{"id":21094476,"url":"https://github.com/innerjoin/jazz-oidc-aspnetcore-app","last_synced_at":"2025-03-14T07:10:01.122Z","repository":{"id":86104481,"uuid":"88538837","full_name":"innerjoin/jazz-oidc-aspnetcore-app","owner":"innerjoin","description":"A Proof of Concept on how to use Jazz Authorization Server as an OIDC provider for an ASP.NET Core MVC application","archived":false,"fork":false,"pushed_at":"2018-10-22T12:17:08.000Z","size":550,"stargazers_count":0,"open_issues_count":1,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-01-21T01:41:59.703Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/innerjoin.png","metadata":{"files":{"readme":"README.MD","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-04-17T18:39:47.000Z","updated_at":"2019-03-20T14:28:38.000Z","dependencies_parsed_at":null,"dependency_job_id":"b89505ad-38c0-453b-b877-0664a1b1ac5c","html_url":"https://github.com/innerjoin/jazz-oidc-aspnetcore-app","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/innerjoin%2Fjazz-oidc-aspnetcore-app","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/innerjoin%2Fjazz-oidc-aspnetcore-app/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/innerjoin%2Fjazz-oidc-aspnetcore-app/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/innerjoin%2Fjazz-oidc-aspnetcore-app/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/innerjoin","download_url":"https://codeload.github.com/innerjoin/jazz-oidc-aspnetcore-app/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243538137,"owners_count":20307104,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-19T22:17:37.254Z","updated_at":"2025-03-14T07:10:01.092Z","avatar_url":"https://github.com/innerjoin.png","language":"C#","funding_links":[],"categories":[],"sub_categories":[],"readme":"﻿# Using Jazz Authorization Server as Identity Provider in ASP.NET Core\nFirst of all, I highly recommend to read [An introduction to OpenID Connect in ASP.NET Core]( https://andrewlock.net/an-introduction-to-openid-connect-in-asp-net-core/)\n\n## Installation\nThe following installations are required:\n## IM (Installation Manager)\nDownload: https://jazz.net/downloads/ibm-installation-manager/releases/1.8.6/agent.installer.win32.win32.x86_64_1.8.6000.20161118_1611.zip\nInstallation: Simply follow the wizzard\n\n## JAS\n### Download \u0026 Setup\nDownload from: https://jazz.net/downloads/rational-team-concert/releases/6.0.3/JazzAuthServer-offering-repo-6.0.3.zip\nFollow the wizzard to install JAS\n\n### Patch JAS\nAs for 6.0.3 and 6.0.4 RC1, there was an issue where JWK was not enabled by default. To fix this, please change the `openidConnectProvider` tag under `\u003cJAS\u003e\\wlp\\usr\\servers\\jazzop\\appConfig.xml` to\n\n\u003e \u003copenidConnectProvider id=\"jazzop\" oauthProviderRef=\"JazzOP\"\nsessionManaged=\"true\" signatureAlgorithm=\"RS256\" jwkEnabled=\"true\"/\u003e\n\n### Run JAS\n - open command line as administrator and navigate to the folder where JAS is installed\n - execute `start-jazz.bat`\n - Verify that the server is running:\n\t- https://host.example.com:9643/oidc/endpoint/jazzop/.well-known/openid-configuration\n\t- https://localhost:9643/oidc/endpoint/jazzop/.well-known/openid-configuration\n - Verify that the user registry is configured correctly:\n\t- https://host.example.com:9643/oidc/endpoint/jazzop/registration\n\t- https://localhost:9643/oidc/endpoint/jazzop/registration\n - \n\n### JAS Login\nInstallation of Jazz Authorization Server creates a directory that is named JazzAuthServer in the installation location. The JazzAuthServer_install_dir/wlp/usr/servers/jazzop/defaults directory includes sample files for both a basic, file-based user registry and an LDAP user registry.\n - The localUserRegistry.xml template file defines only the ADMIN and clmadmin users, with passwords the same as the user IDs.\n - The ldapUserRegistry.xml file is a template for an LDAP registry configuration.\n[Source](https://www.ibm.com/support/knowledgecenter/SSJJ9R_6.0.1/com.ibm.jazz.install.doc/topics/t_jsasso_jas_user_mgmt.html)\n\n## SSL Certificates\nIt is reuqired that your JAS serves a trusted certificate. Follow the installation instructions to trust the self signed certificate served by JAS.