• Stars
    star
    204
  • Rank 192,063 (Top 4 %)
  • Language
    C#
  • License
    Apache License 2.0
  • Created over 6 years ago
  • Updated 8 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Configurable Mock Server for OpenId Connect

OpenId Connect Server Mock

Run Tests badge

This project allows you to run configurable mock server with OpenId Connect functionality.

Important

Free for development, testing and personal projects. For production you need to purchase Duende IdentityServer license.

Simple Configuration

The image is stored in github registry. Use the following to pull the image:

docker pull ghcr.io/soluto/oidc-server-mock:latest

This is the sample of using the server in docker-compose configuration:

version: '3'
services:
  oidc-server-mock:
    container_name: oidc-server-mock
    image: ghcr.io/soluto/oidc-server-mock:latest
    ports:
      - '4011:80'
    environment:
      ASPNETCORE_ENVIRONMENT: Development
      SERVER_OPTIONS_INLINE: |
        {
          "AccessTokenJwtType": "JWT",
          "Discovery": {
            "ShowKeySet": true
          },
          "Authentication": {
            "CookieSameSiteMode": "Lax",
            "CheckSessionCookieSameSiteMode": "Lax"
          }
        }
      LOGIN_OPTIONS_INLINE: |
        {
          "AllowRememberLogin": false
        }
      LOGOUT_OPTIONS_INLINE: |
        {
          "AutomaticRedirectAfterSignOut": true
        }
      API_SCOPES_INLINE: |
        - Name: some-app-scope-1
        - Name: some-app-scope-2
      API_RESOURCES_INLINE: |
        - Name: some-app
          Scopes:
            - some-app-scope-1
            - some-app-scope-2
      USERS_CONFIGURATION_INLINE: |
        [
          {
            "SubjectId":"1",
            "Username":"User1",
            "Password":"pwd",
            "Claims": [
              {
                "Type": "name",
                "Value": "Sam Tailor",
                "ValueType": "string"
              },
              {
                "Type": "email",
                "Value": "[email protected]",
                "ValueType": "string"
              },
              {
                "Type": "some-api-resource-claim",
                "Value": "Sam's Api Resource Custom Claim",
                "ValueType": "string"
              },
              {
                "Type": "some-api-scope-claim",
                "Value": "Sam's Api Scope Custom Claim",
                "ValueType": "string"
              },
              {
                "Type": "some-identity-resource-claim",
                "Value": "Sam's Identity Resource Custom Claim",
                "ValueType": "string"
              }
            ]
          }
        ]
      CLIENTS_CONFIGURATION_PATH: /tmp/config/clients-config.json
      ASPNET_SERVICES_OPTIONS_INLINE: |
        { 
          "ForwardedHeadersOptions": { 
            "ForwardedHeaders" : "All"
          }
        }
    volumes:
      - .:/tmp/config:ro

When clients-config.json is as following:

[
  {
    "ClientId": "implicit-mock-client",
    "Description": "Client for implicit flow",
    "AllowedGrantTypes": ["implicit"],
    "AllowAccessTokensViaBrowser": true,
    "RedirectUris": ["http://localhost:3000/auth/oidc", "http://localhost:4004/auth/oidc"],
    "AllowedScopes": ["openid", "profile", "email"],
    "IdentityTokenLifetime": 3600,
    "AccessTokenLifetime": 3600
  },
  {
    "ClientId": "client-credentials-mock-client",
    "ClientSecrets": ["client-credentials-mock-client-secret"],
    "Description": "Client for client credentials flow",
    "AllowedGrantTypes": ["client_credentials"],
    "AllowedScopes": ["some-app-scope-1"],
    "ClientClaimsPrefix": "",
    "Claims": [
      {
        "Type": "string_claim",
        "Value": "string_claim_value",
        "ValueType": "string"
      },
      {
        "Type": "json_claim",
        "Value": "[\"value1\", \"value2\"]",
        "ValueType": "json"
      }
    ]
  }
]

Clients configuration should be provided. Test user configuration is optional (used for implicit flow only).

