Prepare the release

Directory.Build.props

@@ -1,6 +1,6 @@
 <Project>
     <PropertyGroup>
-        <VersionPrefix>4.0.5-rc2</VersionPrefix>
+        <VersionPrefix>4.0.5</VersionPrefix>
         <Authors>SimpleIdServer</Authors>
         <Owners>SimpleIdServer</Owners>
     </PropertyGroup>

docker-compose.yml

@@ -26,7 +26,7 @@ services:
     networks:
       proxy_net: null
   scim:
-    image: simpleidserver/scim:4.0.4
+    image: simpleidserver/scim:4.0.5
     environment:
       VIRTUAL_HOST: "scim.localhost.com"
       ASPNETCORE_URLS : "http://*:80"
@@ -37,7 +37,7 @@ services:
     networks:
       proxy_net: null
   idserver:
-    image: simpleidserver/idserver:4.0.4
+    image: simpleidserver/idserver:4.0.5
     environment:
       VIRTUAL_HOST: "idserver.localhost.com"
       ASPNETCORE_URLS : "http://*:80"
@@ -53,7 +53,7 @@ services:
     networks:
       proxy_net: null
   website:
-    image: simpleidserver/website:4.0.4
+    image: simpleidserver/website:4.0.5
     environment:
       VIRTUAL_HOST: "website.localhost.com"
       ASPNETCORE_URLS : "http://*:80"
@@ -62,9 +62,7 @@ services:
       DefaultSecurityOptions__IgnoreCertificateError: "true"
       IdServerBaseUrl: "https://idserver.localhost.com"
       ScimBaseUrl: "https://scim.localhost.com"
-      StorageConfiguration__ConnectionString: "Data Source=db;Initial Catalog=IdServer;TrustServerCertificate=True;User=sa;Password=D54DE7hHpkG9;"
     depends_on:
-      - db
       - idserver
       - scim
     networks:

local-docker-compose.yml

@@ -71,9 +71,7 @@ services:
       DefaultSecurityOptions__IgnoreCertificateError: "true"
       IdServerBaseUrl: "https://idserver.localhost.com"
       ScimBaseUrl: "https://scim.localhost.com"
-      StorageConfiguration__ConnectionString: "Data Source=db;Initial Catalog=IdServer;TrustServerCertificate=True;User=sa;Password=D54DE7hHpkG9;"
     depends_on:
-      - db
       - idserver
       - scim
     networks:

local-sid-kubernetes.yaml

@@ -273,6 +273,4 @@ spec:
             - name: "IdServerBaseUrl"
               value: "https://idserver.sid.svc.cluster.local"
             - name: "ScimBaseUrl"
-              value: "https://scim.sid.svc.cluster.local"
-            - name: "StorageConfiguration__ConnectionString"
-              value: "Data Source=db-service,1433;Initial Catalog=IdServer;TrustServerCertificate=True;User=sa;Password=D54DE7hHpkG9;"
+              value: "https://scim.sid.svc.cluster.local"

sid-kubernetes.yaml

@@ -173,7 +173,7 @@ spec:
       subdomain: localhost
       containers:
       - name: scim-deploy
-        image: simpleidserver/scim:4.0.4
+        image: simpleidserver/scim:4.0.5
         ports:
           - containerPort: 80
         env:
@@ -208,7 +208,7 @@ spec:
       subdomain: localhost
       containers:
       - name: idserver-deploy
-        image: simpleidserver/idserver:4.0.4
+        image: simpleidserver/idserver:4.0.5
         ports:
           - containerPort: 80
         env:
@@ -251,7 +251,7 @@ spec:
       subdomain: localhost
       containers:
       - name: website-deploy
-        image: simpleidserver/website:4.0.4
+        image: simpleidserver/website:4.0.5
         ports:
           - containerPort: 80
         env:
@@ -270,6 +270,4 @@ spec:
             - name: "IdServerBaseUrl"
               value: "https://idserver.sid.svc.cluster.local"
             - name: "ScimBaseUrl"
-              value: "https://scim.sid.svc.cluster.local"
-            - name: "StorageConfiguration__ConnectionString"
-              value: "Data Source=db-service,1433;Initial Catalog=IdServer;TrustServerCertificate=True;User=sa;Password=D54DE7hHpkG9;"
+              value: "https://scim.sid.svc.cluster.local"

