The ITfoxtec Identity Saml2 version history.
Support Azure Key Vault
Support destination URL with "?" like a Google Suite SSO URL https://accounts.google.com/o/saml2/idp?idpid=XXXXXXXX
Issuer, EntityID and AllowedAudienceUris is changed to string values
Full support in .NET Core. AllowedAudienceUris as string values is not supported in .NET Framework
AuthnRequest support Subject and NameID
AssertionConsumerService index error resolved
Read IdP metadata support optional "use" attribute on KeyDescriptor
Resolve certificate store find issue
CertificateUtil Load method from file support X509KeyStorageFlags
This release will brake the code!
The relying party and identity provider code in relation to Issuer, EntityID and AllowedAudienceUris has to be changed from using URI to string values. Please see the test/sample applications.
Add .NET Core 2.2 support.
Reintroduce .NET Framework 4.6.2 support.
Solves issue #26.
Support both .NET Core 2.1 and .NET Framework 4.7.2.
This is the first version supporting .NET Core without the framework.
Use DateTimeOffset instead of DateTime.
Check XML signature reference.
ReadSamlResponse read RelayState.
Handle empty NameId format in logout request. Thanks to MSACATS.
Saml2SignedXml CheckSignature bug fix.
ITfoxtec.Identity.Saml2 2.0.1 is tested and not vulnerabil for the SAML vulnerability https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations
If an attacker tries to exploit the SAML vulnerability, ITfoxtec.Identity.Saml2 throws the XmlException with the text "Unexpected node type Comment. ReadElementString method can only be called on elements with simple or empty content."
Updateded from .NET 4.5 to .NET 4.6.2
Updateded from Core 1.1 to Core 2.0 (minor breaking changes).
Now supports SHA1/SHA256/SHA384/SHA512 signing.
Saml2AuthnResponse claims transformation error solved. The claimsTransform was never called.
Important: the ClaimsTransform attribute name is changed to claimsTransform.
Prevent Cross-Site Scripting in Relay State.
Enable Sign AuthnRequest (Saml2Configuration.SignAuthnRequest), default false.
Not signing AuthnRequest and not expecting AuthnRequest to be signed. Furthermore, if an AuthnRequest is signed the signature is not verified.
All packages updated.
First version released which is an update to the previous component ITfoxtec SAML 2.0 and MVC.
This component is more restrictive regarding signature verification and supports SAML-P for both Identity Provider (IdP) and Relying Party (RP).