diff --git a/src/.nuget/NuGet.Config b/src/.nuget/NuGet.Config
new file mode 100644
index 0000000..6a318ad
--- /dev/null
+++ b/src/.nuget/NuGet.Config
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="utf-8"?>
+<configuration>
+  <solution>
+    <add key="disableSourceControlIntegration" value="true" />
+  </solution>
+</configuration>
\ No newline at end of file
diff --git a/src/.nuget/NuGet.exe b/src/.nuget/NuGet.exe
new file mode 100644
index 0000000..9f8781d
Binary files /dev/null and b/src/.nuget/NuGet.exe differ
diff --git a/src/.nuget/NuGet.targets b/src/.nuget/NuGet.targets
new file mode 100644
index 0000000..3f8c37b
--- /dev/null
+++ b/src/.nuget/NuGet.targets
@@ -0,0 +1,144 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+    <PropertyGroup>
+        <SolutionDir Condition="$(SolutionDir) == '' Or $(SolutionDir) == '*Undefined*'">$(MSBuildProjectDirectory)\..\</SolutionDir>
+
+        <!-- Enable the restore command to run before builds -->
+        <RestorePackages Condition="  '$(RestorePackages)' == '' ">false</RestorePackages>
+
+        <!-- Property that enables building a package from a project -->
+        <BuildPackage Condition=" '$(BuildPackage)' == '' ">false</BuildPackage>
+
+        <!-- Determines if package restore consent is required to restore packages -->
+        <RequireRestoreConsent Condition=" '$(RequireRestoreConsent)' != 'false' ">true</RequireRestoreConsent>
+
+        <!-- Download NuGet.exe if it does not already exist -->
+        <DownloadNuGetExe Condition=" '$(DownloadNuGetExe)' == '' ">false</DownloadNuGetExe>
+    </PropertyGroup>
+
+    <ItemGroup Condition=" '$(PackageSources)' == '' ">
+        <!-- Package sources used to restore packages. By default, registered sources under %APPDATA%\NuGet\NuGet.Config will be used -->
+        <!-- The official NuGet package source (https://www.nuget.org/api/v2/) will be excluded if package sources are specified and it does not appear in the list -->
+        <!--
+            <PackageSource Include="https://www.nuget.org/api/v2/" />
+            <PackageSource Include="https://my-nuget-source/nuget/" />
+        -->
+    </ItemGroup>
+
+    <PropertyGroup Condition=" '$(OS)' == 'Windows_NT'">
+        <!-- Windows specific commands -->
+        <NuGetToolsPath>$([System.IO.Path]::Combine($(SolutionDir), ".nuget"))</NuGetToolsPath>
+    </PropertyGroup>
+
+    <PropertyGroup Condition=" '$(OS)' != 'Windows_NT'">
+        <!-- We need to launch nuget.exe with the mono command if we're not on windows -->
+        <NuGetToolsPath>$(SolutionDir).nuget</NuGetToolsPath>
+    </PropertyGroup>
+
+    <PropertyGroup>
+        <PackagesProjectConfig Condition=" '$(OS)' == 'Windows_NT'">$(MSBuildProjectDirectory)\packages.$(MSBuildProjectName.Replace(' ', '_')).config</PackagesProjectConfig>
+        <PackagesProjectConfig Condition=" '$(OS)' != 'Windows_NT'">$(MSBuildProjectDirectory)\packages.$(MSBuildProjectName).config</PackagesProjectConfig>
+    </PropertyGroup>
+
+    <PropertyGroup>
+      <PackagesConfig Condition="Exists('$(MSBuildProjectDirectory)\packages.config')">$(MSBuildProjectDirectory)\packages.config</PackagesConfig>
+      <PackagesConfig Condition="Exists('$(PackagesProjectConfig)')">$(PackagesProjectConfig)</PackagesConfig>
+    </PropertyGroup>
+    
+    <PropertyGroup>
+        <!-- NuGet command -->
+        <NuGetExePath Condition=" '$(NuGetExePath)' == '' ">$(NuGetToolsPath)\NuGet.exe</NuGetExePath>
+        <PackageSources Condition=" $(PackageSources) == '' ">@(PackageSource)</PackageSources>
+
+        <NuGetCommand Condition=" '$(OS)' == 'Windows_NT'">"$(NuGetExePath)"</NuGetCommand>
+        <NuGetCommand Condition=" '$(OS)' != 'Windows_NT' ">mono --runtime=v4.0.30319 "$(NuGetExePath)"</NuGetCommand>
+
+        <PackageOutputDir Condition="$(PackageOutputDir) == ''">$(TargetDir.Trim('\\'))</PackageOutputDir>
+
+        <RequireConsentSwitch Condition=" $(RequireRestoreConsent) == 'true' ">-RequireConsent</RequireConsentSwitch>
+        <NonInteractiveSwitch Condition=" '$(VisualStudioVersion)' != '' AND '$(OS)' == 'Windows_NT' ">-NonInteractive</NonInteractiveSwitch>
+
+        <PaddedSolutionDir Condition=" '$(OS)' == 'Windows_NT'">"$(SolutionDir) "</PaddedSolutionDir>
