OIOSAML.Net 2.0.0

Releasedate: 2017-09-11

New versioning strategy has been applied. All components will now have the same version number. It has been done for two reasons:

- It will be more easy to see which components work together. Same version number of components are guaranteed to work together. 

- The components share the same code base. Hence, it makes sence to apply the same versioning number to each component and thereby more easy to see which version of the code in the SCM that corresponds to the concrete version of each component.

Release notes: OIOSAML.Net (dk.nita.saml20)

- (Breaking change) Reworked the plugin capability of sessions, replacing the ISessions and ISession interfaces with a more clean interface ISessionStoreProvider, abstracting lots of internals away from session plugins. Has a default in process implementation. Thus, no need to do anything if sticky sessions is used together with redirect logout. In order to support SOAP Logout the session store provider for Sql Server must be used or an alternative implementation of ISessionStoreProvider that supports a distributed cache.

- (Breaking change) Removed the session store for AppFabric caching since it has been discontinued by Microsoft

- (Breaking change) It is now required that the Service Provider uses .Net 4.5.

- Added session store provider for Sql Server to support web farms.

- Upgraded solution to work with Visual Studio 2017

- AuditLogging relied on ThreadStatic for storing AssertionId and IdpId. Running under asp.net this has the potential to bleed values between requests. Changed to use HttpContext.Items which ensures request affinity

- Getting a demo environment with demo IDP + demo SP was cumbersome with lots of manual steps and local IIS setup. Streamlined the process to a short 'getting started' guide along with powershell scripts for automation and IIS express for hosting websites (comes with Visual Studio), meaning no local IIS required. Also comes with pre-exchanged metadata for logging in with demo IDP and Nemlog-in IDP. Thus, no need for developers to register their own Service Provider in NemLog-in administration module or have new certificates issued.

- Removed VirkDemoWebsite which was not being maintained

- Enabled support for SHA1, SHA256 and SHA512 when signing with RSA keys on SAMLRequests. SHA256 is the new default (configurable by setting 'ShaHashingAlgorithm' at IdP level). Upgraded projects to .NET 4.5 to support new SHA algorithms.

- Added setting 'SessionCookieName' which allows control over the name of the session cookie

- Enforcement of HTTPS on Service Provider since it's not supported otherwises

- Improved error messages and handling in common configuration/setup mistakes


Release notes: dk.nita.saml20.ext.audit.log4net

- (Breaking change) It is now required that the Service Provider uses .Net 4.5.


Release notes: dk.nita.saml20.ext.sessionstore.sqlserver

- Initial version of dk.nita.saml20.ext.sessionstore.sqlserver that replaces dk.nita.saml20.ext.AppFabricSessionCache


Documentation and code can be found at softwarebørsen: https://svn.softwareborsen.dk/oiosaml.net/trunk/

The packages will now and in the futute only be available at nuget.org


IdP initiated workflow

James Carnley

Does OIOSAML.NET support the IdP initiated log in workflow?

Hi James

No it does not.

Best regards

Kasper Møller


Minimum Assurance Level

Jesper Niedermann

I access both NemLogin and UniLogin with OIOSAML.NET - NemLogin has an assurance level of 3 and UniLogin of 2. This means that I have to set the Minimum Assurance Level to 2. I.e. the Minimum Common Denominator. It would be nice If I could configure the Minimum Assurance Level per. Idp instead.

Hi Jesper

I have added your good idea to the backlog.

Best regards

Kasper Møller