Issuer, EntityID and AllowedAudienceUris support string values and do not require a URI.

Revsgaard · Revsgaard · commit d3b05f865504 · 2019-03-10T14:38:32.000+01:00
Full support in .NET Core. AllowedAudienceUris as string values is not supported in .NET Framework.
diff --git a/src/ITfoxtec.Identity.Saml2.Mvc/ITfoxtec.Identity.Saml2.Mvc.csproj b/src/ITfoxtec.Identity.Saml2.Mvc/ITfoxtec.Identity.Saml2.Mvc.csproj
@@ -16,10 +16,10 @@
     <PackageTags>SAML SAML2.0 SAML2 SAML-P SAMLP SSO Identity Provider (IdP) and Relying Party (RP) Authentication Metadata OIOSAML NemLog-in ASP.NET MVC</PackageTags>
     <NeutralLanguage>en-US</NeutralLanguage>
     <PackageIconUrl>https://itfoxtec.com/favicon.ico</PackageIconUrl>
-    <AssemblyVersion>3.1.0.1</AssemblyVersion>
-    <FileVersion>3.1.0.1</FileVersion>
+    <AssemblyVersion>3.1.0.3</AssemblyVersion>
+    <FileVersion>3.1.0.3</FileVersion>
     <Copyright>Copyright © 2019</Copyright>
-    <Version>3.1.0.0-beta2</Version>
+    <Version>3.1.0.3-beta3</Version>
     <SignAssembly>true</SignAssembly>
     <AssemblyOriginatorKeyFile>ITfoxtec.SAML2.snk</AssemblyOriginatorKeyFile>
     <DelaySign>false</DelaySign>
diff --git a/src/ITfoxtec.Identity.Saml2.MvcCore/ITfoxtec.Identity.Saml2.MvcCore.csproj b/src/ITfoxtec.Identity.Saml2.MvcCore/ITfoxtec.Identity.Saml2.MvcCore.csproj
@@ -17,10 +17,10 @@
     <PackageTags>SAML SAML2.0 SAML2 SAML-P SAMLP SSO Identity Provider (IdP) Relying Party (RP) Authentication Metadata OIOSAML NemLog-in ASP.NET MVC Core</PackageTags>
     <NeutralLanguage>en-US</NeutralLanguage>
     <PackageIconUrl>https://itfoxtec.com/favicon.ico</PackageIconUrl>
-    <AssemblyVersion>3.1.0.1</AssemblyVersion>
-    <FileVersion>3.1.0.1</FileVersion>
+    <AssemblyVersion>3.1.0.3</AssemblyVersion>
+    <FileVersion>3.1.0.3</FileVersion>
     <Copyright>Copyright © 2019</Copyright>
-    <Version>3.1.0.0-beta2</Version>
+    <Version>3.1.0.3-beta3</Version>
     <SignAssembly>true</SignAssembly>
     <AssemblyOriginatorKeyFile>ITfoxtec.SAML2.snk</AssemblyOriginatorKeyFile>
     <DelaySign>false</DelaySign>
diff --git a/src/ITfoxtec.Identity.Saml2/Configuration/Saml2Configuration.cs b/src/ITfoxtec.Identity.Saml2/Configuration/Saml2Configuration.cs
@@ -11,7 +11,7 @@ namespace ITfoxtec.Identity.Saml2
     /// </summary>
     public class Saml2Configuration
     {
-        public Uri Issuer { get; set; }
+        public string Issuer { get; set; }
 
         public Uri SingleSignOnDestination { get; set; }
 
@@ -31,7 +31,7 @@ public class Saml2Configuration
         public bool DetectReplayedTokens { get; set; } = false;
 
         public bool AudienceRestricted { get; set; } = true;
-        public List<Uri> AllowedAudienceUris { get; protected set; } = new List<Uri>();
+        public List<string> AllowedAudienceUris { get; protected set; } = new List<string>();
 