src/IdServer/SimpleIdServer.IdServer.Domains/TranslatableConverter.cs

@@ -58,6 +58,7 @@ public override void Write(Utf8JsonWriter writer, T value, JsonSerializerOptions
         {
             var propertyType = prop.p.PropertyType;
             var obj = prop.p.GetValue(value);
+            Type? ut = null;
             if (obj == null) continue;
             if (propertyType == typeof(string))
                 writer.WriteString(prop.Item2, obj as string);
@@ -67,7 +68,9 @@ public override void Write(Utf8JsonWriter writer, T value, JsonSerializerOptions
                 writer.WriteNumber(prop.Item2, (double)obj);
             else if (propertyType == typeof(DateTime))
                 writer.WriteString(prop.Item2, (DateTime)obj);
-            else if(propertyType.GetInterfaces().Any(i => i.IsGenericType && i.GetGenericTypeDefinition() ==  typeof(IEnumerable<>)))
+            else if (TryGetEnumType(propertyType, out Type resultType))
+                writer.WriteString(prop.Item2, Enum.GetName(resultType, obj));
+            else if (propertyType.GetInterfaces().Any(i => i.IsGenericType && i.GetGenericTypeDefinition() == typeof(IEnumerable<>)))
             {
                 if (propertyType == typeof(JsonObject))
                 {
@@ -114,8 +117,11 @@ private static object Extract(JsonNode node, Type type)
         switch (node)
         {
             case JsonValue jsonVal:
-                var getValueMethod = typeof(JsonValue).GetMethod("GetValue", BindingFlags.Instance | BindingFlags.Public).MakeGenericMethod(type);
-                return getValueMethod.Invoke(jsonVal, new object[] { });
+                Type resultType;
+                var isEnum = TryGetEnumType(type, out resultType);
+                var getValueMethod = typeof(JsonValue).GetMethod("GetValue", BindingFlags.Instance | BindingFlags.Public).MakeGenericMethod(isEnum ? typeof(string) : type);
+                var value = getValueMethod.Invoke(jsonVal, new object[] { });
+                return isEnum ? (value == null ? null : Enum.Parse(resultType, value?.ToString())) : value;
             case JsonArray jsonArray:
                 var genericType = type.GenericTypeArguments[0];
                 var result = Activator.CreateInstance(typeof(List<>).MakeGenericType(genericType));
@@ -132,4 +138,17 @@ private static object Extract(JsonNode node, Type type)
 
         return node;
     }
+
+    private static bool TryGetEnumType(Type incomingType, out Type resultType)
+    {
+        resultType = null;
+        Type ut = null;
+        if (incomingType.IsEnum || ((ut = Nullable.GetUnderlyingType(incomingType)) != null && ut.IsEnum))
+        {
+            resultType = ut ?? incomingType;
+            return true;
+        }
+
+        return false;
+    }
 }

src/IdServer/SimpleIdServer.IdServer.Website.Startup/appsettings.Docker.json

@@ -14,6 +14,6 @@
     "ClientId": "SIDS-manager",
     "ClientSecret": "password",
     "Scope": "openid profile",
-    "IgnoreCertificateError": false
+    "IgnoreCertificateError": true
   }
 }

tests/SimpleIdServer.IdServer.Tests/SerializeFixture.cs

@@ -62,6 +62,25 @@ public void When_Serialize_And_Deserialize_HighlySecuredWebsite_Then_Properties_
         Assert.AreEqual(newClient.IsDPOPNonceRequired, deserializedClient.IsDPOPNonceRequired);
     }
 
+    [Test]
+    public void When_Serialize_And_Deserialize_MachineClient_Then_Properties_Are_Correct()
+    {
+        // ARRANGE
+        var newClientBuilder = ClientBuilder.BuildDeviceClient("clientid", "clientsecret", null)
+                    .AddScope(new Scope { Name = "openid" })
+                    .SetClientName("clientname");
+        var newClient = newClientBuilder.Build();
+        newClient.TokenExchangeType = TokenExchangeTypes.IMPERSONATION;
+        var json = JsonSerializer.Serialize(newClient);
+
+        // ACT
+        var deserializedClient = JsonSerializer.Deserialize<Client>(json);
+
+        // ASSERT
+        Assert.AreEqual(newClient.ClientId, deserializedClient.ClientId);
+        Assert.AreEqual(TokenExchangeTypes.IMPERSONATION, deserializedClient.TokenExchangeType);
+    }
+
     [Test]
     public void When_Serialize_And_Deserialize_SamlClient_Then_Properties_AreCorrect()
     {

