The OIOSAML.net component now supports verification of XML documents
signed with SHA256 signature. However, this functionality is only
supported in .NET 4.0 or greater.
The OIOSAML.net component now uses a custom session
implementation instead of the ASP.NET session. Note that session
timeout is now configured in the federation config section. For
further information see the session provider section.
The OIOSAML.net component now supports SOAP logout. Thus, users can
be logged out through a back channel. SP must now, in the beginning of
each user request, check using the Saml20Identity.IsInitialized() to
verify if the user is still logged in or has been logged out using
SOAP logout (if it has been enabled).
The IAction interface has been expanded with an extra method called
SoapLogoutAction(AbstractEndpointHandler, HttpContext, string) which
is called when a SOAP logout request is received. It is still
necessary at each HTTP request to check whether or not the user has
been logged out by a SOAP logout request as this is not possible at
the time the implementation of SoapLogoutAction is called.
Filer og referencer