SharePoint?

[jhermsen]

Is it possible to use SimpleIdServer as token provider with SharePoint 2010?

Is there maybe someone with an example or guide to implement this?

[simpleidserver]

Hello,

According to the official documentation (https://learn.microsoft.com/en-us/sharepoint/security-for-sharepoint-server/set-up-oidc-auth-in-sharepoint-server-with-msaad), it is possible to configure Sharepoint to trust any OPENID server by using metadata endpoint.

Before executing the powershell script, an OPENID server must be installed in your machine and accessible by sharepoint.

1. Download the sample project and open the visual studio solution Quickstart.sln : https://github.com/simpleidserver/SimpleIdServer/tree/master/samples/OpenidIdp
2. Edit the file OpenIdDefaultConfiguration.cs and add a new client. Don't forget to update the ClientId and also the RedirectionUrl.

new OpenIdClient
{
    ClientId = "sharepointClientId",
    ClientSecret = "sharepointClientSecret",
    ApplicationKind = ApplicationKinds.SPA,
    TokenEndPointAuthMethod = "pkce",
    ApplicationType = "web",
    UpdateDateTime = DateTime.UtcNow,
    CreateDateTime = DateTime.UtcNow,
    TokenExpirationTimeInSeconds = 60 * 30,
    RefreshTokenExpirationTimeInSeconds = 60 * 30,
    TokenSignedResponseAlg = "RS256",
    IdTokenSignedResponseAlg = "RS256",
    AllowedScopes = new List<OAuthScope>
    {
        SIDOpenIdConstants.StandardScopes.OpenIdScope,
        SIDOpenIdConstants.StandardScopes.Profile,
        SIDOpenIdConstants.StandardScopes.Email,
        SIDOpenIdConstants.StandardScopes.Role
    },
    GrantTypes = new List<string>
    {
        "authorization_code",
        "implicit"
    },
    RedirectionUrls = new List<string>
    {
        "http://localhost:4200"
    },
    PostLogoutRedirectUris = new List<string>
    {
        "http://localhost:4200"
    },
    PreferredTokenProfile = "Bearer",
    ResponseTypes = new List<string>
    {
        "token",
        "id_token",
        "code"
    }
}

3. Run the project. The well known configuration is visible here : https://localhost:5001/.well-known/openid-configuration

Once you've an up and running OPENID server, you can follow this tutorial to configure sharepoint to trust OPENID server :

https://learn.microsoft.com/en-us/sharepoint/security-for-sharepoint-server/set-up-oidc-auth-in-sharepoint-server-with-msaad#configure-sharepoint-to-trust-azure-ad-oidc-by-using-metadata-endpoint

[jhermsen]

Thank you for the detailed answer, but if read the article correctly it's from SharePoint version 2013.
I'm looking for a solution using SharePoint 2010.

[simpleidserver]

Indeed, according to this document (https://learn.microsoft.com/en-us/previous-versions/office/developer/sharepoint-2010/hh394901(v=office.14)), sharepoint version 2010 doesn't seem to support OPENID/OAUTH but SAML1.1 and WS-Federation 1.1 are supported.
Unfortunately, SimpleIdServer only supports SAML2.0 (you can find a working sample here : https://github.com/simpleidserver/SimpleIdServer/tree/master/samples/SamlIdp).
A ticket Support WS-Federation 1.1 has been created, it will be implemented for the next release.

[jhermsen]

Thank you.
I will look into the sample and wait for the ws-federation implementation.

[simpleidserver]

This ticket is closed because WS-Federation is supported by Sid :)