Loading…
Tilbage
×

Info

Der findes en nyere version af resourcen her

OIOSAML.NET version 1.7.4

01-12-2011 14:54:05
Version: 1.7.4

Releasedate: 21. November 2011

Releasenote

This release contains a security fix for a vulnerability found in the XML Encryption standard.

Version1.7.4  of OIOSAML.NET attempts to prevent this attack by hiding the details of errors to the end-user. The full error details are still accessible from the logfiles.

For debugging/testing purposes, it is possible to show all error messages in the browser as normal, by enabling this with the following new setting in web.config.

<ShowError>[true|false]</ShowError>

 

Filer og referencer

Titel Type
oiosaml.net.v1.7.4.zip application/octet-stream
Net SAML2 Service Provider Framework.pdf pdf
Profilbillede

Error while upload metadata.xml

Cong Nguyen
20. marts 2012, 10:48

Hello everybody,

I try to run the sample of OIOSAML.NET. The first time it is successful, but now it is always failed with error (in IdPDemo):

Unexpected node type Element. ReadElementString method can only be called on elements with simple or empty content. Line 4, position 6. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. 

Exception Details: System.Xml.XmlException: Unexpected node type Element. ReadElementString method can only be called on elements with simple or empty content. Line 4, position 6.

and i don't see any IdP in the SPDemo

Please help me this problem.

Regards,

Cong

Profilbillede

Brian Nielsen
22. marts 2012, 13:33

Hi Cong

You don't give me much to guess from :-). Have you eabled full logging in both SP and IdP as descriped section "13.1 Enabling debug logging" in the OIOSAML.NET 1.7.4 documentation.

Best regards
Brian Nielsen 

Profilbillede

WIF / OIOSAML.NET

Jesper Niedermann
24. februar 2012, 10:13

I am curious to know if the OIOSAML.NET will become obsolete when Windows Identy Foundation (WIF) eventually provides SAML2 support ? (It has been in CTP since may 2011)

I have read that it also contains a DemoIdP i.e. similar test support as OIOSAML.NET.

On Stackoverflow a developer recommends WIF over OIOSAMl.NET

http://stackoverflow.com/questions/428599/opensso-or-esoe-for-net

Sicne I have not tried out WIF yet I am curious to know the pro/cons of WIF vs OIOSAML.NET

Of course it is speculations. But any thoughts ?

Regards Jesper

Profilbillede

DemoIdP in Production ?

Jesper Niedermann
23. februar 2012, 14:17

We are in a situation where we want to make an Internal IdP/STS for our own websites.

Since we are familiar with OIOSAML.NET it would be obvious to start the code with the DemoIdP from this framework.

But the document Net SAML2 Service Provider Framework.pdf states very explicitly that: "It should not be used as a permanent substitute for at real identity provider in a development environment"

So my question is what security concerns makes the DemoIdp unfit as a "real Identity Provider" ?

And what changes should be made to make it a "real identity provider" ?

What are the best bets if not to use the DemoIdP ? (I would probably look in the direction of ADFS or WIF first)

Profilbillede

Brian Nielsen
24. februar 2012, 0:18

Hi Jesper

I would expect the reason to be that it was develop for the sole purpose of inital toolkit testing, and as such has not been QA'ed in any sense for aspects like security, stability, features, compliance, logging etc.

In terms of what is missing? Not to be rude, but that's up to you to define that.

As for alternatives, I don't have much experience, but ADFS V2.0 (should be possible "AD FS 2.0 Step-by-Step Guide: Federation with Ping Identity PingFederate")  could be a possibility along with other SAML supportive/compliant products (there's quite a list in wikipedias "SAML-based products and services").

Best regards
Brian Nielsen 

Profilbillede

Jesper Niedermann
24. februar 2012, 9:58

Hi Brian,

Thank you for the answer. Then it is as I expected, and we will not rule out the DemoIdP as the basis. But I will also look at your link and consider other alternatives.

Do not worry we are capable of finding out what is missing functionality wise :) But it if there is fundamental security flaws then there is no point in figuring this out the hard way.

BTW: I have made a few changes to the OIOSAML.NET toolkit. Namely to store the Metadata in App_data instead of in a path outside the website (thereby running into issues with setting up folder permissions). Should I submit these changes somewhere ?

Regards Jesper