diff --git a/README.md b/README.md index b7810b96aa50a0e07ec0ce3c53b95c317af9c649..a15cacfdd97123d9cf0473443c1e34b261a1c333 100644 --- a/README.md +++ b/README.md @@ -14,6 +14,10 @@ Instructions for making it run: * Visit your SharePoint and put in your User Guid * You find one from your Coscine database * You should be logged in with that User Guid +* Set the value "coscine/global/ad/url" in your Consul storage with your Active Directory url +* Set the value "coscine/global/ad/ou" in your Consul storage with your Active Directory orginizational unit +* Set the value "coscine/global/ad/username" in your Consul storage with your Active Directory username +* Set the value "coscine/global/ad/password" in your Consul storage with your Active Directory password * Have fun! For ORCiD: diff --git a/docs/home.md b/docs/home.md index 1679b4a7c0f8138faed36fc8a40c6ce4d218c877..bcd015e0b7f02873ea34a62100cc3cf03eb6e03a 100644 --- a/docs/home.md +++ b/docs/home.md @@ -14,6 +14,10 @@ Instructions for making it run: * Visit your SharePoint and put in your User Guid * You find one from your Coscine database * You should be logged in with that User Guid +* Set the value "coscine/global/ad/url" in your Consul storage with your Active Directory url +* Set the value "coscine/global/ad/ou" in your Consul storage with your Active Directory orginizational unit +* Set the value "coscine/global/ad/username" in your Consul storage with your Active Directory username +* Set the value "coscine/global/ad/password" in your Consul storage with your Active Directory password * Have fun! ### Links diff --git a/src/STS/Controllers/ORCiDController.cs b/src/STS/Controllers/ORCiDController.cs index bc24587f713377cb3cc7f5bc657ce123d2d4e560..2853fdc1e423fa23caa20d2c2ddb2de5854c424e 100644 --- a/src/STS/Controllers/ORCiDController.cs +++ b/src/STS/Controllers/ORCiDController.cs @@ -15,6 +15,8 @@ using System.Net; using Microsoft.IdentityModel.Logging; using Coscine.ApiCommons.Models; using System.Linq; +using System.DirectoryServices; +using System.DirectoryServices.AccountManagement; namespace Coscine.STS.Controllers { @@ -67,7 +69,7 @@ namespace Coscine.STS.Controllers UserPlainModel userPlainModel = new UserPlainModel(Program.Configuration); var user = new User { - DisplayName = givenname + " " + surname, + DisplayName = (givenname + " " + surname).Trim(), EmailAddress = ORCiD + "@orcid.org", Surname = surname, Givenname = givenname @@ -79,7 +81,7 @@ namespace Coscine.STS.Controllers ExternalAuthenticatorId = orcidAuthItem.Id, UserId = user.Id }); - userId = user.Id; + userId = user.Id; } var identityClaims = new[] { new System.Security.Claims.Claim(System.IdentityModel.Claims.ClaimTypes.Name, userId.ToString()) }; diff --git a/src/STS/STS.csproj b/src/STS/STS.csproj index e5478a9a3d328587e14910c1fb9e1f80256b0a69..c62bfd23ab5b755f144137237750d3e244b99755 100644 --- a/src/STS/STS.csproj +++ b/src/STS/STS.csproj @@ -9,8 +9,8 @@ </PropertyGroup> <ItemGroup> - <PackageReference Include="Coscine.ApiCommons" Version="1.2.1" /> - <PackageReference Include="Coscine.Database" Version="1.5.1" /> + <PackageReference Include="Coscine.ApiCommons" Version="1.2.2" /> + <PackageReference Include="Coscine.Database" Version="1.10.0" /> <PackageReference Include="Microsoft.AspNetCore" Version="2.2.0" /> <PackageReference Include="Microsoft.AspNetCore.Authentication" Version="2.2.0" /> <PackageReference Include="Microsoft.AspNetCore.Authentication.Abstractions" Version="2.2.0" /> @@ -21,6 +21,9 @@ <PackageReference Include="Microsoft.AspNetCore.StaticFiles" Version="2.2.0" /> <PackageReference Include="Microsoft.IdentityModel" Version="7.0.0" /> <PackageReference Include="Microsoft.NET.Sdk.Razor" Version="2.2.0" /> + <PackageReference Include="System.DirectoryServices" Version="4.6.0" /> + <PackageReference Include="System.DirectoryServices.AccountManagement" Version="4.6.0" /> + <PackageReference Include="System.DirectoryServices.Protocols" Version="4.6.0" /> <PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="5.5.0" /> </ItemGroup> diff --git a/src/STS/Security/CustomSecurityTokenService.cs b/src/STS/Security/CustomSecurityTokenService.cs index 97e76c0deec88038d2ce75de75eb9180393ed1c4..203654075ca721e7dad0409a2741ba498f2490d2 100644 --- a/src/STS/Security/CustomSecurityTokenService.cs +++ b/src/STS/Security/CustomSecurityTokenService.cs @@ -1,6 +1,7 @@ using Coscine.ApiCommons.Models; using System; using System.Configuration; +using System.DirectoryServices; using System.IdentityModel; using System.IdentityModel.Configuration; using System.IdentityModel.Protocols.WSTrust; @@ -77,6 +78,8 @@ namespace Coscine.STS.Security UserPlainModel userPlainModel = new UserPlainModel(Program.Configuration); var user = userPlainModel.GetById(Guid.Parse(principal.Identity.Name)); + AddToAD(user); + var claims = new[] { new Claim(System.IdentityModel.Claims.ClaimTypes.Name, user.DisplayName), @@ -91,6 +94,49 @@ namespace Coscine.STS.Security return identity; } + private static void AddToAD(Database.Model.User user) + { + // If keys exist + if (Program.Configuration.KeysAndWait("coscine/global/ad") != null) + { + var adUsername = Program.Configuration.GetStringAndWait("coscine/global/ad/username"); + var adPassword = Program.Configuration.GetStringAndWait("coscine/global/ad/password"); + + using (DirectoryEntry directoryEntry = new DirectoryEntry("LDAP://" + Program.Configuration.GetStringAndWait("coscine/global/ad/url"), adUsername, adPassword)) + { + using (var coscineEntry = directoryEntry.Children.Find("OU=" + Program.Configuration.GetStringAndWait("coscine/global/ad/ou"))) + { + try + { + // Check if user already exists in AD + coscineEntry.Children.Find("CN=" + user.Id); + } + catch (DirectoryServicesCOMException) + { + using (var newUser = coscineEntry.Children.Add("CN=" + user.Id, "User")) + { + newUser.Properties["sAMAccountName"].Value = user.Id.ToString().Substring(0, 20); + if (!string.IsNullOrWhiteSpace(user.Givenname)) + { + newUser.Properties["givenName"].Value = user.Givenname; + } + if (!string.IsNullOrWhiteSpace(user.Surname)) + { + newUser.Properties["sn"].Value = user.Surname; + } + newUser.Properties["displayName"].Value = user.DisplayName; + newUser.Properties["mail"].Value = user.EmailAddress; + newUser.Properties["uid"].Value = user.Id.ToString(); + newUser.Properties["userPrincipalName"].Value = user.Id.ToString() + "@" + Program.Configuration.GetStringAndWait("coscine/global/ad/url"); + + newUser.CommitChanges(); + } + } + } + } + } + } + public static X509Certificate2 GetCertificate() { var pfx = Program.Configuration.GetAndWait("coscine/global/sts/pfx");