00
|
|
|
|
return BuildSaml2ModulePath(ssoUri, scheme);
|
2020-09-08 13:04:26 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
2022-03-04 07:09:55 +10:00
|
|
|
|
public IEnumerable<string> GetAdditionalScopes() => AdditionalScopes?
|
2021-02-10 12:00:12 -05:00
|
|
|
|
.Split(',')?
|
2022-03-04 07:09:55 +10:00
|
|
|
|
.Where(c => !string.IsNullOrWhiteSpace(c))?
|
2021-02-10 12:00:12 -05:00
|
|
|
|
.Select(c => c.Trim()) ??
|
2022-03-04 07:09:55 +10:00
|
|
|
|
Array.Empty<string>();
|
2022-08-29 16:06:55 -04:00
|
|
|
|
|
2021-02-10 12:00:12 -05:00
|
|
|
|
public IEnumerable<string> GetAdditionalUserIdClaimTypes() => AdditionalUserIdClaimTypes?
|
|
|
|
|
|
.Split(',')?
|
2022-03-04 07:09:55 +10:00
|
|
|
|
.Where(c => !string.IsNullOrWhiteSpace(c))?
|
2021-02-10 12:00:12 -05:00
|
|
|
|
.Select(c => c.Trim()) ??
|
|
|
|
|
|
Array.Empty<string>();
|
2022-08-29 16:06:55 -04:00
|
|
|
|
|
2021-02-10 12:00:12 -05:00
|
|
|
|
public IEnumerable<string> GetAdditionalEmailClaimTypes() => AdditionalEmailClaimTypes?
|
|
|
|
|
|
.Split(',')?
|
|
|
|
|
|
.Where(c => !string.IsNullOrWhiteSpace(c))?
|
|
|
|
|
|
.Select(c => c.Trim()) ??
|
|
|
|
|
|
Array.Empty<string>();
|
2022-08-29 16:06:55 -04:00
|
|
|
|
|
2022-03-04 07:09:55 +10:00
|
|
|
|
public IEnumerable<string> GetAdditionalNameClaimTypes() => AdditionalNameClaimTypes?
|
2021-02-10 12:00:12 -05:00
|
|
|
|
.Split(',')?
|
|
|
|
|
|
.Where(c => !string.IsNullOrWhiteSpace(c))?
|
|
|
|
|
|
.Select(c => c.Trim()) ??
|
|
|
|
|
|
Array.Empty<string>();
|
2022-08-29 16:06:55 -04:00
|
|
|
|
|
2022-03-04 07:09:55 +10:00
|
|
|
|
private static string BuildSsoUrl(string relativePath, string ssoUri)
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2020-09-04 10:42:47 -04:00
|
|
|
|
if (string.IsNullOrWhiteSpace(ssoUri) ||
|
|
|
|
|
|
!Uri.IsWellFormedUriString(ssoUri, UriKind.Absolute))
|
2021-01-21 15:54:46 -05:00
|
|
|
|
{
|
|
|
|
|
|
return relativePath;
|
|
|
|
|
|
}
|
2021-02-10 12:00:12 -05:00
|
|
|
|
if (Uri.TryCreate(string.Concat(ssoUri.TrimEnd('/'), relativePath), UriKind.Absolute, out var newUri))
|
2020-09-04 10:42:47 -04:00
|
|
|
|
{
|
|
|
|
|
|
return newUri.ToString();
|
|
|
|
|
|
}
|
|
|
|
|
|
return relativePath;
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
