Login/Register
IdentityServer3 symmetric key issue on Relying Party
Asked Answered
c#claims-based-identityws-securityjwtthinktecture-ident-server
R

0

7

I just set up a SelfHost(InMem with WS-Fed) Thinktecture IdentityServer3 project example and I'm trying to use it to get a JWT, the problem is that I only recieve tokens signed with an asymmetric key using the alg RS256 but I need them to be symmetric using the alg HS256 so I can use the same key on the client.

I have tried to follow some examples by configuring the Relying Party on the server with no success.

For example, I see the following markup:

var relyingParty = new RelyingParty()
{
    Enabled = true,
    Realm = "urn:carbon",
    Name = "Test party",
    SymmetricSigningKey = 
      Convert.FromBase64String("R03W9kJERSSLH11Px+R/O7EYfAadSMQfZD5haQZj6eU="),
    TokenLifeTime = 120
};

But when I try it on my code, I have an error on SymmetricSigningKey and it says that:

'Thinktecture.IdentityServer.WsFederation.Models.RelyingParty' does not contain a definition for 'SymmetricSigningKey'

What am I doing wrong?, thanks in advance!

UPDATE

Markup of the startup file:

public void Configuration(IAppBuilder appBuilder)
{
    var factory = InMemoryFactory.Create(
        users: Users.Get(),
        clients: Clients.Get(),
        scopes: Scopes.Get()
    );

    var options = new IdentityServerOptions
    {
        IssuerUri = "https://idsrv3.com",
        SiteName = "Thinktecture IdentityServer3 - WsFed",

        SigningCertificate = Certificate.Get(),
        Factory = factory,
        PluginConfiguration = ConfigurePlugins,

    };

    appBuilder.UseIdentityServer(options);
}

private void ConfigurePlugins(IAppBuilder pluginApp, IdentityServerOptions options)
{
    var wsFedOptions = new WsFederationPluginOptions(options);

    // data sources for in-memory services
    wsFedOptions.Factory.Register(new Registration<IEnumerable<RelyingParty>>(RelyingParties.Get()));
    wsFedOptions.Factory.RelyingPartyService = new Registration<IRelyingPartyService>(typeof(InMemoryRelyingPartyService));

    pluginApp.UseWsFederationPlugin(wsFedOptions);
}

Markup of the scope used:

new Scope
{
    Name = "api1"
}

Markup of the client used:

new Client
{
    ClientName = "Silicon on behalf of Carbon Client",
    ClientId = "carbon",
    Enabled = true,
    AccessTokenType = AccessTokenType.Jwt,

    Flow = Flows.ResourceOwner,
    ClientSecrets = new List<ClientSecret>
    {
        new ClientSecret("21B5F798-BE55-42BC-8AA8-0025B903DC3B".Sha256())
    }
}

Markup of the user used:

new InMemoryUser{Subject = "bob", Username = "bob", Password = "bob", 
    Claims = new Claim[]
    {
        new Claim(Constants.ClaimTypes.GivenName, "Bob"),
        new Claim(Constants.ClaimTypes.FamilyName, "Smith"),
        new Claim(Constants.ClaimTypes.Email, "[email protected]")
    }
}

UPDATE

I just check the class model of the relying party of IdentityServer3 and there's no property for the symmetric signing key... I'm lost...

Any ideas?

Reinforce answered 7/7, 2015 at 23:15 Comment(1)
Just notice that the example you refer to is Identity server v2, could it be possible that you running old version example code on idsrv v3 package?Sussna

© 2022 - 2024 — McMap. All rights reserved.