SAML SP for ASP.NET release notes - SSO

Owned by ubisebastian
2022-01-16

Overview

The release notes summarizes important information you should be aware of before installing or upgrading Ubilogin SAMP SP for ASP.NET.

Technical Specifications

System Requirements:

  • Windows Server 2012 or Windows Server 2016 as SP
    • Internet Information Services 8.0 or newer
    • Microsoft .NET Framework 4.5.2 or newer

    • requires .NET runtime v4 or later - the CryptoConfig.AddAlgorithm and CryptoConfig.AddOID APIs must be present

  • System time synchronized with the time of the IDP
  • Ubilogin Server 6.0.0 or later as IDP

Upgrade Instructions/ Further Information

Network address tracker is now disabled by default

Use the ServiceProvider.Netmask setting to enable network address tracker

<appSettings>
	<add key="ServiceProvider.Netmask" value="255.255.255.255"/>
</appSettings>

If required, Http session handling in the saml sp event handler is possible by using the ServiceProvider.SessionStateBehavior setting.

Modify the web.config file appSettings section:

<configuration>
	<appSettings>
		<add key="ServiceProvider.SessionStateBehavior" value="Required"/>
	</appSettings>
	...etc...
</configuration>


During upgrade, raise major version number in web.config to match release version.

e.g. upgrade from 1.3.2.26568 to 1.4.0.45196

Change all Ubisecure related version settings from 1.3.0.0 to 1.4.0.0

Change Log

1.4.1.50098 (2018-03-08)

1.4.0.45196 (2016-05-17)

[IAM-809] - Support for SHA256 signing and validating

            SAML SP for .NET now automatically supports validating SHA256 signed messages issued by an IDP

            To generate SHA256 signed messages (AuthnRequest, LogoutRequest, LogoutResponse) from SAML SP for .NET the MessageDigestSHA256

              compatibility flag must be set, either in web.config or identity.properties configuration file

            Generate command now supports -compatibility flag

1.3.3.32242 (2013-03-13)

  • [SPNET-20] XmlException: Unexpected node type Element
    • Error when running application on Windows Server 2012 and/or Microsoft .NET version 4.5
  • [SPNET-19] Network address tracker disabled by default

1.3.2.26568 (2012-03-12)

  • [SPNET-17] Ubisecure.SAML2.Core.ValidationException: InResponseTo is invalid

1.3.1.25946 (2012-03-02)

  • [SPNET-12] ServiceProvider.SessionStateBehavior setting added to enable storage in the asp.net http session.

1.3.0.25404 (2012-01-18)

New:

  • [SPNET-5] Support for .NET version 4.0
  • [SPNET-7] Implement Web Application for IIS use cases (use of REMOTE_USER)

Improved:

  • [SPNET-6] SAML SP ja ASP.NET Forms cookien interop
  • [SPNET-11] Configurable location of identity.properties. See
    • ServiceProvider.ApplicationData or ServiceProvider.StorePath settings.
  • [SPNET-12] Make Session available in event handlers
  • [SPNET-13] Logout with custom IPrincipal or IIdentity
    • If IAssertionIdentity is replaced in Authenticate event by other IIdentity implementation then logout would not work because logout relies on IAssertionIdentity for NameID and SessionIndex. LogoutRequest event now allows the application to provide NameID and SessionIndex.
  • [SPNET-14] - Previously an msi installer was used for installation. Now a zip file is used as per current .NET framework recommendations. Manual installation of dll files to the GAC is required. Allows running different versions side-by-side.
  • Upgrade from previous versions requires changes to web.config.
  • Update version number for Ubisecure.SAML2.ServiceProvider to 1.3.0.0

1.2.0.9721 (2011-09-20)

  • Support for IIS7 Integrated pipeline mode
  • Upgrade from previous versions requires changes to web.config.
  • Update version number for Ubisecure.SAML2.ServiceProvider to 1.2.0.0

1.1.0.9721 (2009-10-06)

  • Expanded functionality of AuthnRequest and Assertion API. Refer to the API description for details
  • Upgrade from previous versions requires changes to web.config. Update version number for Ubisecure.SAML2.ServiceProvider to 1.1.0.0

1.0.2.7649 (2008-02-08)

  • Fixed: Logon session correctly expires according to web.config settings
  • Fixed: CryptoGraphicException error caused by invalid session cookie

1.0.1.7435 (2007-12-21)

  • Changed: allow 60 seconds tolerance while validating NotBefore/NotOnOrAfter timestamps
  • New: support for IIS wildcard mappings

Ubisecure Privacy Policy & Cookie Statement