Change data time format from standard "o" to "yyyy-MM-ddTHH:mm:ss.fffZ". According to the SAML 2.0 specification is should only be 3 digits 'SAML system entities SHOULD NOT rely on time resolution finer than milliseconds.'

Author: Revsgaard

src/ITfoxtec.Identity.Saml2.Mvc/ITfoxtec.Identity.Saml2.Mvc.csproj

@@ -14,10 +14,10 @@
     <PackageTags>SAML SAML 2.0 SAML2.0 SAML2 SAML 2 SAML-P SAMLP SSO Identity Provider (IdP) and Relying Party (RP) Authentication Metadata OIOSAML NemLog-in ASP.NET MVC</PackageTags>
     <NeutralLanguage>en-US</NeutralLanguage>
     <PackageIconUrl>https://itfoxtec.com/favicon.ico</PackageIconUrl>
-    <AssemblyVersion>4.4.1.0</AssemblyVersion>
-    <FileVersion>4.4.1.0</FileVersion>
+    <AssemblyVersion>4.5.0.0</AssemblyVersion>
+    <FileVersion>4.5.0.0</FileVersion>
     <Copyright>Copyright © 2021</Copyright>
-    <Version>4.4.1</Version>
+    <Version>4.5.0</Version>
     <SignAssembly>true</SignAssembly>
     <AssemblyOriginatorKeyFile>ITfoxtec.SAML2.snk</AssemblyOriginatorKeyFile>
     <DelaySign>false</DelaySign>

src/ITfoxtec.Identity.Saml2.MvcCore/ITfoxtec.Identity.Saml2.MvcCore.csproj

@@ -16,10 +16,10 @@
     <PackageTags>SAML SAML 2.0 SAML2.0 SAML2 SAML 2 SAML-P SAMLP SSO Identity Provider (IdP) Relying Party (RP) Authentication Metadata OIOSAML NemLog-in ASP.NET MVC Core</PackageTags>
     <NeutralLanguage>en-US</NeutralLanguage>
     <PackageIconUrl>https://itfoxtec.com/favicon.ico</PackageIconUrl>
-    <AssemblyVersion>4.4.1.0</AssemblyVersion>
-    <FileVersion>4.4.1.0</FileVersion>
+    <AssemblyVersion>4.5.0.0</AssemblyVersion>
+    <FileVersion>4.5.0.0</FileVersion>
     <Copyright>Copyright © 2021</Copyright>
-    <Version>4.4.1</Version>
+    <Version>4.5.0</Version>
     <SignAssembly>true</SignAssembly>
     <AssemblyOriginatorKeyFile>ITfoxtec.SAML2.snk</AssemblyOriginatorKeyFile>
     <DelaySign>false</DelaySign>

src/ITfoxtec.Identity.Saml2/ITfoxtec.Identity.Saml2.csproj

@@ -23,10 +23,10 @@ Tested for compliance with AD FS, Azure AD and Azure AD B2C. Furthermore, the Da
     <PackageTags>SAML SAML 2.0 SAML2.0 SAML2 SAML 2 SAML-P SAMLP SSO Identity Provider (IdP) Relying Party (RP) Authentication Metadata OIOSAML NemLog-in</PackageTags>
     <NeutralLanguage>en-US</NeutralLanguage>
     <PackageIconUrl>https://itfoxtec.com/favicon.ico</PackageIconUrl>
-    <AssemblyVersion>4.4.1.0</AssemblyVersion>
-    <FileVersion>4.4.1.0</FileVersion>
+    <AssemblyVersion>4.5.0.0</AssemblyVersion>
+    <FileVersion>4.5.0.0</FileVersion>
     <Copyright>Copyright © 2021</Copyright>
-    <Version>4.4.1</Version>
+    <Version>4.5.0</Version>
     <SignAssembly>true</SignAssembly>
     <AssemblyOriginatorKeyFile>ITfoxtec.SAML2.snk</AssemblyOriginatorKeyFile>
     <DelaySign>false</DelaySign>