         public bool SignAuthnRequest { get; set; } = false;
     }
diff --git a/src/ITfoxtec.Identity.Saml2/Configuration/Saml2IdentityConfiguration.cs b/src/ITfoxtec.Identity.Saml2/Configuration/Saml2IdentityConfiguration.cs
@@ -42,8 +42,8 @@ public static Saml2IdentityConfiguration GetIdentityConfiguration(Saml2Configura
 #else
             configuration.SaveSigninToken = config.SaveBootstrapContext;
             configuration.ValidateAudience = config.AudienceRestricted;
-            configuration.ValidAudiences = config.AllowedAudienceUris.Select(a => a.OriginalString);
-            configuration.ValidIssuer = config.Issuer?.OriginalString;
+            configuration.ValidAudiences = config.AllowedAudienceUris.Select(a => a);
+            configuration.ValidIssuer = config.Issuer;
             configuration.ValidateTokenReplay = config.DetectReplayedTokens;
 
             configuration.NameClaimType = ClaimTypes.NameIdentifier;
@@ -58,14 +58,14 @@ public static Saml2IdentityConfiguration GetIdentityConfiguration(Saml2Configura
         }
 
 #if NETFULL
-        private static AudienceRestriction GetAudienceRestriction(bool audienceRestricted, IEnumerable<Uri> allowedAudienceUris)
+        private static AudienceRestriction GetAudienceRestriction(bool audienceRestricted, IEnumerable<string> allowedAudienceUris)
         {
             var audienceRestriction = new AudienceRestriction(audienceRestricted ? System.IdentityModel.Selectors.AudienceUriMode.Always : System.IdentityModel.Selectors.AudienceUriMode.Never);
             if (audienceRestricted)
             {
                 foreach (var audienceUri in allowedAudienceUris)
                 {
-                    audienceRestriction.AllowedAudienceUris.Add(audienceUri);
+                    audienceRestriction.AllowedAudienceUris.Add(new Uri(audienceUri));
                 }
             }
             return audienceRestriction;
diff --git a/src/ITfoxtec.Identity.Saml2/ITfoxtec.Identity.Saml2.csproj b/src/ITfoxtec.Identity.Saml2/ITfoxtec.Identity.Saml2.csproj
@@ -19,10 +19,10 @@
     <PackageTags>SAML SAML2.0 SAML2 SAML-P SAMLP SSO Identity Provider (IdP) Relying Party (RP) Authentication Metadata OIOSAML NemLog-in</PackageTags>
     <NeutralLanguage>en-US</NeutralLanguage>
     <PackageIconUrl>https://itfoxtec.com/favicon.ico</PackageIconUrl>
-    <AssemblyVersion>3.1.0.1</AssemblyVersion>
-    <FileVersion>3.1.0.1</FileVersion>
+    <AssemblyVersion>3.1.0.3</AssemblyVersion>
+    <FileVersion>3.1.0.3</FileVersion>
     <Copyright>Copyright © 2019</Copyright>
-    <Version>3.1.0.0-beta2</Version>
+    <Version>3.1.0.3-beta3</Version>
     <SignAssembly>true</SignAssembly>
     <AssemblyOriginatorKeyFile>ITfoxtec.SAML2.snk</AssemblyOriginatorKeyFile>
     <DelaySign>false</DelaySign>
diff --git a/src/ITfoxtec.Identity.Saml2/Request/Saml2AuthnResponse.cs b/src/ITfoxtec.Identity.Saml2/Request/Saml2AuthnResponse.cs
@@ -88,7 +88,7 @@ protected override void ValidateElementName()
         /// <param name="subjectConfirmationLifetime">The Subject Confirmation Lifetime in minutes.</param>
         /// <param name="issuedTokenLifetime">The Issued Token Lifetime in minutes.</param>
         /// <returns>The SAML 2.0 Security Token.</returns>
-        public Saml2SecurityToken CreateSecurityToken(Uri appliesToAddress, Uri authnContext = null, int subjectConfirmationLifetime = 5, int issuedTokenLifetime = 60)
+        public Saml2SecurityToken CreateSecurityToken(string appliesToAddress, Uri authnContext = null, int subjectConfirmationLifetime = 5, int issuedTokenLifetime = 60)
         {
             if (appliesToAddress == null) throw new ArgumentNullException(nameof(appliesToAddress));
             if (ClaimsIdentity == null) throw new ArgumentNullException("ClaimsIdentity property");
@@ -125,7 +125,7 @@ public Saml2SecurityToken CreateSecurityToken(SecurityTokenDescriptor tokenDescr
             return Saml2SecurityToken;
         }
 
