Der findes en nyere version af resourcen her

OIOSAML.NET version 1.7.3

Releasedate: 11. August 2011


The same vulnerability as found in oiosaml.java, and corrected in v8330 (http://digitaliser.dk/resource/1664828) is present in oiosaml.net v 1.7.2.

oiosaml.net restricts the amount of assertions to one in a SAMLResponse, so the practical attack against oiosaml.java is not reproducable against oiosaml.net, but the underlying issue with uri/id validation is still present.

This version corrects this issue, and it is recommended to upgrade to the latest version, to ensure that any unknown attacks that builds on this vulnerability are blocked.


  1. Validation of the reference uri in the signature element 

Filer og referencer

Titel Type
Net SAML2 Service Provider Framework.pdf pdf
oiosaml.net.v1.7.3.zip application/octet-stream