Hi!
Github is now in sync with the publish of v2.0.1 to PowershellGallery.com on March 10,2021.
Note well that sites should be installing from PowerShellGallery.com
Release details are below..
Chris on behalf of the ADFSToolkit team.
ADFSToolkit-2.0.1
Repository: fedtools/adfstoolkit · Tag: v2.0.1 · Commit: 422898f · Released by: canariecaf
ADFSToolkit 2.0.1 (Maintenance Release)
Published and available on PowershellGallery.com as of March 10,2021
New Features
none, this is a maintenance release.
Adjustments / Fixes
Resolved code signing problem where time server signature was absent due to expiring cert on March 9,2021 and required override to continue to execute as expected
Resolved Institution Local Transform Rules (new to v2.0.0) not loading as expected ( canariecaf#121 )
Resolved Signature being applied to -dist files and causing challenges on copied version breaking signatures ( canariecaf#123 )
Upgrading
Consult https://github.com/fedtools/adfstoolkit/blob/master/doc/upgrade.md for details
New Components / Commands
Core cmdlets:
no new items
Auxiliary and helper cmdlets:
no new items
Known Limitations (Unchanged from v2.0.0)
ADFSToolkit is designed for AD FS on Windows 2016 or newer. It may run on older instances but has not been tested.
ADFSToolkit has no known limitations itself and strives for full automation for loading a signed SAML2 aggregate. In order to accomplish this, ADFSToolkit attempts to make the 'best' choice for successfully loading an entity record under the conditions of the expected SAML2 R&E trust model.
Despite these best efforts ADFSToolkit lives in an imperfect world where there are observed limitations of Microsoft AD FS meeting SAML2 and Metadata handling practices enjoyed by other tools. There may be some cases where an AD FS Administrator may need to take one time action to allow a record they need to be loaded. In each case there is a way to handle the issue however we encourage Microsoft to improve support in this area and welcome dialog on how to improve these challenges outlined below:
AD FS' limitation of handling only one Relying Party encryption certificate per entity forces ADFSToolkit to choose the newest certificate as detected by certificate date it observes. This choice may conflict with how the RP decides to roll over certificates and require AD FS admin intervention to handle the rollover period more appropriately if this default is not the proper choice.
AD FS' limitation of handling only a single signing certificate across all Relying Parties may require an AD FS Administrator to intervene to appropriately load the desired service on an ongoing basis via ADFSToolkit.
This is acutely experienced when multiple aggregates may be configured with entities in both. In this case, the first one loaded 'wins'.
—
This release has 2 assets:
Source code (zip)
Source code (tar.gz)
Visit the release page to download them.