-        protected virtual SecurityTokenDescriptor CreateTokenDescriptor(IEnumerable<Claim> claims, Uri appliesToAddress, int issuedTokenLifetime)
+        protected virtual SecurityTokenDescriptor CreateTokenDescriptor(IEnumerable<Claim> claims, string appliesToAddress, int issuedTokenLifetime)
         {
             if (Issuer == null) throw new ArgumentNullException("Issuer property");
 
@@ -135,12 +135,12 @@ protected virtual SecurityTokenDescriptor CreateTokenDescriptor(IEnumerable<Clai
 #if NETFULL
             tokenDescriptor.TokenType = Schemas.SamlTokenTypes.Saml2TokenProfile11.OriginalString;
             tokenDescriptor.Lifetime = new Lifetime(now.UtcDateTime, now.AddMinutes(issuedTokenLifetime).UtcDateTime);
-            tokenDescriptor.AppliesToAddress = appliesToAddress.OriginalString;
-            tokenDescriptor.TokenIssuerName = Issuer.OriginalString;
+            tokenDescriptor.AppliesToAddress = appliesToAddress;
+            tokenDescriptor.TokenIssuerName = Issuer;
 #else
             tokenDescriptor.Expires = now.AddMinutes(issuedTokenLifetime).UtcDateTime;
-            tokenDescriptor.Audience = appliesToAddress.OriginalString;
-            tokenDescriptor.Issuer = Issuer.OriginalString;
+            tokenDescriptor.Audience = appliesToAddress;
+            tokenDescriptor.Issuer = Issuer;
 #endif
             return tokenDescriptor;
         }
diff --git a/src/ITfoxtec.Identity.Saml2/Request/Saml2Request.cs b/src/ITfoxtec.Identity.Saml2/Request/Saml2Request.cs
@@ -82,7 +82,7 @@ public string IdAsString
         /// Identifies the entity that generated the response message. (For more information on this element, see
         /// Section 2.2.5.)
         /// </summary>
-        public Uri Issuer { get; set; }
+        public string Issuer { get; set; }
 
         /// <summary>
         /// [Optional]
@@ -149,7 +149,7 @@ protected virtual IEnumerable<XObject> GetXContent()
 
             if (Issuer != null)
             {
-                yield return new XElement(Schemas.Saml2Constants.AssertionNamespaceX + Schemas.Saml2Constants.Message.Issuer, Issuer.OriginalString);
+                yield return new XElement(Schemas.Saml2Constants.AssertionNamespaceX + Schemas.Saml2Constants.Message.Issuer, Issuer);
             }
 
             if (Extensions != null)
@@ -185,7 +185,7 @@ protected internal virtual void Read(string xml, bool validateXmlSignature)
 
             IssueInstant = XmlDocument.DocumentElement.Attributes[Schemas.Saml2Constants.Message.IssueInstant].GetValueOrNull<DateTimeOffset>();
 
-            Issuer = XmlDocument.DocumentElement[Schemas.Saml2Constants.Message.Issuer, Schemas.Saml2Constants.AssertionNamespace.OriginalString].GetValueOrNull<Uri>();
+            Issuer = XmlDocument.DocumentElement[Schemas.Saml2Constants.Message.Issuer, Schemas.Saml2Constants.AssertionNamespace.OriginalString].GetValueOrNull<string>();
 
             Destination = XmlDocument.DocumentElement.Attributes[Schemas.Saml2Constants.Message.Destination].GetValueOrNull<Uri>();
 
diff --git a/src/ITfoxtec.Identity.Saml2/Schemas/Metadata/EntityDescriptor.cs b/src/ITfoxtec.Identity.Saml2/Schemas/Metadata/EntityDescriptor.cs
@@ -26,7 +26,7 @@ public class EntityDescriptor
         /// <summary>
         /// Specifies the unique identifier of the SAML entity whose metadata is described by the element's contents.
         /// </summary>
-        public Uri EntityId { get; protected set; }
+        public string EntityId { get; protected set; }
 
