Using modern hash algorithms in dotnet XML signatures (for SAML)

Update: On August 2, 2016, Microsoft released version 4.6.2 of the .NET framework. It handles the new algorithms natively. Microsoft’s .NET framework comes with built in support for the rsa-sha1 digital signature hashing algorithm. As of early 2016 that algorithm is deprecated, however. It has become too easy to crack.  SAML Identity Providers like PingIdentity.com and OneLogin.com are starting … Read more

SAML single-signon — implementation experience

I’ve recently had the pleasure of figuring out how to set up SAML-based single signon. This was for a SaaS offering (at Glance Networks, my employer).  Here are some of the things I learned along the way. I set up a so-called SAML Service Provider: a service that gets information about user identities from Identity … Read more