v0.17.0

BREAKING CHANGES

MetadataUrl renamed to MetadataLocation
ISPOptions.ServiceCertificates type changed - source compatible.
MVC SignOut action renamed to Logout

• Single Logout
• Local storage of metadata
• Option to set application URL (useful with load balancers/proxies)

v0.16.0

BREAKING CHANGE: In code based config, the entire idp certificate is now used
and not only the key.

• Metadata improvements
• Optionally validate certificates
• Expose validUntil in metadata
• RequestedAuthnContext support
• NameIDPolicy support
• Sign generated metadata

v0.15.1

• Bug Fix: Signature not properly URI escaped with HTTP Redirect binding.

v0.15.0

RELEASE CONTAINS BREAKING CHANGES

• Audience URI Validation now uses WIF config. If no audience URI is specified it is now required to set AudienceMode=Never.
• Service Certificate configuration reworked to support key rollover.
• The Saml2Response.XmlDocument property has been changed to XmlElement. Should only concern anyone using the core lib directly.

NEW FEATURES

• RelayState support, including in Stub Idp.
• Artifact Resolution binding support.
• Signed AuthnRequests
• Service certificate rollover support.
• HttpModule no longer hides exceptions.
• StubIdp includes KeyInfo in signatures.
• Secondary level status codes included in exceptions.

v0.14.0

Encrypted Assertion and Key Rollover

• Support for encrypted assertions.
• Documentation for integration with Okta
• Bug Fix: Redirect binding with query string
• Include SAML status in exceptions
• Multiple keys for idps, supporting key rollover.

v0.13.0

Http module moved to own package and general stability fixes.

• Http module is now in package Kentor.AuthServices.HttpModule.
• Improved stub idp with attribute support.
• Sha256 support
• Signed assertion handling fixed.
• and more... see issue list for details.

v0.12.0

• Compatibility tested with Thinktecture IdentityServer v3. Discovery Service unfortunately not working though.
• Further improved configuration from code.
• Linking accounts with ASP.NET Identity now works. Discovery Service unfortunately not working though.
• Improved exception messages on SAML Response validation failures.

v0.11.0

• Improved IdentityProvider configuration from code.
• Configuration from code support for MVC controller.
• Fixed: Metadata incorrectly loaded for Idps in federations.
• Fixed: AttributeConsumingService in metadata when not configured.

v0.10.0

• Fixed issue loading metadata with multiple child elements to X509Data.
• Renamed destinationUri to destinationUrl for consitency.
• Moved UseKentorAuthServicesAuthentication() to Owin namespace.

v0.9.0

• Automatic refresh of metadata for identity providers and federations.
• Configuration option for metadataUrl for identity providers.
• StubIdp metadata includes cacheDuration.
• Renamed returnUri to returnUrl in configuration.