         /// <summary>
         /// A document-unique identifier for the element, typically used as a reference point when signing.
@@ -115,7 +115,7 @@ protected IEnumerable<XObject> GetXContent()
             {
                 throw new ArgumentNullException("EntityId property");
             }
-            yield return new XAttribute(Saml2MetadataConstants.Message.EntityId, EntityId.OriginalString);
+            yield return new XAttribute(Saml2MetadataConstants.Message.EntityId, EntityId);
             yield return new XAttribute(Saml2MetadataConstants.Message.Id, IdAsString);
             if (ValidUntil.HasValue)
             {
@@ -148,7 +148,7 @@ public virtual EntityDescriptor ReadIdPSsoDescriptor(string idPMetadataXml)
                 throw new Saml2RequestException("Not Metadata.");
             }
 
-            EntityId = metadataXmlDocument.DocumentElement.Attributes[Saml2MetadataConstants.Message.EntityId].GetValueOrNull<Uri>();
+            EntityId = metadataXmlDocument.DocumentElement.Attributes[Saml2MetadataConstants.Message.EntityId].GetValueOrNull<string>();
 
             Id = metadataXmlDocument.DocumentElement.Attributes[Saml2MetadataConstants.Message.Id].GetValueOrNull<Saml2Id>();
 
diff --git a/test/TestIdPCore/Controllers/AuthController.cs b/test/TestIdPCore/Controllers/AuthController.cs
@@ -80,12 +80,12 @@ public IActionResult Logout()
             }
         }
 
-        private Uri ReadRelyingPartyFromLoginRequest<T>(Saml2Binding<T> binding)
+        private string ReadRelyingPartyFromLoginRequest<T>(Saml2Binding<T> binding)
         {
             return binding.ReadSamlRequest(Request.ToGenericHttpRequest(), new Saml2AuthnRequest(config))?.Issuer;
         }
 
-        private Uri ReadRelyingPartyFromLogoutRequest<T>(Saml2Binding<T> binding)
+        private string ReadRelyingPartyFromLogoutRequest<T>(Saml2Binding<T> binding)
         {
             return binding.ReadSamlRequest(Request.ToGenericHttpRequest(), new Saml2LogoutRequest(config))?.Issuer;
         }
@@ -131,37 +131,37 @@ private IActionResult LogoutResponse(Saml2Id inResponseTo, Saml2StatusCodes stat
             return responsebinding.Bind(saml2LogoutResponse).ToActionResult();
         }
 
-        private RelyingParty ValidateRelyingParty(Uri issuer)
+        private RelyingParty ValidateRelyingParty(string issuer)
         {
             var validRelyingPartys = new List<RelyingParty>();
             validRelyingPartys.Add(new RelyingParty
             {
-                Issuer = new Uri("urn:itfoxtec:identity:saml2:testwebapp"),
+                Issuer = "urn:itfoxtec:identity:saml2:testwebapp",
                 SingleSignOnDestination = new Uri("http://localhost:3112/Auth/AssertionConsumerService"),
                 SingleLogoutResponseDestination = new Uri("http://localhost:3112/Auth/LoggedOut"),
                 SignatureValidationCertificate = CertificateUtil.Load(Startup.AppEnvironment.MapToPhysicalFilePath("itfoxtec.identity.saml2.testwebapp_Certificate.crt"))
             });
             validRelyingPartys.Add(new RelyingParty
             {
-                Issuer = new Uri("urn:itfoxtec:identity:saml2:testwebappcore"),
+                Issuer = "itfoxtec-testwebappcore",
                 SingleSignOnDestination = new Uri("https://localhost:44306/Auth/AssertionConsumerService"),
                 SingleLogoutResponseDestination = new Uri("https://localhost:44306/Auth/LoggedOut"),
                 SignatureValidationCertificate = CertificateUtil.Load(Startup.AppEnvironment.MapToPhysicalFilePath("itfoxtec.identity.saml2.testwebappcore_Certificate.crt"))
             });
             validRelyingPartys.Add(new RelyingParty
             {
-                Issuer = new Uri("urn:itfoxtec:identity:saml2:testwebappcoreframework"),
+                Issuer = "urn:itfoxtec:identity:saml2:testwebappcoreframework",
                 SingleSignOnDestination = new Uri("https://localhost:44307/Auth/AssertionConsumerService"),
                 SingleLogoutResponseDestination = new Uri("https://localhost:44307/Auth/LoggedOut"),
                 SignatureValidationCertificate = CertificateUtil.Load(Startup.AppEnvironment.MapToPhysicalFilePath("itfoxtec.identity.saml2.testwebappcore_Certificate.crt"))
             });
 