src/ITfoxtec.Identity.Saml2/Request/Saml2LogoutRequest.cs

@@ -1,5 +1,4 @@
 using ITfoxtec.Identity.Saml2.Claims;
-using Schemas = ITfoxtec.Identity.Saml2.Schemas;
 using System;
 using System.Collections.Generic;
 using System.Globalization;
@@ -94,7 +93,7 @@ protected override IEnumerable<XObject> GetXContent()
         {
             if (NotOnOrAfter.HasValue)
             {
-                yield return new XAttribute(Schemas.Saml2Constants.Message.NotOnOrAfter, NotOnOrAfter.Value.UtcDateTime.ToString("o", CultureInfo.InvariantCulture));
+                yield return new XAttribute(Schemas.Saml2Constants.Message.NotOnOrAfter, NotOnOrAfter.Value.UtcDateTime.ToString(Schemas.Saml2Constants.DateTimeFormat, CultureInfo.InvariantCulture));
             }
 
             if (Reason != null)

src/ITfoxtec.Identity.Saml2/Request/Saml2Request.cs

@@ -1,9 +1,7 @@
 using ITfoxtec.Identity.Saml2.Configuration;
 using ITfoxtec.Identity.Saml2.Cryptography;
-using Schemas = ITfoxtec.Identity.Saml2.Schemas;
 using System;
 using System.Collections.Generic;
-using System.Diagnostics;
 using System.Globalization;
 using System.Security.Cryptography.X509Certificates;
 using System.Xml;
@@ -137,7 +135,7 @@ protected virtual IEnumerable<XObject> GetXContent()
             yield return new XAttribute(Schemas.Saml2Constants.AssertionNamespaceNameX, Schemas.Saml2Constants.AssertionNamespace.OriginalString);
             yield return new XAttribute(Schemas.Saml2Constants.Message.Id, IdAsString);
             yield return new XAttribute(Schemas.Saml2Constants.Message.Version, Version);
-            yield return new XAttribute(Schemas.Saml2Constants.Message.IssueInstant, IssueInstant.UtcDateTime.ToString("o", CultureInfo.InvariantCulture));
+            yield return new XAttribute(Schemas.Saml2Constants.Message.IssueInstant, IssueInstant.UtcDateTime.ToString(Schemas.Saml2Constants.DateTimeFormat, CultureInfo.InvariantCulture));
 
             if (!string.IsNullOrWhiteSpace(Consent))
             {

src/ITfoxtec.Identity.Saml2/Schemas/Metadata/EntityDescriptor.cs

@@ -119,7 +119,7 @@ protected IEnumerable<XObject> GetXContent()
             yield return new XAttribute(Saml2MetadataConstants.Message.Id, IdAsString);
             if (ValidUntil.HasValue)
             {
-                yield return new XAttribute(Saml2MetadataConstants.Message.ValidUntil, DateTimeOffset.UtcNow.AddDays(ValidUntil.Value).UtcDateTime.ToString("o", CultureInfo.InvariantCulture));
+                yield return new XAttribute(Saml2MetadataConstants.Message.ValidUntil, DateTimeOffset.UtcNow.AddDays(ValidUntil.Value).UtcDateTime.ToString(Saml2Constants.DateTimeFormat, CultureInfo.InvariantCulture));
             }
             yield return new XAttribute(Saml2MetadataConstants.MetadataNamespaceNameX, Saml2MetadataConstants.MetadataNamespace);
 

src/ITfoxtec.Identity.Saml2/Schemas/Saml2Constants.cs

@@ -1,5 +1,4 @@
 using System;
-using System.IdentityModel.Tokens;
 using System.Xml.Linq;
 
 namespace ITfoxtec.Identity.Saml2.Schemas
@@ -16,6 +15,13 @@ public static class Saml2Constants
         /// </summary>
         public const string VersionNumber = "2.0";
 
+        /// <summary>
+        /// All SAML time values have the type xs:dateTime, which is built in to the W3C XML Schema Datatypes specification[Schema2], and MUST be expressed in UTC form, 
+        /// with no time zone component.
+        /// SAML system entities SHOULD NOT rely on time resolution finer than milliseconds.Implementations MUST NOT generate time instants that specify leap seconds.
+        /// </summary>
+        public const string DateTimeFormat = "yyyy-MM-ddTHH:mm:ss.fffZ";
+
         /// <summary>
         /// Saml2 Bearer token.
         /// </summary>