Looking for a .NET Framework example? Have a look.

Using Cloud Foundry SSO with OpenID Connect provider

This is a guide to integrate a .Net Core API with the Cloud Foundry SSO identity provider service. The sample provides authentication to select entry points of an application. It is meant to provide authentication simiar to how IIS would when Windows authentication is enabled.
First, establish an identity provider.
Next, create a .NET Core WebAPI that interacts with SSO
  1. Create a new ASP.NET Core WebAPI app with the Steeltoe Initializr
    • SteeltoeVersion: 2.4 for the latest stable
    • Project Metadata:
      Name: OAuth_SSO_Example
      Target Framework: netcoreapp3.1 is the latest stable
    • Dependencies: none
    • Click Generate Project to download a zip containing the new project
  2. Extract the zipped project and open in your IDE of choice (we use Visual Studio)
  3. Open the package manager console
  4. Install NuGet distributed packages
    Install-Package -Id Steeltoe.Security.Authentication.CloudFoundryCore -Version 2.4
  5. Set the instance address in appsettings.json
Then, add Cloud Foundry OpenID Connect, secure endpoints, and run the app
  1. Set the cloud foundry auth middleware in Startup.cs
    using Steeltoe.Security.Authentication.CloudFoundry;
    public class Startup {
    	public IConfiguration Configuration { get; private set; }
    	public Startup(IConfiguration configuration){
    			Configuration = configuration;
    	public void ConfigureServices(IServiceCollection services){
    		services.AddAuthentication(options => {
    					options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
    					options.DefaultChallengeScheme = CloudFoundryDefaults.AuthenticationScheme;
    			.AddCookie((options) =>{
    						// set values like login url, access denied path, etc here
    						options.AccessDeniedPath = new PathString("/Home/AccessDenied");
    			.AddCloudFoundryOpenId(Configuration); // Add Cloud Foundry authentication service
    	public void Configure(IApplicationBuilder app){
    		// Use the protocol from the original request when generating redirect uris
        // (eg: when TLS termination is handled by an appliance in front of the app)
        app.UseForwardedHeaders(new ForwardedHeadersOptions {
            ForwardedHeaders = ForwardedHeaders.XForwardedProto
        // Add authentication middleware to pipeline
  2. Open the Controllers\ValuesControllers.cs file and secure endpoints
    using Microsoft.AspNetCore.Mvc;
    using Microsoft.AspNetCore.Authorization;
    public class ValuesController : ControllerBase{
      public ActionResult<string> Get(){
          return "Hi There";
      // GET api/values/5
      public ActionResult<string> Get(int id){
    		return "value: " + id.ToString();
      // POST api/values
      public void Post([FromBody] string value){
      // PUT api/values/5
      public void Put(int id, [FromBody] string value){
      // DELETE api/values/5
      public void Delete(int id){
    Notice the default GET endpoint with no params is open to anonymous connections but the other endpoints all require authorization. With the combination of SSO functions, the user will be prompted for login and returned.
  3. Run the application