website/versioned_docs/version-4.0.5/advancedsettings/auditing.md

@@ -0,0 +1,28 @@
+# Auditing
+
+The administration UI contains an auditing screen used to search for events.
+
+![Monitoring](images/monitoring-1.png)
+
+Following events are present :
+
+* AuthorizationFailureEvent
+* AuthenticationSuccessEvent
+* ClientAuthenticationFailureEvent
+* ClientAuthenticationSuccessEvent
+* ClientRegisteredFailureEvent
+* ClientRegisteredSuccessEvent
+* ConsentGrantedEvent
+* ConsentRevokedEvent
+* TokenIntrospectionFailureEvent
+* TokenIntrospectionSuccessEvent
+* TokenIssuedFailureEvent
+* TokenIssuedSuccessEvent
+* TokenRevokedFailureEvent
+* TokenRevokedSuccessEvent
+* UserInfoFailureEvent
+* UserInfoSuccessEvent
+* UserLoginSuccessEvent
+* UserLogoutSuccessEvent
+* PushedAuthorizationRequestSuccessEvent
+* PushedAuthorizationRequestFailureEvent

website/versioned_docs/version-4.0.5/advancedsettings/configuration.md

@@ -0,0 +1,108 @@
+# Configuration
+
+## IdentityServer
+
+The table below, list all the possible properties present in the `appsettings.json` file. Thanks to them, you can easily customize the behavior the [IdentityServer](../installation#create-identityserver-project).
+
+<table>
+    <thead>
+        <tr>
+            <th>Property</th>
+            <th>Description</th>
+            <th>Values</th>
+        </tr>
+    </thead>
+    <tbody>
+        <tr>
+            <td rowspan="2"><b>OverrideBaseUrl</b></td>
+            <td rowspan="2">When set to true, the base URL will be replaced by the authority.</td>
+            <td>true</td>
+        </tr>
+        <tr>
+            <td>false</td>
+        </tr>
+        <tr>
+            <td rowspan="2"><b>IsForwardedEnabled</b></td>
+            <td rowspan="2">Enable or disable the forwarded headers</td>
+            <td>true</td>
+        </tr>
+        <tr>
+            <td>false</td>
+        </tr>
+        <tr>
+            <td rowspan="4"><b>ClientCertificateMode</b></td>
+            <td rowspan="4">
+                Specifies the client certificate requirements for an HTTPS connection.<br/>
+                This parameter is required when you are using the <b>tls_client_auth</b> or <b>self_signed_tls_client_auth</b> client authentication method. <br/>
+                By default, the value is <b>NoCertificate</b>.
+            </td>
+            <td>NoCertificate</td>
+        </tr>
+        <tr>
+            <td>AllowCertificate</td>
+        </tr>
+        <tr>
+            <td>RequireCertificate</td>
+        </tr>
+        <tr>
+            <td>DelayCertificate</td>
+        </tr>
+        <tr>
+            <td rowspan="2"><b>IsRealmEnabled</b></td>
+            <td rowspan="2">Enable or disable the Realm. By default, the value is <b>true</b></td>
+            <td>true</td>
+        </tr>
+        <tr>
+            <td>false</td>
+        </tr>
+        <tr>
+            <td><b>SCIMBaseUrl</b></td>
+            <td>
+                Base URL of the SCIM Server. This value is used during the launch time of IdentityServer to configure Automatic Identity Provisioning with the SCIM Server..<br/>
+                By default, the value is <b>https://localhost:5003</b>.
+            </td>
+            <td>Base URL of the SCIM Server</td>
+        </tr>
+        <tr>
+            <td><b>Authority</b></td>
+            <td>
+                Base URL of the current IdentityServer. This value is used to configure OPENID authentication with the IdentityServer.<br/>
+                By default, the value is <b>https://localhost:5001</b>.
+            </td>
+            <td>Base URL of the current IdentityServer.</td>
+        </tr>
+        <tr>
+            <td><a href="../iam/configuration"><b>DistributedConfiguration</b></a></td>
+            <td>
+                Distributed configuration helps various modules within SimpleIdServer to store their settings. <br />
+                This property is used to configure the configuration storage, for example, <b>Redis</b> or <b>SQL Server</b>.
+            </td>
+            <td>For more information, please refer to this <a href="../iam/configuration">chapter</a></td>
+        </tr>
+        <tr>
+            <td><a href="../iam/storage"><b>StorageConfiguration</b></a></td>
+            <td>This property is used to configure the data storage used by IdentityServer to store its various entities, such as <b>Clients</b> or <b>Users</b>.</td>
+            <td>For more information, please refer to this <a href="../iam/storage">chapter</a></td>
+        </tr>
+        <tr>
+            <td rowspan="6"><b>Other</b></td>
+            <td rowspan="6">The other properties are used to configure the modules used by IdentityServer, such as <b>Automatic Identity Provisioning with SCIM</b> or an external Identity Provider like <b>Facebook</b></td>
+            <td><a href="../iam/externalidproviders#facebook">Facebook</a></td>
+        </tr>
+        <tr>            
+            <td><a href="../iam/automaticidentityprovisioning.md#scim">SCIM</a></td>
+        </tr>
+        <tr>            
+            <td><a href="../iam/automaticidentityprovisioning.md#ldap">LDAP</a></td>
+        </tr>
+        <tr>            
+            <td><a href="../iam/authmethods.md#email">IdServerEmailOptions</a></td>
+        </tr>
+        <tr>            
+            <td><a href="../iam/authmethods.md#sms">IdServerSmsOptions</a></td>
+        </tr>
+        <tr>            
+            <td>FidoOptions</td>
+        </tr>
+    </tbody>
+</table>

