TheIdServer Admin Application

This project is the Blazor Web Assembly application to manage a TheIdServer instance.

Installation

From Docker

The application is embedded in the server's Linux image.
If you prefer, you can install the standalone application'sLinux image.
This image uses an nginx server to host the application.

From Github Release

The application is embedded in the server's Github release.
You can choose to install the standalone application by selecting Aguacongas.TheIdServer.BlazorApp{version}.zip in the list of releases.
Unzip in the destination of your choice, and use the server of your choice.

Read Host and deploy ASP.NET Core Blazor WebAssembly for more information.

From NuGet packages

NuGet packages composing the application are available on nuget.org:

• Aguacongas.TheIdServer.BlazorApp.Infrastructure contains application models, services, validators and extensions
• Aguacongas.TheIdServer.BlazorApp.Components contains application components
• Aguacongas.TheIdServer.BlazorApp.Pages.* contains application pages

Configuration

The application obtains its configuration from appsettings.json and the environment-specific settings from appsettings.{environment}.json.

appsettings.json

{
  "administratorEmail": "aguacongas@gmail.com",
  "apiBaseUrl": "https://localhost:5443/api",
  "authenticationPaths": {
    "remoteRegisterPath": "/identity/account/register",
    "remoteProfilePath": "/identity/account/manage"
  },
  "loggingOptions": {
    "minimum": "Debug",
    "filters": [
      {       
        "category": "System",
        "level": "Warning"
      },
      {
        "category": "Microsoft",
        "level": "Information"
      }
    ]
  },
  "userOptions": {
    "roleClaim": "role"
  },
  "providerOptions": {
    "authority": "https://localhost:5443/",
    "clientId": "theidserveradmin",
    "defaultScopes": [
      "openid",
      "profile",
      "theidserveradminapi"
    ],
    "postLogoutRedirectUri": "https://localhost:5443/authentication/logout-callback",
    "redirectUri": "https://localhost:5443/authentication/login-callback",
    "responseType": "code"
  },
  "settingsOptions": {
    "typeName": "Aguacongas.TheIdServer.BlazorApp.Models.ServerConfig, Aguacongas.TheIdServer.BlazorApp.Infrastructure",
    "apiUrl": "https://localhost:5443/api/configuration"
  },
  "menuOptions": {
    "showSettings": true
  },
  "welcomeContenUrl": "https://localhost:5443/welcome-fragment.html",
  "serverSideSessionEnabled": false,
  "cibaEnabled": false
}

For more details, read ASP.NET Core Blazor hosting model configuration / Blazor WebAssembly / Configuration.

apiBaseUrl

Defines the URL to the API.

administratorEmail

Defines the administrator eMail address.

authenticationPaths

The section authenticationPaths is binded to the class Microsoft.AspNetCore.Components.WebAssembly.Authentication.RemoteAuthenticationApplicationPathsOptions.
The application doesn't contain pages to register a new user or manage the current user, so we set the authenticationPaths:remoteRegisterPath and authenticationPaths:remoteProfilePath with their corresponding URL on the identity server.

For more information, read ASP.NET Core Blazor WebAssembly additional security scenarios / Customize app routes.

loggingOptions

Defines logging options.

minimum

Defines the log minimum level.

filters

Each item in this array adds a log filter by category and LogLevel.

userOptions

The section userOptions is bound to the class Microsoft.AspNetCore.Components.WebAssembly.Authentication.RemoteAuthenticationUserOptions.
This configuration defines how users are authorized. The application and the API share the same authorization policy.

• Is4-Writer authorizes users in this role to write data.
• Is4-Reader permits users in this role to read data.

userOptions:roleClaim define the role claims type.

providerOptions

The section providerOptions is binded to the class Microsoft.AspNetCore.Components.WebAssembly.Authentication.OidcProviderOptions.
This configuration section defines the application authentication.

For more details, read Secure an ASP.NET Core Blazor WebAssembly standalone app with the Authentication library / Authentication service support.

welcomeContenUrl

Defines the URL to the welcome page content.

Welcome page customization

Except for its title, the home page displays contents read from welcomeContenUrl endpoint.

This endpoint should return an HTML fragment.

sample

<p>
    This application manage your <a href="https://github.com/Aguafrommars/TheIdServer#readme/">TheIdServer</a>.
</p>
<p>
    Visit the <a href="https://github.com/aguacongas/TheIdServer#readme">github site</a> for doc, source code and issue tracking.
</p>
<p>
    If you have trouble with login, disable Chromium cookies-without-same-site-must-be-secure flag.<br />
    <code>
        chrome://flags/#cookies-without-same-site-must-be-secure
    </code><br/>
    This site is running under a <a href="https://devcenter.heroku.com/articles/dyno-types">free heroku dyno</a> without end-to-end https.
</p>
<p>
    You can sign-in with <b>alice</b> to have reader/writer access, or <b>bob</b> for a read-only access.<br />
    The password is <i>Pass123$</i>.
</p>

UI Options

Hide settings menu

To hide the settings menu, unset menuOptions:showSettings.

Hide CIBA grant type

If CIBA is not enabled you can hide the CIBA grant type by unsetting cibaEnabled options.

Hide coordinate lifetime with user session checkbox

If server side sessions are not enable you can hide the coordinate lifetime with user session checkbox in client tokens section by unsetting serverSideSessionEnabled options.

Additional resources

• ASP.NET Core Blazor hosting model configuration
• ASP.NET Core Blazor WebAssembly additional security scenarios
• Secure an ASP.NET Core Blazor WebAssembly standalone app with the Authentication library
• LogLevel Enum

Authors: Olivier Lefebvre