There are two ways to provide configuration for supported scopes, clients and users. You can either provide it inline as environment variable:

  • SERVER_OPTIONS_INLINE

  • LOGIN_OPTIONS_INLINE

  • LOGOUT_OPTIONS_INLINE

  • API_SCOPES_INLINE

  • USERS_CONFIGURATION_INLINE

  • CLIENTS_CONFIGURATION_INLINE

  • API_RESOURCES_INLINE

  • IDENTITY_RESOURCES_INLINE

    or mount volume and provide the path to configuration json as environment variable:

  • SERVER_OPTIONS_PATH

  • LOGIN_OPTIONS_PATH

  • LOGOUT_OPTIONS_PATH

  • API_SCOPES_PATH

  • USERS_CONFIGURATION_PATH

  • CLIENTS_CONFIGURATION_PATH

  • API_RESOURCES_PATH

  • IDENTITY_RESOURCES_PATH

The configuration format can be Yaml or JSON both for inline or file path options.

In order to be able to override standard identity resources set OVERRIDE_STANDARD_IDENTITY_RESOURCES env var to True.

Base path

The server can be configured to run with base path. So all the server endpoints will be also available with some prefix segment. For example http://localhost:8080/my-base-path/.well-known/openid-configuration and http://localhost:8080/my-base-path/connect/token. Just set BasePath property in ASPNET_SERVICES_OPTIONS_INLINE/PATH env var.

Custom endpoints

User management

Users can be added (in future also removed and altered) via user management endpoint.

  • Create new user: POST request to /api/v1/user path. The request body should be the User object. Just as in USERS_CONFIGURATION. The response is subjectId as sent in request.

  • Get user: GET request to /api/v1/user/{subjectId} path. The response is User object

  • Update user PUT request to /api/v1/user path. (Not implemented yet) The request body should be the User object. Just as in USERS_CONFIGURATION. The response is subjectId as sent in request.

    If user doesn't exits it will be created.

  • Delete user: DELETE request to /api/v1/user/{subjectId} path. (Not implemented yet) The response is User object

HTTPS

To use https protocol with the server just add the following environment variables to the docker run/docker-compose up command, expose ports and mount volume containing the pfx file:

environment:
  ASPNETCORE_URLS: https://+:443;http://+:80
  ASPNETCORE_Kestrel__Certificates__Default__Password: <password for pfx file>
  ASPNETCORE_Kestrel__Certificates__Default__Path: /path/to/pfx/file
volumes:
  - ./local/path/to/pfx/file:/path/to/pfx/file:ro
ports:
  - 8080:80
  - 8443:443

Cookie SameSite mode

Since Aug 2020 Chrome has a new secure-by-default model for cookies, enabled by a new cookie classification system. Other browsers will join in near future.

There are two ways to use oidc-server-mock with this change.

  1. Run the container with HTTPS enabled (see above).
  2. Change cookies SameSite mode from default None to Lax. To do so just add the following to SERVER_OPTIONS_INLINE (or the file at SERVER_OPTIONS_PATH):
{
  // Existing configuration
  // ...
  "Authentication": {
    "CookieSameSiteMode": "Lax",
    "CheckSessionCookieSameSiteMode": "Lax"
  }
}

Contributing

Requirements

  1. Docker (version 18.09 or higher)

  2. NodeJS (version 10.0.0 or higher)

Getting started

  1. Clone the repo:

    git clone [email protected]:Soluto/oidc-server-mock.git
  2. Install npm packages (run from /e2e folder):

    npm install

    Note: During the build of Docker image UI source code is fetched from github. If you experience some issues on project compile step of Docker build or on runtime try to change the branch or commit in the script.

