Release date: 2020-16-01

Version 2.0.3 includes a little change to the OIOSAML session cookie in order to mitigate for the comming changes in how browsers handles 3. party cookies. From February 2020 will the default behavior in Chrome change regarding the SameSite property on cookies. Forward on will the default setting be SameSite=Lax if the SameSite property is not set. See https://www.chromestatus.com/feature/5633521622188032.

OIOSAML 2.0.2 and backwards do not set the SameSite property, meaning that the OIOSAML session cookie will not be loaded when returning from NemLog-in (IdP). The consequence is that the login flow fails. Chrome will in a undefined period accept 3. party cookies with an age less than 2 minutes. Thus, users will in a undefined period still be able to login with version 2.0.2 and backwards if the user uses less than 2 minutes to complete the login flow.

OIOSAML.Net 2.0.3 sets the SameSite property to None, making the login flow work as normal. When setting the SameSite property to None the OIOSAML session cookie must also be Secure.

Release notes: OIOSAML.Net (dk.nita.saml20)

- (Breaking) OIOSAML session cookie has SameSite property set to None. This requires minimum .Net version 4.7.2.

Release notes: dk.nita.saml20.ext.audit.log4net

- No changes

Release notes: dk.nita.saml20.ext.sessionstore.sqlserver

- No changes

Documentation and code can be found at GitHub: https://github.com/digst/OIOSAML.Net

The packages is only available at nuget.org