Supports deletion of SSO sessions, improves support for ISAML, plus updates for ASP.NET Core 2.1.
Features
SAML v2.0 for ASP.NET v3.0.0 updates:
- Move to a single NuGet package and use this in the refreshed example projects.
- Provide better support for ISAMLConfigurationResolver implementations when exporting metadata.
- Include partner name in ISAMLObserver methods.
- Add session ID delegate for storing the session ID in a custom cookie.
- Add LocalCertificateKey/PartnerCertificateKey configuration settings to support certificates stored in the Azure key vault.
- Remove basic authentication header support for ECP as this is no longer used.
- Wrap DbCommand creation in a using block to prevent potential resource leaks.
- Implement IDisposable in SAMLHttpRequest and SAMLHttpResponse to dispose of unmanaged resources.
- Default to in-memory cookie based SSO sessions rather than relying on the ASP.NET session.
- Support deletion of SSO sessions.
- Support specifying the AssertionConsumerServiceIndex in the SSO options.
SAML v2.0 for ASP.NET Core v2.0.6 updates:
- Move example projects to ASP.NET Core 2.1.
- Change the SAML middleware default login and logout URLs to the new ASP.NET Core 2.1 paths with the /Identity prefix.
- Support custom ICertificateLoader implementations in the CachedCertificateLoader.
- Default to HTTP only for the SAML SSO session cookie.
- Include an explicit dependency on the System.Security.Cryptography.Xml package.
- Distinguish between local IdP and SP SSO session state.
- Support return URL query string parameters in the SAML middleware when initiating SSO or SLO.
- Authenticate the user if required when initiating SSO in the SAML middleware.
- Add delegate options to the SAML middleware to support modifying the authn request and SAML response/assertion.