brockallen
commented
8 years ago No, no known issues with IdSvr2 except that it targets an older set of security protocols (WS-*). IdSvr3 and IdSvr4 target the newer protocols (OIDC and OAuth2), and thus allows for a wider range of security solutions for the newer types of applications that people are building.
I am currently looking at the security of one of our applications.
Currently, the application is deployed using IdentityServer v2, which we can see is EOL.
Whilst we are looking to progress the migration to v3, I would like to understand what (if any) security risks we may be vulnerable to.
Is there a known venerability list for v2? I can only find odd reference to a re-direct issue. I would have thought there would be at least a couple of known issues.