-            return validRelyingPartys.Where(rp => rp.Issuer.OriginalString.Equals(issuer.OriginalString, StringComparison.InvariantCultureIgnoreCase)).Single();
+            return validRelyingPartys.Where(rp => rp.Issuer.Equals(issuer, StringComparison.InvariantCultureIgnoreCase)).Single();
         }
 
         class RelyingParty
         {
-            public Uri Issuer { get; set; }
+            public string Issuer { get; set; }
 
             public Uri SingleSignOnDestination { get; set; }
 
diff --git a/test/TestIdPCore/appsettings.json b/test/TestIdPCore/appsettings.json
@@ -8,7 +8,7 @@
     }
   },
   "Saml2": {
-    "Issuer": "urn:itfoxtec:identity:saml2:testidpcore",
+    "Issuer": "itfoxtec-testidpcore",
     "SingleSignOnDestination": "https://localhost:44305/Auth/Login",
     "SingleLogoutDestination": "https://localhost:44305/Auth/Logout",
     "SignatureAlgorithm": "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256",
diff --git a/test/TestWebApp/App_Start/IdentityConfig.cs b/test/TestWebApp/App_Start/IdentityConfig.cs
@@ -20,7 +20,7 @@ public static void RegisterIdentity()
         {
             AntiForgeryConfig.UniqueClaimTypeIdentifier = ClaimTypes.NameIdentifier;
 
-            Saml2Configuration.Issuer = new Uri(ConfigurationManager.AppSettings["Saml2:Issuer"]);
+            Saml2Configuration.Issuer = ConfigurationManager.AppSettings["Saml2:Issuer"];
             //Saml2Configuration.SingleSignOnDestination = new Uri(ConfigurationManager.AppSettings["Saml2:SingleSignOnDestination"]);
             //Saml2Configuration.SingleLogoutDestination = new Uri(ConfigurationManager.AppSettings["Saml2:SingleLogoutDestination"]);
 
diff --git a/test/TestWebApp/Controllers/IdPInitiatedController.cs b/test/TestWebApp/Controllers/IdPInitiatedController.cs
@@ -23,12 +23,12 @@ public ActionResult Initiate()
 
             var config = new Saml2Configuration();
 
-            config.Issuer = new Uri("http://some-domain.com/this-application");
+            config.Issuer = "http://some-domain.com/this-application";
             config.SingleSignOnDestination = new Uri("https://test-adfs.itfoxtec.com/adfs/ls/");
             config.SigningCertificate = CertificateUtil.Load(HttpContext.Server.MapPath("~/App_Data/itfoxtec.identity.saml2.testwebapp_Certificate.pfx"), "!QAZ2wsx");
             config.SignatureAlgorithm = Saml2SecurityAlgorithms.RsaSha256Signature;
 
-            var appliesToAddress = new Uri("https://test-adfs.itfoxtec.com/adfs/services/trust");
+            var appliesToAddress = "https://test-adfs.itfoxtec.com/adfs/services/trust";
 
             var response = new Saml2AuthnResponse(config);
             response.Status = Saml2StatusCodes.Success;    
diff --git a/test/TestWebAppCore/Controllers/IdPInitiatedController.cs b/test/TestWebAppCore/Controllers/IdPInitiatedController.cs
@@ -25,12 +25,12 @@ public IActionResult Initiate()
 
             var config = new Saml2Configuration();
 
-            config.Issuer = new Uri("http://some-domain.com/this-application");
+            config.Issuer = "http://some-domain.com/this-application";
             config.SingleSignOnDestination = new Uri("https://test-adfs.itfoxtec.com/adfs/ls/");
             config.SigningCertificate = CertificateUtil.Load(Startup.AppEnvironment.MapToPhysicalFilePath("itfoxtec.identity.saml2.testwebappcore_Certificate.pfx"), "!QAZ2wsx");
             config.SignatureAlgorithm = Saml2SecurityAlgorithms.RsaSha256Signature;
 
