The ITfoxtec Identity Saml2 version history.
Use DateTimeOffset instead of DateTime.
Check XML signature reference.
ReadSamlResponse read RelayState.
Handle empty NameId format in logout request. Thanks to MSACATS.
Saml2SignedXml CheckSignature bug fix.
ITfoxtec.Identity.Saml2 2.0.1 is tested and not vulnerabil for the SAML vulnerability https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations
If an attacker tries to exploit the SAML vulnerability, ITfoxtec.Identity.Saml2 throws the XmlException with the text "Unexpected node type Comment. ReadElementString method can only be called on elements with simple or empty content."
Updateded from .NET 4.5 to .NET 4.6.2
Updateded from Core 1.1 to Core 2.0 (minor breaking changes).
Now supports SHA1/SHA256/SHA384/SHA512 signing.
Saml2AuthnResponse claims transformation error solved. The claimsTransform was never called.
Important: the ClaimsTransform attribute name is changed to claimsTransform.
Prevent Cross-Site Scripting in Relay State.
Enable Sign AuthnRequest (Saml2Configuration.SignAuthnRequest), default false.
Not signing AuthnRequest and not expecting AuthnRequest to be signed. Furthermore, if an AuthnRequest is signed the signature is not verified.
All packages updated.
First version released which is an update to the previous component ITfoxtec SAML 2.0 and MVC.
This component is more restrictive regarding signature verification and supports SAML-P for both Identity Provider (IdP) and Relying Party (RP).