+        <PaddedSolutionDir Condition=" '$(OS)' != 'Windows_NT' ">"$(SolutionDir)"</PaddedSolutionDir>
+
+        <!-- Commands -->
+        <RestoreCommand>$(NuGetCommand) install "$(PackagesConfig)" -source "$(PackageSources)"  $(NonInteractiveSwitch) $(RequireConsentSwitch) -solutionDir $(PaddedSolutionDir)</RestoreCommand>
+        <BuildCommand>$(NuGetCommand) pack "$(ProjectPath)" -Properties "Configuration=$(Configuration);Platform=$(Platform)" $(NonInteractiveSwitch) -OutputDirectory "$(PackageOutputDir)" -symbols</BuildCommand>
+
+        <!-- We need to ensure packages are restored prior to assembly resolve -->
+        <BuildDependsOn Condition="$(RestorePackages) == 'true'">
+            RestorePackages;
+            $(BuildDependsOn);
+        </BuildDependsOn>
+
+        <!-- Make the build depend on restore packages -->
+        <BuildDependsOn Condition="$(BuildPackage) == 'true'">
+            $(BuildDependsOn);
+            BuildPackage;
+        </BuildDependsOn>
+    </PropertyGroup>
+
+    <Target Name="CheckPrerequisites">
+        <!-- Raise an error if we're unable to locate nuget.exe  -->
+        <Error Condition="'$(DownloadNuGetExe)' != 'true' AND !Exists('$(NuGetExePath)')" Text="Unable to locate '$(NuGetExePath)'" />
+        <!--
+        Take advantage of MsBuild's build dependency tracking to make sure that we only ever download nuget.exe once.
+        This effectively acts as a lock that makes sure that the download operation will only happen once and all
+        parallel builds will have to wait for it to complete.
+        -->
+        <MsBuild Targets="_DownloadNuGet" Projects="$(MSBuildThisFileFullPath)" Properties="Configuration=NOT_IMPORTANT;DownloadNuGetExe=$(DownloadNuGetExe)" />
+    </Target>
+
+    <Target Name="_DownloadNuGet">
+        <DownloadNuGet OutputFilename="$(NuGetExePath)" Condition=" '$(DownloadNuGetExe)' == 'true' AND !Exists('$(NuGetExePath)')" />
+    </Target>
+
+    <Target Name="RestorePackages" DependsOnTargets="CheckPrerequisites">        
+        <Exec Command="$(RestoreCommand)"
+              Condition="'$(OS)' != 'Windows_NT' And Exists('$(PackagesConfig)')" />
+
+        <Exec Command="$(RestoreCommand)"
+              LogStandardErrorAsError="true"
+              Condition="'$(OS)' == 'Windows_NT' And Exists('$(PackagesConfig)')" />
+    </Target>
+
+    <Target Name="BuildPackage" DependsOnTargets="CheckPrerequisites">
+        <Exec Command="$(BuildCommand)"
+              Condition=" '$(OS)' != 'Windows_NT' " />
+
+        <Exec Command="$(BuildCommand)"
+              LogStandardErrorAsError="true"
+              Condition=" '$(OS)' == 'Windows_NT' " />
+    </Target>
+
+    <UsingTask TaskName="DownloadNuGet" TaskFactory="CodeTaskFactory" AssemblyFile="$(MSBuildToolsPath)\Microsoft.Build.Tasks.v4.0.dll">
+        <ParameterGroup>
+            <OutputFilename ParameterType="System.String" Required="true" />
+        </ParameterGroup>
+        <Task>
+            <Reference Include="System.Core" />
+            <Using Namespace="System" />
+            <Using Namespace="System.IO" />
+            <Using Namespace="System.Net" />
+            <Using Namespace="Microsoft.Build.Framework" />
+            <Using Namespace="Microsoft.Build.Utilities" />
+            <Code Type="Fragment" Language="cs">
+                <![CDATA[
+                try {
+                    OutputFilename = Path.GetFullPath(OutputFilename);
+
+                    Log.LogMessage("Downloading latest version of NuGet.exe...");
+                    WebClient webClient = new WebClient();
+                    webClient.DownloadFile("https://www.nuget.org/nuget.exe", OutputFilename);
+
+                    return true;
+                }
+                catch (Exception ex) {
+                    Log.LogErrorFromException(ex);
+                    return false;
+                }
+            ]]>
+            </Code>
+        </Task>
+    </UsingTask>
+</Project>
diff --git a/src/Owin.Security.Saml/Owin.Security.Saml.csproj b/src/Owin.Security.Saml/Owin.Security.Saml.csproj
index 43ffb32..e429e8f 100644
--- a/src/Owin.Security.Saml/Owin.Security.Saml.csproj
+++ b/src/Owin.Security.Saml/Owin.Security.Saml.csproj