-            var appliesToAddress = new Uri("https://test-adfs.itfoxtec.com/adfs/services/trust");
+            var appliesToAddress = "https://test-adfs.itfoxtec.com/adfs/services/trust";
 
             var response = new Saml2AuthnResponse(config);
             response.Status = Saml2StatusCodes.Success;    
diff --git a/test/TestWebAppCore/appsettings.json b/test/TestWebAppCore/appsettings.json
@@ -9,7 +9,7 @@
   },
   "Saml2": {
     "IdPMetadata": "https://localhost:44305/metadata",
-    "Issuer": "urn:itfoxtec:identity:saml2:testwebappcore",
+    "Issuer": "itfoxtec-testwebappcore",
     //"SingleSignOnDestination": "https://test-adfs.itfoxtec.com/adfs/ls/",
     //"SingleLogoutDestination": "https://test-adfs.itfoxtec.com/adfs/ls/",
     "SignatureAlgorithm": "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256",
diff --git a/test/TestWebAppCoreFramework/Controllers/IdPInitiatedController.cs b/test/TestWebAppCoreFramework/Controllers/IdPInitiatedController.cs
@@ -25,12 +25,12 @@ public IActionResult Initiate()
 
             var config = new Saml2Configuration();
 
-            config.Issuer = new Uri("http://some-domain.com/this-application");
+            config.Issuer = "http://some-domain.com/this-application";
             config.SingleSignOnDestination = new Uri("https://test-adfs.itfoxtec.com/adfs/ls/");
             config.SigningCertificate = CertificateUtil.Load(Startup.AppEnvironment.MapToPhysicalFilePath("itfoxtec.identity.saml2.testwebappcore_Certificate.pfx"), "!QAZ2wsx");
             config.SignatureAlgorithm = Saml2SecurityAlgorithms.RsaSha256Signature;
 
-            var appliesToAddress = new Uri("https://test-adfs.itfoxtec.com/adfs/services/trust");
+            var appliesToAddress = "https://test-adfs.itfoxtec.com/adfs/services/trust";
 
             var response = new Saml2AuthnResponse(config);
             response.Status = Saml2StatusCodes.Success;    

