NDC London 2018: IdentityServer Update

We are at NDC in London right now and are about to start our session “IdentityServer4 v2 on ASP.NET Core v2 – an Update”.

For those who can’t be here – you can find my slides on Speakerdeck. There will be also a video recording in a couple of weeks.

Here’s a quick summary.

New web site

Just in time before NDC we managed to release our new web site at https://identityserver.io. This also finally includes a selection of reference customers that we can publicly talk about.

The new ASP.NET Core v2 authentication system

This is the main part of our talk. For the last couple of year Microsoft had a hard time finding the right balance between flexibility and ease of use when it comes to authentication in ASP.NET. That’s why they had to re-write authentication from ASP.NET to Katana to ASP.NET Core v1 to ASP.NET Core v2.

It’s fair to say that that the current version is pretty good – still not exactly the way we like to have it – but it mostly gets the job done. This is also the starting point of our demo.

We gonna show how IdentityServer4 makes use of the new authentication handler system, the new authentication middleware and its DefaultXXX configuration. We show how to use a custom cookie handler instead of ours, how to add support for social logins like Google, how to add WS-Federation support (aka legacy ADFS support – because why else would you care about WS-Federation). We’ll show the brand new SAML authentication handler from Anders Abel and we’ll show how to utilize the new authentication system to add additional API endpoints to your IdentityServer host which are in turn protected by IdentityServer itself – inception!

Speaking of SAML2p – our partner Rock Solid Knowledge has a brand new plugin for IdentityServer4 v2 that adds SAML2p IdP capabilities and allows SSO over OpenID Connect, SAML and WS-Federation.

Logout is hard!

In the information age, data is the new pollution. And it is much harder to get rid of data than to accumulate it. That’s why OpenID Connect has three specs for logout. We always had support for JavaScript-based session management and front-channel notifications. We also added support for back-channel notifications which are generally speaking more reliable then the good old browser iframe “trick” (aka hack). We have a sample for that here.

Admin UI Community Edition

Rock Solid Knowledge created a community edition of their AdminUI product. This gives you a web-based UI to manage users, clients, claims, resources etc. The community edition is limited to 10 users and 2 clients, which is enough to get started.

Best thing is, the AdminUI is available via a dotnet new template. IOW – you’ll have a functional IdentityServer with user and configuration management up and running literally in a couple of seconds. See our templates repo here.

Supporting us

Running an open source project like IdentityServer takes time and effort. We could use your help!

To make that easier for you, we try to be better with up for grabs issues in the future. If you want to get started with contributing to IdentityServer – look for the help wanted label on our issue tracker, and start a conversation. We are happy to help out.

We also see quite some traffic on StackOverflow – if you want to help out other users (and earn some reputation while you go), that would be very appreciated.

And last but not least – if you are working for a company that uses IdentityServer4, you should encourage your boss to sponsor us. This will allow us to expand our efforts – and btw – we also have some interesting marketing options if you company wants to position itself as modern and thus OSS friendly/supporting. Go check out our Patreon page for more info.

Supporting you

Brock and I are still doing on-site/remote training and consulting. Let us know if we can help you with anything in the identity & access control space!

We also have an infrastructure to offer production support.

OK – that’s it for IdentityServer4. We have more exciting news here at NDC – stay tuned.

This entry was posted in .NET Security, ASP.NET Core, IdentityServer, Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s