ITfoxtec Identity Saml2 - History

The ITfoxtec Identity Saml2 version history.


Add support for changing the redirection target.
Default "/Auth/Login" e.g. change to "/Saml/Login" like this: services.AddSaml2("/Saml/Login")


Add support for the WantAuthnRequestsSigned attribute on the IDPSSODescriptor element for IdP metadata.

Add support for custom certificate validator with CustomCertificateValidator property on Saml2Configuration.


Support Azure Key Vault

Support destination URL with "?" like a Google Suite SSO URL

Issuer, EntityID and AllowedAudienceUris is changed to string values
Full support in .NET Core. AllowedAudienceUris as string values is not supported in .NET Framework

AuthnRequest support Subject and NameID

AssertionConsumerService index error resolved

Read IdP metadata support optional "use" attribute on KeyDescriptor

Resolve certificate store find issue

CertificateUtil Load method from file support X509KeyStorageFlags

This release will brake the code!
The relying party and identity provider code in relation to Issuer, EntityID and AllowedAudienceUris has to be changed from using URI to string values. Please see the test/sample applications.


Add .NET Core 2.2 support.

Reintroduce .NET Framework 4.6.2 support.

Solves issue #26.


Support both .NET Core 2.1 and .NET Framework 4.7.2.

This is the first version supporting .NET Core without the framework.


Use DateTimeOffset instead of DateTime.

Check XML signature reference.

ReadSamlResponse read RelayState.

Handle empty NameId format in logout request. Thanks to MSACATS.


Saml2SignedXml CheckSignature bug fix.

Package update.

ITfoxtec.Identity.Saml2 2.0.1 is tested and not vulnerabil for the SAML vulnerability
If an attacker tries to exploit the SAML vulnerability, ITfoxtec.Identity.Saml2 throws the XmlException with the text "Unexpected node type Comment. ReadElementString method can only be called on elements with simple or empty content."


Updateded from .NET 4.5 to .NET 4.6.2

Updateded from Core 1.1 to Core 2.0 (minor breaking changes).

Now supports SHA1/SHA256/SHA384/SHA512 signing.

Bug fixes. - only ITfoxtec.Identity.Saml2.MvcCore

Saml2AuthnResponse claims transformation error solved. The claimsTransform was never called.

Important: the ClaimsTransform attribute name is changed to claimsTransform.


Prevent Cross-Site Scripting in Relay State.

Enable Sign AuthnRequest (Saml2Configuration.SignAuthnRequest), default false.


Not signing AuthnRequest and not expecting AuthnRequest to be signed. Furthermore, if an AuthnRequest is signed the signature is not verified.

All packages updated.


First version released which is an update to the previous component ITfoxtec SAML 2.0 and MVC.

This component is more restrictive regarding signature verification and supports SAML-P for both Identity Provider (IdP) and Relying Party (RP).