Anders Abel

@rasitha1 The ADFS behaviour is definitely non-standard. When deploying a new ADFS farm, the fix is to change the federation service identifier (which is the value used for `access_token_issuer`) so...

@brentschmaltz The compatibility flags are gathered in one place in https://github.com/Sustainsys/Saml2/blob/master/Sustainsys.Saml2/Configuration/Compatibility.cs. So it is a per-handler-instance-setting. I've also added information about compatibility flags in exception messages. This reduced the number...

> SAML2 and JWT have a single subject. SAML2 also allows multiple assertions in the same response, which IMHO should result in one principal with multiple identities. As this library...

@brentschmaltz Multiple assertions in the same SAML2 response is a rare thing, I've never heard of it being used, although it is allowed in the spec. For the Web SSO...

@brentschmaltz Yes, that sounds good. For my SAML2P package I can then bundle multiple generated identities from IdentityModel into one ClaimsPrincipal.

Please remember when discussion naming that these parameters are also used for Saml tokens, where the terminology is different. Using terms that are JWT-specific would be confusing in that context.

This needs to be fixed, I've seen multiple cases in the wild where people have to replace "UseExternalSignInCookie" with their own copy of the code to be able to set...

The deflate/inflate step is part of the HTTP Redirect binding, which is normally not used for SAML Responses due to length concerns. The normal binding for incoming responses is the...

I've been looking at what it would take to port the Kentor.AuthServices library to .NET Core for ASP.NET Core 2 and can give you some pointers: * You should target...

> Hehe, sure, you're right 😁 > > Ok, so this issue is still quite interesting. Unfortunately, I don't have quite as many opportunities to pop off a suitable test...