  3. Run tests:

    npm run test

Used by

  1. Tweek blackbox tests.

  2. Stitch e2e tests.

More Repositories

1

kamus

An open source, git-ops, zero-trust secret encryption and decryption solution for Kubernetes applications
C#
913
star
2

tweek

Tweek - an open source feature manager
C#
345
star
3

graphql-to-mongodb

Allows for generic run-time generation of filter types for existing graphql types and parsing client requests to mongodb find queries
TypeScript
314
star
4

python-flask-sklearn-docker-template

A simple example of python api for real time machine learning, using scikit-learn, Flask and Docker
Python
135
star
5

dynamico

Dynamico allows a remote (web-like) code push work-flow for continuous delivery of specific features native or web.
TypeScript
97
star
6

webdriverio-zap-proxy

Demo - how to easily build security testing for Web App, using Zap and Glue
JavaScript
58
star
7

mobsf-ci

All that is required to run MobSF in the ci
Shell
42
star
8

shisell-js

A service agnostic library for building immutable scoped analytic event dispatchers with extra data, identities and lazy filters.
TypeScript
41
star
9

monitored

A utility for monitoring services 🔍
TypeScript
37
star
10

dqd

Dequeue daemon
Go
35
star
11

wordpress-plugin-tests-template

A template for a Wordpress plugin with tests that are running using Docker
Shell
35
star
12

golang-docker-healthcheck-example

Simple HEALTHCHECK solution for Go Docker container
Dockerfile
34
star
13

owasp-zap-glue-ci-images

Ready to use images of Zap and Glue, especially for CI integration.
Shell
33
star
14

stitch

Stitch is a no-code GraphQL tool for your existing APIs and data sources
TypeScript
29
star
15

docker-compose-jest-runner

This package allows to run tests that use docker-compose and supports multi-stage setup.
TypeScript
28
star
16

containers-security-project

A place for documenting threats and mitigations related to containers orchestrators (Kubernetes, Swarm etc)
Gherkin
25
star
17

Miro

MIRO - Merge it robot!
C#
25
star
18

airbag

Tiny OAuth2 and metrics sidecar for your docker containers
C#
23
star
19

fluent-plugin-kubernetes-log-level

Dynamic filtering of kubernetes logs according to pod labels
Ruby
23
star
20

simple-fake-server

Small and simple http server for mocking and asserting http calls
TypeScript
17
star
21

react-shisell

React binding for Shisell-js
TypeScript
8
star
22

mustache-async.js

Logic-less {{mustache}} templates with async view function Support
JavaScript
8
star
23

helm-charts

Soluto's Helm Charts Repository
Smarty
8
star
24

testcafe-reporter-teamcity

This is a TeamCity reporter plugin for TestCafe.
JavaScript
7
star
25

tweek-clients

clients for https://www.github.com/soluto/tweek
TypeScript
6
star
26

casbin-nats-watcher

Casbin watcher implementation with Nats.io
Go
5
star
27

flowz

Flowz is a library for writing resumable asynchronous code
JavaScript
4
star
28

soluto-kafka

Java
4
star
29

test-ssl-cipher-suites

A ruby script that use NMap to test SSL cipher suites
Ruby
3
star
30

shisell-python

Shisell is a service agnostic abstraction for analytic dispatchers.
Python
3
star
31

nagios-plugins

JavaScript
3
star
32

fetch-jwk

This library provides methods to fetch jwt keys from jwks url
Go
2
star
33

linkerd-disable-injection-mutation-webhook

Go
2
star
34

Tweek.JPad

JPad is the default rules engine for Tweek.
F#
2
star
35

taking-care-of-quizness-ui

JavaScript
2
star
36

congo-examples

JavaScript
1
star
37

react-tweek-shop-example

JavaScript
1
star
38

react-native-tweek-example

Objective-C
1
star
39

tweek-deploy

TypeScript
1
star
40

IdentityServer.Contrib.JsonWebKeyAdapter

A small nuget package allow to work with JsonWebKey instead of X509Certificate.
C#
1
star
41

tweek-authoring-php-client

NOT OFFICIAL - PHP client for Tweek Authoring, auto-generated from swagger
PHP
1
star
42

taking-care-of-quizness-api

JavaScript
1
star