Loading…
Tilbage
×

Info

Der findes en nyere version af resourcen her

OIOSAML.NET version 1.7.5


Releasedate: 4. April 2012

Releasenote

Changes in this version:

  • Fixed endcoding issues in redirect/post/soap bindings to allow Danish character in certificate CN.
  • Saving IDP NameID in session state.
  • AllowCreate XmlIgnored on NameIDPolicy
  • Test option in SP page for AssuranceLevel
  • NameIdFormat added to metadata generation
  • Added template for web.config to help with nemlogin integration 

Filer og referencer

Titel Type
Net SAML2 Service Provider Framework.pdf pdf
oiosaml_net_1.7.5.zip application/octet-stream
Profilbillede

ECP Profile support in OIOSAML.java?

Madhavi Shrotri

Does OIOSAML.java support ECP profile? It does not look like, but just want to confirm.

Also, if the ECP support is not there currently, is there any plan of adding that in the near future?

Thanks,

Madhavi

Sorry, the post shows up as bound to OIOSAML.Net version 1.7.5. It is not a OISAML.NET question. I don't know how to 'unbind' it from that group - I don't know any Danish.

Anyways, I will post the original query in the correct group. My apologies.

Madhavi

Profilbillede

NameIDFormats config value?

Michael Hallock

Quick question:

In the SAML20MetadataDocument.cs class, line 155 or so, it appears that a new config setting has been added under Saml20Configuration called NameIDFormat, which will set the NameIDFormat array to a single value.

What was the value of doing this here, when around line 79 in the same file it already handles this with the Saml20Configuration/NameIDFormats configuration collection?

It does the exact same thing, without the need for the new configuration setting, ad it allows you to specify multiple NameIDFormats instead of just one, or just one... also as this is clearly SP related, it should certainly go under that configuration location, yes?

Just curious if this was an oversight.

Also, glad to see the XmlIgnore was finally added to the AllowCreate method... I've been maually patching that since I originally posted the patch for it in 1.6.

Hi Michael

Thank you for sharing your observation. I've just had a qucik glance at the lines you mentioned and it sure looks like a double feature (read: oversight). With VewVC on our SVN respository:

Line 79 in Saml20MetadataDocument revision 9882

Line 155 in Saml20MetadataDocument revision 9882

Best regards
Brian Nielsen 

and bye the way the reason for limiting it to one entry does make sense in a danish OIOSAML context (Haven't seen any usage with both OCES and persistent pseudonym. But to make the toolkit usable in more (oio)saml scenarios we should support multiple (and have an metadata validator build to check for oiosaml compliance).

Brgds Brian 

I think I have actually done this in my own local implementation... I have an added configuratuion value in the SAML20Federation area:

AssertionProfile profile="Core"

It can also be DKSaml in my implementation...

But it triggers the assertionValidator to Saml20AssertionValidator instead of DKSaml20AssertionValidator.

Is that what you were talking about?

Edit: Note, my implementation adds a few requirements of the US Federal SAML implementation... namely:

1. Triggering the Core profile validation instead of the DKSaml extended validation

2. Passing NameIdPolicy and RequestedAuthnContext elements in Saml20AuthnRequest

3. A flag to ignore session returnUrl on ServiceEndpoint configurations (More an internal need for my project).

IF THERE IS INTEREST, I would LOVE to add this functionality to your library for you, as it would (a) allow you to market this as a general use SAML library instead of specifically DKSaml, and (b) would also allow me to add in an ICAM validation profile for people in the US using this for the Federal profile here... Support for triggering a different profile (number 1 above) and support for including the NameId and RequestedAuthnContext are the only two really important pieces for that, and then you would fully support ICAM as well... And perhaps the flag to ignore the returnUrl would be helpful to others? 

ændret af Michael Hallock (16.05.2012)
Profilbillede

Fejl i metadata

Henrik Bach

Hej.

Jeg har inkluderet OIOSAML.NET v 1.7.5 i min applikation.

Når jeg validerer metadatafilen hos: https://test-nemlog-in.dk/metadatavalidator/ får jeg flg. fejl, som jeg ikke forstår:

1. EntityIdFormat Error (line: 2): The entity id specified {0} is not formatted as an URI.

2. ValidNameFormatId Error : The NameIDFormat element is not found.

Er der nogen, som har en ide, hvordan jeg skal konfigurere OIOSAML.NET, så fejlene forsvinder?