Original file line number	Diff line number	Diff line change
`@@ -11,7 +11,7 @@ namespace ITfoxtec.Identity.Saml2`
`11`	`11`	`/// </summary>`
`12`	`12`	`public class Saml2Configuration`
`13`	`13`	`{`
`14`		`- public Uri Issuer { get; set; }`
	`14`	`+ public string Issuer { get; set; }`
`15`	`15`
`16`	`16`	`public Uri SingleSignOnDestination { get; set; }`
`17`	`17`
`@@ -31,7 +31,7 @@ public class Saml2Configuration`
`31`	`31`	`public bool DetectReplayedTokens { get; set; } = false;`
`32`	`32`
`33`	`33`	`public bool AudienceRestricted { get; set; } = true;`
`34`		`- public List<Uri> AllowedAudienceUris { get; protected set; } = new List<Uri>();`
	`34`	`+ public List<string> AllowedAudienceUris { get; protected set; } = new List<string>();`
`35`	`35`
`36`	`36`	`public bool SignAuthnRequest { get; set; } = false;`
`37`	`37`	`}`
Original file line number	Diff line number	Diff line change
`@@ -42,8 +42,8 @@ public static Saml2IdentityConfiguration GetIdentityConfiguration(Saml2Configura`
`42`	`42`	`#else`
`43`	`43`	`configuration.SaveSigninToken = config.SaveBootstrapContext;`
`44`	`44`	`configuration.ValidateAudience = config.AudienceRestricted;`
`45`		`- configuration.ValidAudiences = config.AllowedAudienceUris.Select(a => a.OriginalString);`
`46`		`- configuration.ValidIssuer = config.Issuer?.OriginalString;`
	`45`	`+ configuration.ValidAudiences = config.AllowedAudienceUris.Select(a => a);`
	`46`	`+ configuration.ValidIssuer = config.Issuer;`
`47`	`47`	`configuration.ValidateTokenReplay = config.DetectReplayedTokens;`
`48`	`48`
`49`	`49`	`configuration.NameClaimType = ClaimTypes.NameIdentifier;`
`@@ -58,14 +58,14 @@ public static Saml2IdentityConfiguration GetIdentityConfiguration(Saml2Configura`
`58`	`58`	`}`
`59`	`59`
`60`	`60`	`#if NETFULL`
`61`		`- private static AudienceRestriction GetAudienceRestriction(bool audienceRestricted, IEnumerable<Uri> allowedAudienceUris)`
	`61`	`+ private static AudienceRestriction GetAudienceRestriction(bool audienceRestricted, IEnumerable<string> allowedAudienceUris)`
`62`	`62`	`{`
`63`	`63`	`var audienceRestriction = new AudienceRestriction(audienceRestricted ? System.IdentityModel.Selectors.AudienceUriMode.Always : System.IdentityModel.Selectors.AudienceUriMode.Never);`
`64`	`64`	`if (audienceRestricted)`
`65`	`65`	`{`
`66`	`66`	`foreach (var audienceUri in allowedAudienceUris)`
`67`	`67`	`{`
`68`		`- audienceRestriction.AllowedAudienceUris.Add(audienceUri);`
	`68`	`+ audienceRestriction.AllowedAudienceUris.Add(new Uri(audienceUri));`
`69`	`69`	`}`
`70`	`70`	`}`
`71`	`71`	`return audienceRestriction;`
Original file line number	Diff line number	Diff line change
`@@ -26,7 +26,7 @@ public class EntityDescriptor`
`26`	`26`	`/// <summary>`
`27`	`27`	`/// Specifies the unique identifier of the SAML entity whose metadata is described by the element's contents.`
`28`	`28`	`/// </summary>`
`29`		`- public Uri EntityId { get; protected set; }`
	`29`	`+ public string EntityId { get; protected set; }`
`30`	`30`
`31`	`31`	`/// <summary>`
`32`	`32`	`/// A document-unique identifier for the element, typically used as a reference point when signing.`
`@@ -115,7 +115,7 @@ protected IEnumerable<XObject> GetXContent()`
`115`	`115`	`{`
`116`	`116`	`throw new ArgumentNullException("EntityId property");`
`117`	`117`	`}`
`118`		`- yield return new XAttribute(Saml2MetadataConstants.Message.EntityId, EntityId.OriginalString);`
	`118`	`+ yield return new XAttribute(Saml2MetadataConstants.Message.EntityId, EntityId);`
`119`	`119`	`yield return new XAttribute(Saml2MetadataConstants.Message.Id, IdAsString);`
`120`	`120`	`if (ValidUntil.HasValue)`
`121`	`121`	`{`
`@@ -148,7 +148,7 @@ public virtual EntityDescriptor ReadIdPSsoDescriptor(string idPMetadataXml)`
`148`	`148`	`throw new Saml2RequestException("Not Metadata.");`
`149`	`149`	`}`
`150`	`150`
`151`		`- EntityId = metadataXmlDocument.DocumentElement.Attributes[Saml2MetadataConstants.Message.EntityId].GetValueOrNull<Uri>();`
	`151`	`+ EntityId = metadataXmlDocument.DocumentElement.Attributes[Saml2MetadataConstants.Message.EntityId].GetValueOrNull<string>();`
`152`	`152`
