SAML SP for ASP.NET release notes
Overview
The release notes summarizes important information you should be aware of before installing or upgrading Ubilogin SAMP SP for ASP.NET.
Technical Specifications
System Requirements:
- Windows Server 2012 or Windows Server 2016 as SP
- Internet Information Services 8.0 or newer
- Microsoft .NET Framework 4.5.2 or newer
requires .NET runtime v4 or later - the CryptoConfig.AddAlgorithm and CryptoConfig.AddOID APIs must be present
- System time synchronized with the time of the IDP
- Ubilogin Server 6.0.0 or later as IDP
Upgrade Instructions/ Further Information
Network address tracker is now disabled by default
Use the ServiceProvider.Netmask
setting to enable network address tracker
<appSettings> <add key="ServiceProvider.Netmask" value="255.255.255.255"/> </appSettings>
If required, Http session handling in the saml sp event handler is possible by using the ServiceProvider.SessionStateBehavior
setting.
Modify the web.config
file appSettings
section:
<configuration> <appSettings> <add key="ServiceProvider.SessionStateBehavior" value="Required"/> </appSettings> ...etc... </configuration>
During upgrade, raise major version number in web.config to match release version.
e.g. upgrade from 1.3.2.26568 to 1.4.0.45196
Change all Ubisecure related version settings from 1.3.0.0 to 1.4.0.0
Change Log
1.4.1.50098 (2018-03-08)
- IDS-615 - Fix for https://www.ubisecure.com/technical-announcements/incident-report-020318/
1.4.0.45196 (2016-05-17)
[IAM-809] - Support for SHA256 signing and validating
           SAML SP for .NET now automatically supports validating SHA256 signed messages issued by an IDP
           To generate SHA256 signed messages (AuthnRequest, LogoutRequest, LogoutResponse) from SAML SP for .NET the MessageDigestSHA256
             compatibility flag must be set, either in web.config or identity.properties configuration file
           Generate command now supports -compatibility flag
1.3.3.32242 (2013-03-13)
- [SPNET-20] XmlException: Unexpected node type Element
- Error when running application on Windows Server 2012 and/or Microsoft .NET version 4.5
- [SPNET-19] Network address tracker disabled by default
1.3.2.26568 (2012-03-12)
- [SPNET-17] Ubisecure.SAML2.Core.ValidationException: InResponseTo is invalid
1.3.1.25946 (2012-03-02)
- [SPNET-12] ServiceProvider.SessionStateBehavior setting added to enable storage in the asp.net http session.
1.3.0.25404 (2012-01-18)
New:
- [SPNET-5] Support for .NET version 4.0
- [SPNET-7] Implement Web Application for IIS use cases (use of REMOTE_USER)
Improved:
- [SPNET-6] SAML SP ja ASP.NET Forms cookien interop
- [SPNET-11] Configurable location of
identity.properties
. SeeServiceProvider.ApplicationData
orServiceProvider.StorePath
settings.
- [SPNET-12] Make Session available in event handlers
- [SPNET-13] Logout with custom IPrincipal or IIdentity
- If IAssertionIdentity is replaced in Authenticate event by other IIdentity implementation then logout would not work because logout relies on IAssertionIdentity for NameID and SessionIndex. LogoutRequest event now allows the application to provide NameID and SessionIndex.
- [SPNET-14] - Previously an msi installer was used for installation. Now a zip file is used as per current .NET framework recommendations. Manual installation of dll files to the GAC is required. Allows running different versions side-by-side.
- Upgrade from previous versions requires changes to
web.config
. - Update version number for Ubisecure.SAML2.ServiceProvider to 1.3.0.0
1.2.0.9721 (2011-09-20)
- Support for IIS7 Integrated pipeline mode
- Upgrade from previous versions requires changes to
web.config
. - Update version number for Ubisecure.SAML2.ServiceProvider to 1.2.0.0
1.1.0.9721 (2009-10-06)
- Expanded functionality of AuthnRequest and Assertion API. Refer to the API description for details
- Upgrade from previous versions requires changes to
web.config
. Update version number for Ubisecure.SAML2.ServiceProvider to 1.1.0.0
1.0.2.7649 (2008-02-08)
- Fixed: Logon session correctly expires according to
web.config
settings - Fixed: CryptoGraphicException error caused by invalid session cookie
1.0.1.7435 (2007-12-21)
- Changed: allow 60 seconds tolerance while validating NotBefore/NotOnOrAfter timestamps
- New: support for IIS wildcard mappings