From 36e6a4cab7462900c97beec1eff61b1dcce83152 Mon Sep 17 00:00:00 2001 From: cunninghamjc <38440684+cunninghamjc@users.noreply.github.com> Date: Fri, 15 Mar 2019 10:59:21 -0700 Subject: [PATCH] Audit log valid claims by default for AAD vs. IdentityServer (#386) * Audit log valid claims by default for AAD vs. IdentityServer * Don't need LastModifiedClaims=appid in StartupWithTraceAuditLogger anymore --- .../DevelopmentIdentityProviderConfiguration.cs | 1 + .../DevelopmentIdentityProviderRegistrationExtensions.cs | 1 + src/Microsoft.Health.Fhir.Web/appsettings.json | 4 ++-- .../Rest/Audit/StartupWithTraceAuditLogger.cs | 8 -------- 4 files changed, 4 insertions(+), 10 deletions(-) diff --git a/src/Microsoft.Health.Fhir.Web/DevelopmentIdentityProviderConfiguration.cs b/src/Microsoft.Health.Fhir.Web/DevelopmentIdentityProviderConfiguration.cs index ef7f478873..8a78c4cdc8 100644 --- a/src/Microsoft.Health.Fhir.Web/DevelopmentIdentityProviderConfiguration.cs +++ b/src/Microsoft.Health.Fhir.Web/DevelopmentIdentityProviderConfiguration.cs @@ -10,6 +10,7 @@ namespace Microsoft.Health.Fhir.Web public class DevelopmentIdentityProviderConfiguration { public const string Audience = "fhir-api"; + public const string LastModifiedClaim = "appid"; public bool Enabled { get; set; } diff --git a/src/Microsoft.Health.Fhir.Web/DevelopmentIdentityProviderRegistrationExtensions.cs b/src/Microsoft.Health.Fhir.Web/DevelopmentIdentityProviderRegistrationExtensions.cs index 7fcf3b0757..69e2fb39c4 100644 --- a/src/Microsoft.Health.Fhir.Web/DevelopmentIdentityProviderRegistrationExtensions.cs +++ b/src/Microsoft.Health.Fhir.Web/DevelopmentIdentityProviderRegistrationExtensions.cs @@ -187,6 +187,7 @@ public override void Load() // add properties related to the development identity provider. Data["DevelopmentIdentityProvider:Enabled"] = bool.TrueString; Data["FhirServer:Security:Authentication:Audience"] = DevelopmentIdentityProviderConfiguration.Audience; + Data["FhirServer:Security:LastModifiedClaims:0"] = DevelopmentIdentityProviderConfiguration.LastModifiedClaim; } } } diff --git a/src/Microsoft.Health.Fhir.Web/appsettings.json b/src/Microsoft.Health.Fhir.Web/appsettings.json index 704378f2c8..bedef57458 100644 --- a/src/Microsoft.Health.Fhir.Web/appsettings.json +++ b/src/Microsoft.Health.Fhir.Web/appsettings.json @@ -11,7 +11,7 @@ "Authority": "https://localhost:44348" }, "LastModifiedClaims": [ - "client_id" + "oid" ], "Authorization": { "Enabled": true @@ -74,4 +74,4 @@ "ApplicationInsights": { "InstrumentationKey": "" } -} \ No newline at end of file +} diff --git a/test/Microsoft.Health.Fhir.Tests.E2E/Rest/Audit/StartupWithTraceAuditLogger.cs b/test/Microsoft.Health.Fhir.Tests.E2E/Rest/Audit/StartupWithTraceAuditLogger.cs index 75c521a9e7..3b3b651792 100644 --- a/test/Microsoft.Health.Fhir.Tests.E2E/Rest/Audit/StartupWithTraceAuditLogger.cs +++ b/test/Microsoft.Health.Fhir.Tests.E2E/Rest/Audit/StartupWithTraceAuditLogger.cs @@ -6,9 +6,7 @@ using Microsoft.Extensions.Configuration; using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.DependencyInjection.Extensions; -using Microsoft.Extensions.Options; using Microsoft.Health.Fhir.Api.Features.Audit; -using Microsoft.Health.Fhir.Core.Configs; using Microsoft.Health.Fhir.Web; namespace Microsoft.Health.Fhir.Tests.E2E.Rest.Audit @@ -25,12 +23,6 @@ public override void ConfigureServices(IServiceCollection services) base.ConfigureServices(services); services.Replace(new ServiceDescriptor(typeof(IAuditLogger), typeof(TraceAuditLogger), ServiceLifetime.Singleton)); - - // Configure the test server to log a claim that is used in both local and integration environments. - ServiceProvider serviceProvider = services.BuildServiceProvider(); - var securityConfigurationOptions = serviceProvider.GetService>(); - securityConfigurationOptions.Value.LastModifiedClaims.Clear(); - securityConfigurationOptions.Value.LastModifiedClaims.Add("appid"); } } }