`153`	`153`	`Id = metadataXmlDocument.DocumentElement.Attributes[Saml2MetadataConstants.Message.Id].GetValueOrNull<Saml2Id>();`
`154`	`154`
Original file line number	Diff line number	Diff line change
`@@ -80,12 +80,12 @@ public IActionResult Logout()`
`80`	`80`	`}`
`81`	`81`	`}`
`82`	`82`
`83`		`- private Uri ReadRelyingPartyFromLoginRequest<T>(Saml2Binding<T> binding)`
	`83`	`+ private string ReadRelyingPartyFromLoginRequest<T>(Saml2Binding<T> binding)`
`84`	`84`	`{`
`85`	`85`	`return binding.ReadSamlRequest(Request.ToGenericHttpRequest(), new Saml2AuthnRequest(config))?.Issuer;`
`86`	`86`	`}`
`87`	`87`
`88`		`- private Uri ReadRelyingPartyFromLogoutRequest<T>(Saml2Binding<T> binding)`
	`88`	`+ private string ReadRelyingPartyFromLogoutRequest<T>(Saml2Binding<T> binding)`
`89`	`89`	`{`
`90`	`90`	`return binding.ReadSamlRequest(Request.ToGenericHttpRequest(), new Saml2LogoutRequest(config))?.Issuer;`
`91`	`91`	`}`
`@@ -131,37 +131,37 @@ private IActionResult LogoutResponse(Saml2Id inResponseTo, Saml2StatusCodes stat`
`131`	`131`	`return responsebinding.Bind(saml2LogoutResponse).ToActionResult();`
`132`	`132`	`}`
`133`	`133`
`134`		`- private RelyingParty ValidateRelyingParty(Uri issuer)`
	`134`	`+ private RelyingParty ValidateRelyingParty(string issuer)`
`135`	`135`	`{`
`136`	`136`	`var validRelyingPartys = new List<RelyingParty>();`
`137`	`137`	`validRelyingPartys.Add(new RelyingParty`
`138`	`138`	`{`
`139`		`- Issuer = new Uri("urn:itfoxtec:identity:saml2:testwebapp"),`
	`139`	`+ Issuer = "urn:itfoxtec:identity:saml2:testwebapp",`
`140`	`140`	`SingleSignOnDestination = new Uri("http://localhost:3112/Auth/AssertionConsumerService"),`
`141`	`141`	`SingleLogoutResponseDestination = new Uri("http://localhost:3112/Auth/LoggedOut"),`
`142`	`142`	`SignatureValidationCertificate = CertificateUtil.Load(Startup.AppEnvironment.MapToPhysicalFilePath("itfoxtec.identity.saml2.testwebapp_Certificate.crt"))`
`143`	`143`	`});`
`144`	`144`	`validRelyingPartys.Add(new RelyingParty`
`145`	`145`	`{`
`146`		`- Issuer = new Uri("urn:itfoxtec:identity:saml2:testwebappcore"),`
	`146`	`+ Issuer = "itfoxtec-testwebappcore",`
`147`	`147`	`SingleSignOnDestination = new Uri("https://localhost:44306/Auth/AssertionConsumerService"),`
`148`	`148`	`SingleLogoutResponseDestination = new Uri("https://localhost:44306/Auth/LoggedOut"),`
`149`	`149`	`SignatureValidationCertificate = CertificateUtil.Load(Startup.AppEnvironment.MapToPhysicalFilePath("itfoxtec.identity.saml2.testwebappcore_Certificate.crt"))`
`150`	`150`	`});`
`151`	`151`	`validRelyingPartys.Add(new RelyingParty`
`152`	`152`	`{`
`153`		`- Issuer = new Uri("urn:itfoxtec:identity:saml2:testwebappcoreframework"),`
	`153`	`+ Issuer = "urn:itfoxtec:identity:saml2:testwebappcoreframework",`
`154`	`154`	`SingleSignOnDestination = new Uri("https://localhost:44307/Auth/AssertionConsumerService"),`
`155`	`155`	`SingleLogoutResponseDestination = new Uri("https://localhost:44307/Auth/LoggedOut"),`
`156`	`156`	`SignatureValidationCertificate = CertificateUtil.Load(Startup.AppEnvironment.MapToPhysicalFilePath("itfoxtec.identity.saml2.testwebappcore_Certificate.crt"))`
`157`	`157`	`});`
`158`	`158`
`159`		`- return validRelyingPartys.Where(rp => rp.Issuer.OriginalString.Equals(issuer.OriginalString, StringComparison.InvariantCultureIgnoreCase)).Single();`
	`159`	`+ return validRelyingPartys.Where(rp => rp.Issuer.Equals(issuer, StringComparison.InvariantCultureIgnoreCase)).Single();`
`160`	`160`	`}`
`161`	`161`
`162`	`162`	`class RelyingParty`
`163`	`163`	`{`
`164`		`- public Uri Issuer { get; set; }`
	`164`	`+ public string Issuer { get; set; }`
`165`	`165`
`166`	`166`	`public Uri SingleSignOnDestination { get; set; }`
`167`	`167`
Original file line number	Diff line number	Diff line change
`@@ -8,7 +8,7 @@`
`8`	`8`	`}`
`9`	`9`	`},`
`10`	`10`	`"Saml2": {`
`11`		`- "Issuer": "urn:itfoxtec:identity:saml2:testidpcore",`
	`11`	`+ "Issuer": "itfoxtec-testidpcore",`
`12`	`12`	`"SingleSignOnDestination": "https://localhost:44305/Auth/Login",`
`13`	`13`	`"SingleLogoutDestination": "https://localhost:44305/Auth/Logout",`
`14`	`14`	`"SignatureAlgorithm": "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256",`