I'm trying to enable this AcceptUnsignedLogoutResponses setting that was added here https://github.com/Sustainsys/Saml2/commit/22f1605eba659641a5a46edb20458b1b050c93af in order to handle Identity providers that don't sign their logout messsages.
I've tried to add a new element <compatibility AcceptUnsignedLogoutResponses="true"></compatibility>
in the <sustainsys.saml2>
element in web.config, but then I get a "System.Configuration.ConfigurationErrorsException" error stating that the attribute isn't recognized.
I could try to assign it by code as it's recognized this way
var compatibility = new Sustainsys.Saml2.Configuration.Compatibility();
compatibility.AcceptUnsignedLogoutResponses = true;
but I have no idea how to alter the current configuration to set just this setting.
Does anyone know how to set it in web.config or the way to do it in code (WebForms)?
You can do it by modifying your global.asax:
<%@ Application Language="C#" %>
<script RunAt="server">
public void Application_Start(object sender, EventArgs e)
{
var config = Sustainsys.Saml2.Configuration.Options.FromConfiguration;
config.SPOptions.Compatibility.AcceptUnsignedLogoutResponses = true;
}
</script>