website/versioned_docs/version-4.0.5/advancedsettings/pki.md

@@ -0,0 +1,11 @@
+# Public Key Infrastructure (PKI)
+
+Here are the key components of SimpleIdServer's PKI. :
+
+1. **Certificate Authority (CA)** : The Certificate Authority is a trusted entity responsible for issuing and managing client certificates.
+2. **Client Certificates** : Client certificates are used by OAuth 2.0 clients, for example during the "tls_client_auth" authentication.
+
+In the Administration UI, you can manage the Certificate Authorities (CAs). They can be generated and stored in the database or imported from the Certificate Store.
+You can download one of them and install it into the appropriate certificate store.
+
+A Certificate Authority can be used to generate one or more client certificates.

website/versioned_docs/version-4.0.5/advancedsettings/realm.md

@@ -0,0 +1,26 @@
+# Realm
+
+A [Realm](../glossary) is a space where you can manage Clients, Scopes, Users, External Identity Providers, and Certificate Authorities. Realms are isolated from one another, but the same resource can be located in one or more Realms.
+
+By default, there is one configured `master` realm. It must not be removed, as doing so would render the SimpleIdServer product inoperable.
+
+You can use the Realm to separate different environments, such as having one for the `test` environment and another for the `prd` environment. 
+
+To add a realm, follow these steps :
+
+1. Click `Active realm: master`.
+2. Click `Add realm`.
+3. Enter the details for the new Realm.
+4. Click `Save`. After saving the details, the user-agent will be redirected to the new realm.
+
+You can switch the active realm by clicking on `Active realm: active realm`.
+
+## Disable Realm
+
+By default, SimpleIdServer is configured to use the Realm. If you do not want to use it, you can disable it by updating the `appsettings.json` configuration files.
+
+To disable the Realm, follow these steps:
+
+1. Open the [IdentityServer](../installation#create-identityserver-project) project and edit the `appsettings.json` file.
+2. Set the `IsRealmEnabled` property to `false` and save the file.
+3. Open the [IdentityServer website](../installation#create-identityserver-website-project) and edit the `appsettings.json` file.

website/versioned_docs/version-4.0.5/consultancy.md

@@ -0,0 +1,23 @@
+---
+title: Consultancy
+hide_table_of_contents: true
+---
+
+# Consultancy
+
+If you are seeking consultancy regarding any aspect of the Identity Access Management field, please feel free to contact us via email at agentsimpleidserver@gmail.com.
+
+We provide expertise in the following areas:
+
+* We offer expertise in reviewing and enhancing authentication and authorization strategies.
+* We provide advice and guidelines on architectural considerations, such as implementing identity provisioning and more.
+* We assist financial enterprises in achieving compliance with both FAPI 1.0 and FAPI 2.0 standards.
+* We provide assistance to public sectors, including government and hospitals, in developing trusted APIs that enable the issuance of valid credentials such as Covid Certificates, Driving Licenses, University Degrees, and more.
+
+# Open source and free of charge
+
+The support provided by SimpleIdServer is free of charge, and the source code is open source, licensed under the Apache-2 license.
+
+When it comes to GIT, we kindly request that you take a moment to read the [code of conduct](https://github.com/simpleidserver/SimpleIdServer/blob/master/CONTRIBUTING.md) before initiating an issue.
+
+[If you appreciate our project and wish to extend your support, you have the opportunity to sponsor it or make a donation.](https://github.com/sponsors/simpleidserver?o=esb)