Spring til login

Digitaliser.dk

Sektioner

Aktuel side

Gruppens profilbillede

OIOSAML

298 medlemmer | Medlemsskab via fri tilmelding (Bliv medlem - kræver login )

OIOSAML.NET version 1.7.4

Ansvarlig: Brian Graversen
Version: 1.7.4 - Publiceret: 01.12.2011 14:54
Type: Software

OBS! Der findes en nyere version af den valgte ressource. Klik her for at se den nyeste version.

Releasedate: 21. November 2011

Releasenote

This release contains a security fix for a vulnerability found in the XML Encryption standard.

Version1.7.4  of OIOSAML.NET attempts to prevent this attack by hiding the details of errors to the end-user. The full error details are still accessible from the logfiles.

For debugging/testing purposes, it is possible to show all error messages in the browser as normal, by enabling this with the following new setting in web.config.

<ShowError>[true|false]</ShowError>

 

Flere oplysninger

Udvid boks
Operativsystem
  • Windows
Programmeringssprog
  • C#
Producent(er)
  • Digitaliseringsstyrelsen
  • Trifork A/S

Artefakter

Filer og referencer
Titel Type
oiosaml.net.v1.7.4.zip application/octet-stream Download Vis supplerende information ...
Net SAML2 Service Provider Framework.pdf pdf Download Vis supplerende information ...

Klassifikationer

Indlæg til ressource

Profilens billede

Error while upload metadata.xml

Cong Nguyen - 20.03.2012 10:48

Hello everybody,

I try to run the sample of OIOSAML.NET. The first time it is successful, but now it is always failed with error (in IdPDemo):

Unexpected node type Element. ReadElementString method can only be called on elements with simple or empty content. Line 4, position 6. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. 

Exception Details: System.Xml.XmlException: Unexpected node type Element. ReadElementString method can only be called on elements with simple or empty content. Line 4, position 6.

and i don't see any IdP in the SPDemo

Please help me this problem.

Regards,

Cong

Kommentarer (1)

Profilens billede 1
Brian Nielsen - 22.03.2012 13:33

Hi Cong

You don't give me much to guess from :-). Have you eabled full logging in both SP and IdP as descriped section "13.1 Enabling debug logging" in the OIOSAML.NET 1.7.4 documentation.

Best regards
Brian Nielsen 

Profilens billede

WIF / OIOSAML.NET

Jesper Niedermann - 24.02.2012 10:13

I am curious to know if the OIOSAML.NET will become obsolete when Windows Identy Foundation (WIF) eventually provides SAML2 support ? (It has been in CTP since may 2011)

I have read that it also contains a DemoIdP i.e. similar test support as OIOSAML.NET.

On Stackoverflow a developer recommends WIF over OIOSAMl.NET

http://stackoverflow.com/questions/428599/opensso-or-esoe-for-net

Sicne I have not tried out WIF yet I am curious to know the pro/cons of WIF vs OIOSAML.NET

Of course it is speculations. But any thoughts ?

Regards Jesper

Profilens billede

DemoIdP in Production ?

Jesper Niedermann - 23.02.2012 14:17

We are in a situation where we want to make an Internal IdP/STS for our own websites.

Since we are familiar with OIOSAML.NET it would be obvious to start the code with the DemoIdP from this framework.

But the document Net SAML2 Service Provider Framework.pdf states very explicitly that: "It should not be used as a permanent substitute for at real identity provider in a development environment"

So my question is what security concerns makes the DemoIdp unfit as a "real Identity Provider" ?

And what changes should be made to make it a "real identity provider" ?

What are the best bets if not to use the DemoIdP ? (I would probably look in the direction of ADFS or WIF first)

Kommentarer (2)

Profilens billede 1
Brian Nielsen - 24.02.2012 00:18

Hi Jesper

I would expect the reason to be that it was develop for the sole purpose of inital toolkit testing, and as such has not been QA'ed in any sense for aspects like security, stability, features, compliance, logging etc.

In terms of what is missing? Not to be rude, but that's up to you to define that.

As for alternatives, I don't have much experience, but ADFS V2.0 (should be possible "AD FS 2.0 Step-by-Step Guide: Federation with Ping Identity PingFederate")  could be a possibility along with other SAML supportive/compliant products (there's quite a list in wikipedias "SAML-based products and services").

Best regards
Brian Nielsen 

Profilens billede 2
Jesper Niedermann - 24.02.2012 09:58

Hi Brian,

Thank you for the answer. Then it is as I expected, and we will not rule out the DemoIdP as the basis. But I will also look at your link and consider other alternatives.

Do not worry we are capable of finding out what is missing functionality wise :) But it if there is fundamental security flaws then there is no point in figuring this out the hard way.

BTW: I have made a few changes to the OIOSAML.NET toolkit. Namely to store the Metadata in App_data instead of in a path outside the website (thereby running into issues with setting up folder permissions). Should I submit these changes somewhere ?

Regards Jesper

Ønsker du at skrive indlæg eller blot kommentere indlæg,
skal du være oprettet som bruger og logget ind.

Opret dig som Ny bruger    eller Log ind    

Tilføj fil(er)

En ny fil vil overskrive en eksisterende fil, hvis begge filer har samme navn og samme ekstension.

Tags

Tilføj dine egne tags

- (kræver login)

Andre brugeres tags til ressourcen

Der er ikke tilknyttet tags fra andre brugere

Minimér boks
Versioner
Version Dato
1.7.9 26.02.2014 09:41 Vis supplerende information ...
1.7.8 08.11.2013 13:26 Vis supplerende information ...
1.7.7 11.09.2013 11:04 Vis supplerende information ...
1.7.6 31.05.2012 09:19 Vis supplerende information ...
1.7.5 04.04.2012 14:29 Vis supplerende information ...
1.7.4 (valgte) 01.12.2011 14:54 Vis supplerende information ...
1.7.3 11.08.2011 12:47 Vis supplerende information ...
1.7.2 31.05.2011 11:48 Vis supplerende information ...
1.7.10 27.06.2014 12:49 Vis supplerende information ...
1.7 06.12.2010 15:13 Vis supplerende information ...
1.6 03.09.2010 14:46 Vis supplerende information ...
1.5 03.09.2010 14:37 Vis supplerende information ...
1.4+ 03.09.2010 14:33 Vis supplerende information ...
1.4 03.09.2010 14:30 Vis supplerende information ...
1.1 03.09.2010 14:20 Vis supplerende information ...
1.0 RC1 03.09.2010 14:14 Vis supplerende information ...
1.0 03.09.2010 14:17 Vis supplerende information ...

Digitaliseringsstyrelsen