PFT.

modereret af Brian Nielsen (09.05.2012)

Hej Henrik

Prøv at kigge på konfigurationsfilen til demo webapp'en (i SVN) hvor entityId er en attribut på <ServiceProvider> elementet. Alternativt kan du prøve at sende din metadatafil til mig (brian@digst.dk). Iøvrigt mener/håber jeg det er angivet i Dokumentationen til OIOSAML.NET 1.7.5 

Med venlig hilsen
Brian Nielsen, DIGST 

Hej Brian.

Formuleringen i "Dokumentationen til OIOSAML.NET" for nameIdFormat og hvad der forventes hos https://test-nemlog-in.dk/metadatavalidator/ er ikke særlig tydig.

Ad entity id kan jeg ikke pt. se ud af dokumentationen hvad der forventes ift. den tidligere version 1.6.

Jeg sender web.config'en, som volder mig problemer. Bemærk at denne fil er ift. den tidligere version 1.6 af OIOSAML.

Håber, at du kan komme med nogle "clues".

Bemærk, at web.config'en kun er til brug mellem dig og mig.

Den endelige løsning kan du/vi efterfølgende skrive og slette denne kommentar.

PFT

ændret af Henrik Bach (09.05.2012)

Hej Brian.

Har nu fundet ud af, hvordan jeg får fejlen for nameIdFormat væk.

Mangler nu kun entity id: Her kan jeg ikke se nogen umiddelbar forskel mellem version 1.6 og 1.7.5.

PFT.

Hej Brian.

Tror nu også at jeg har fået has på entity id. Men, det kan jeg først sige, når TEST hos NemLogin går godt.

Henrik

Hej Henrik

Du er jo umulig at hjælpe når du selv finder ud af det :-) Det vil være fint hvis du kan dele din viden om de knaster der drillede.

Jeg har endnu ikke fået kigget på det du har sendt mig, men i forhold til formatet på entityId er det beskrevet i OIOSAML specifikationen under kapitel 11 hvor der står:

In various SAML elements there is a need for expressing unique identifiers representing Service and Identity Providers. In order to ensure uniqueness without central management it has been decided to use URL references containing (unique) domain names as identifiers.

og uddybet i "11.2 Convention for naming Entity Identifier". 

Med venlig hilsen
Brian Nielsen, DIGST 

ændret af Brian Nielsen (09.05.2012)

Ignore this message... I meant to post a new one, but my Danish is a little... well... non-existant. :-)

ændret af Michael Hallock (09.05.2012)
Profilbillede

Forkert versionsnummer

Søren Mors

Den .dll der installeres af .msi filen har versionsnummer 1.7.4.0. 

Er det installeren der installerer en forkert version, eller er det bygget der ikke er blevet opdateret med det nye versionsnummer?

Ups, jeg havde ikke set at det allerede var rettet. 

Kan man slette et indlæg igen, eller må jeg bare leve med det.

Hej Søren

Godt at du fandt svaret, og nej det kan ikke slettes, men hellere spørge en gang for meget end ikke at dele viden.

God weekend.

/Brian

Profilbillede

Manglende opdatering af AssemblyVersion

Claus Hemberg Jørgensen

For god ordens skyld er oiosaml_net_1.7.5.zip filen opdateret. Eneste rettelse: AssemblyVersion og AssemblyFileVersion for dk.nita.saml20.dll er nu rettet til 1.7.5.0, i den tidl. version stod der fejlagtigt stadig 1.7.4.0.

A new version of the oiosaml_net_1.7.5.zip has been uploaded. Only change: AssemblyVersion and AssemblyFileVersion for dk.nita.saml20.dll updated to 1.7.5.0.

ændret af Claus Hemberg Jørgensen (23.04.2012)
Profilbillede

Hvor er src filerne?

Kasper Hansen

 De var der i 1.7.4 men ikke i denne version

Jeg skal ikke kunne sige hvor source-filerne er røget hen, men ind til de finder tilbage i zip-filen, kan du hente koden på: https://view.softwareborsen.dk/cgi-bin/index.cgi/Softwareborsen/oiosaml.net/trunk/src/ det lader til at revision 9908 er grundlaget for 1.7.5

Hvis du vil checke koden ud, kan det gøres på: https://svn.softwareborsen.dk/oiosaml.net/trunk/src/

Beklager, det var en simpel forglemmelse, da release-pakken blev lavet. Jeg har nu upload'et en ny zip-fil hvor source filerne også er med.