\n### Install Certificate (Windows)\n You will receive a Certificate warning while requesting JAS URLs. Accept the certificate exception, view the browsers certificate store, export the IBM certificate issued to localhost and install it into your local machine\n - Start \u003e \"Manage Computer Certificates\" (also available in the control panel)\n - Right-click on \"Trusted Root Certification Authoritites\" \u003e \"All tasks\" \u003e \"Import\"\n - Browse to the crt file and then keep pressing \"Next\" to complete the wizard\n - Restart Docker for Windows\nIF the user under which IIS runs is different from the local user, do the following:\n1. Start \u003e type mmc in the run prompt\n2. This will bring up Microsoft Management Console.\n3. Select File \u003e Add/Remove Snap-In\n4. Select Certificates \u003e Add\n5. Select Computer Account\n6. Select Local Computer\n7. Select Finsh and OK\n[Source](https://answers.microsoft.com/en-us/windows/forum/windows_xp-security/certmgrmsc-add-certificate-for-all-users-on-a/8992e277-9ab8-439b-8559-226ae9518ea0)\n\n## JAS Documentation\nThe main [JAS API Documentation](https://www.ibm.com/support/knowledgecenter/SSEQTP_8.5.5/com.ibm.websphere.wlp.doc/ae/twlp_client_registration.html?cp=SSEQTP_8.5.5) is worth to be read.\n\n## Register Test App in JAS\nRun the below HTTP POST Request the the URL `https://localhost:9643/oidc/endpoint/jazzop/registration`. This will register our Application within JAS\n\n**Headers**\u003cbr/\u003e\nContent-Type: application/json\u003cbr/\u003e\nAccept: application/json\u003cbr/\u003e\n\nContent:\n```json\n{ \n  \"client_name\":\"OIDC Test\",\n  \"scope\": \"ALL_SCOPES\",\n  \"redirect_uris\": [ \n      \"http://localhost:7374/signin-oidc\",\n      \"https://localhost:44391/signin-oidc\"\n  ],\n   \"grant_types\":[\n      \"authorization_code\",\n      \"client_credentials\",\n      \"implicit\",\n      \"refresh_token\",\n      \"urn:ietf:params:oauth:grant-type:jwt-bearer\"\n   ],\n   \"response_types\":[\n      \"code\",\n      \"token\",\n      \"id_token token\"\n   ],\n   \"application_type\":\"web\",\n   \"introspect_tokens\":true\n}\n```\n\n**Response**\n```json\n{\n\t\"client_id_issued_at\": 1497594910,\n\t\"registration_client_uri\": \"https://localhost:9643/oidc/endpoint/jazzop/registration/2a9c2623bde844c4b446e48d8a53c296\",\n\t\"client_secret_expires_at\": 0,\n\t\"token_endpoint_auth_method\": \"client_secret_basic\",\n\t\"scope\": \"ALL_SCOPES\",\n\t\"grant_types\": [\n\t  \"authorization_code\",\n\t  \"client_credentials\",\n\t  \"implicit\",\n\t  \"refresh_token\",\n\t  \"urn:ietf:params:oauth:grant-type:jwt-bearer\"\n\t],\n\t\"response_types\": [\n\t  \"code\",\n\t  \"token\",\n\t  \"id_token token\"\n\t],\n\t\"application_type\": \"web\",\n\t\"introspect_tokens\": true,\n\t\"client_id\": \"2a9c48231b6bb4c4b566eaad8a53c2d6\",\n\t\"client_secret\": \"9z6Ueq609xGIrVGq4562756ESvTmOkFEqye3eVS2c6GqFJqBLUrVbHFcVP88X\",\n\t\"client_name\": \"OIDC Test\",\n\t\"redirect_uris\": [\n\t  \"http://localhost:7374/signin-oidc\",\n\t  \"https://localhost:44391/signin-oidc\"\n\t],\n}\n```\n## Create Database\nUser Information will be stored in a SQL database locally. \nRun the following steps to create the DB:\n- Open up the `Package Manager Console`\n- Initial creation of database: `Add-Migration InitialCreate`\n- Initial DB update: `Update-Database`\n\n## Run Test Application\n- Download or clone the souurce code from this repository\n- Open the Solution in Visual Studio 2017\n- Right click the `JazzOIDC`project and choose `Manage User Secrets`\n- A new file, `secrets.json` opens up. Add the following content to it:\n```json\n{\n  \"ClientId\": \"response value from 'client_id'\",\n  \"ClientSecret\": \"response value from 'client_name'\",\n  \"BaseUri\": \"https://localhost\",\n  \"Endpoint\": \"/oidc/endpoint/jazzop\",\n  \"Port\": 9643\n}\n```","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Finnerjoin%2Fjazz-oidc-aspnetcore-app","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Finnerjoin%2Fjazz-oidc-aspnetcore-app","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Finnerjoin%2Fjazz-oidc-aspnetcore-app/lists"}