search

Sustainsys / Saml2

Saml2 Authentication services for ASP.NET
Other
951 stars 601 forks source link

Missing AudienceRestriction After Upgrading Versions #1312

Closed mwhouser closed 2 years ago

mwhouser commented 2 years ago

I am upgrading from Sustainsys.Saml2 version 0.23.0 to version 2.8.0.

There is some old code that I cannot figure out what the equivalent is in the new code.

Example 1

I used to call this to enable SHA-256 signatures. This method is now gone. Is this not required anymore?

Options.GlobalEnableSha256XmlSignatures();

What about this?

// Allow older signing algorithms
spOptions.MinIncomingSigningAlgorithm = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";

Example 2

I would load the approved audiences into the options.

spOptions.SystemIdentityModelIdentityConfiguration.AudienceRestriction.AllowedAudienceUris.Add(new Uri("https://example.com/"));
spOptions.SystemIdentityModelIdentityConfiguration.AudienceRestriction.AllowedAudienceUris.Add(new Uri("localhost:63499"));
spOptions.SystemIdentityModelIdentityConfiguration.AudienceRestriction.AudienceMode =
    System.IdentityModel.Selectors.AudienceUriMode.Always;

I cannot find the way to do this in the new version.

Thank you.

explunit commented 2 years ago

Example 1: that's correct, not required anymore. I believe it defaults to Sha256 now and you have to set MinIncomingSigningAlgorithm if you want Sha1.

Example 2: spOptions now has a property called TokenValidationParametersTemplate which you can use to accomplish things that were previously handled by SystemIdentityModelIdentityConfiguration