Released: Mar 15, 2023

Spring 2023 (v6.2.0+v4.7.0) 中的更新

特性

ComponentSpace SAML v2.0 for ASP.NET v6.2.0 updates:

• Added the DisableClearAllSessionsOnLogout flag to configure how multi-session SLO is handled.
• Defaulted the configuration flags SignLogoutRequest, SignLogoutResponse, WantLogoutRequestSigned and WantLogoutResponseSigned to true as these messages must be signed as per the SAML Profiles specification.
• Defaulted the configuration flag SignAssertion to true as per the SAML Profiles specification.
• Defaulted the configuration flags SignAuthnRequest and WantAuthnRequestSigned to true to encourage best security practices.

ComponentSpace SAML v2.0 for ASP.NET Core v4.7.0 updates:

• Added ClearSessionAsync overload that clears the session for the named partner only.
• Added the DisableClearAllSessionsOnLogout flag to configure how multi-session SLO is handled.
• Added ISamlCachedConfigurationResolver and support explicit clearing of the SAML configuration cache.
• Added ICertificateImporter to make storage of certificates more flexible when importing SAML metadata.
• Defaulted the configuration flags SignLogoutRequest, SignLogoutResponse, WantLogoutRequestSigned and WantLogoutResponseSigned to true as these messages must be signed as per the SAML Profiles specification.
• Defaulted the configuration flag SignAssertion to true as per the SAML Profiles specification.
• Defaulted the configuration flags SignAuthnRequest and WantAuthnRequestSigned to true to encourage best security practices.
• Updated support for .NET Core 3.1 and .NET 6.0, target .NET 7.0.

修补程序

ComponentSpace SAML v2.0 for ASP.NET v6.2.0 and for ASP.NET Core v4.7.0 fixes:

• Now cleans up the session state properly as IsSSO was returning true after SLO.