@@ -1,92 +1,101 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
-  <PropertyGroup>
-    <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
-    <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
-    <ProjectGuid>{0054DAFD-1A69-4807-B24E-A6A6B71927C7}</ProjectGuid>
-    <OutputType>Library</OutputType>
-    <AppDesignerFolder>Properties</AppDesignerFolder>
-    <RootNamespace>Owin.Security.Saml</RootNamespace>
-    <AssemblyName>Owin.Security.Saml</AssemblyName>
-    <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
-    <FileAlignment>512</FileAlignment>
-  </PropertyGroup>
-  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
-    <DebugSymbols>true</DebugSymbols>
-    <DebugType>full</DebugType>
-    <Optimize>false</Optimize>
-    <OutputPath>bin\Debug\</OutputPath>
-    <DefineConstants>DEBUG;TRACE</DefineConstants>
-    <ErrorReport>prompt</ErrorReport>
-    <WarningLevel>4</WarningLevel>
-  </PropertyGroup>
-  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
-    <DebugType>pdbonly</DebugType>
-    <Optimize>true</Optimize>
-    <OutputPath>bin\Release\</OutputPath>
-    <DefineConstants>TRACE</DefineConstants>
-    <ErrorReport>prompt</ErrorReport>
-    <WarningLevel>4</WarningLevel>
-  </PropertyGroup>
-  <ItemGroup>
-    <Reference Include="Microsoft.IdentityModel.Protocol.Extensions">
-      <HintPath>..\packages\Microsoft.IdentityModel.Protocol.Extensions.1.0.1\lib\net45\Microsoft.IdentityModel.Protocol.Extensions.dll</HintPath>
-    </Reference>
-    <Reference Include="Microsoft.Owin">
-      <HintPath>..\packages\Microsoft.Owin.3.0.0\lib\net45\Microsoft.Owin.dll</HintPath>
-    </Reference>
-    <Reference Include="Microsoft.Owin.Security">
-      <HintPath>..\packages\Microsoft.Owin.Security.3.0.0\lib\net45\Microsoft.Owin.Security.dll</HintPath>
-    </Reference>
-    <Reference Include="Owin">
-      <HintPath>..\packages\Owin.1.0\lib\net40\Owin.dll</HintPath>
-    </Reference>
-    <Reference Include="System" />
-    <Reference Include="System.Core" />
-    <Reference Include="System.IdentityModel.Tokens.Jwt">
-      <HintPath>..\packages\System.IdentityModel.Tokens.Jwt.4.0.1\lib\net45\System.IdentityModel.Tokens.Jwt.dll</HintPath>
-    </Reference>
-    <Reference Include="System.Net.Http" />
-    <Reference Include="System.Net.Http.WebRequest" />
-    <Reference Include="System.Runtime.Caching" />
-    <Reference Include="System.Xml.Linq" />
-    <Reference Include="Microsoft.CSharp" />
-    <Reference Include="System.Xml" />
-  </ItemGroup>
-  <ItemGroup>
-    <Compile Include="IDictionaryExtensions.cs" />
-    <Compile Include="IReadableStringCollectionExtensions.cs" />
-    <Compile Include="OwinRequestExtensions.cs" />
-    <Compile Include="Properties\AssemblyInfo.cs" />
-    <Compile Include="Saml20AssertionExtensions.cs" />
-    <Compile Include="SamlAttributeExtensions.cs" />
-    <Compile Include="SamlAuthenticationDefaults.cs" />
-    <Compile Include="SamlAuthenticationExtensions.cs" />
-    <Compile Include="SamlAuthenticationHandler.cs" />
-    <Compile Include="SamlAuthenticationMiddleware.cs" />
-    <Compile Include="SamlAuthenticationNotifications.cs" />
-    <Compile Include="SamlAuthenticationOptions.cs" />
-    <Compile Include="SamlLoginHandler.cs" />
-    <Compile Include="SamlMessage.cs" />
-    <Compile Include="SamlMetadataWriter.cs" />
-    <Compile Include="SelectSaml20IDP.cs" />
-  </ItemGroup>
-  <ItemGroup>
-    <None Include="packages.config" />
-  </ItemGroup>
-  <ItemGroup>
-    <ProjectReference Include="..\SAML2.Core\SAML2.Core.csproj">
-      <Project>{75e5bad2-a20c-43cc-b5c8-38004cedbdfd}</Project>
-      <Name>SAML2.Core</Name>
-    </ProjectReference>
-  </ItemGroup>
-  <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
+  <PropertyGroup>
+    <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
+    <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
+    <ProjectGuid>{0054DAFD-1A69-4807-B24E-A6A6B71927C7}</ProjectGuid>
+    <OutputType>Library</OutputType>
+    <AppDesignerFolder>Properties</AppDesignerFolder>
+    <RootNamespace>Owin.Security.Saml</RootNamespace>
+    <AssemblyName>Owin.Security.Saml</AssemblyName>
+    <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
+    <FileAlignment>512</FileAlignment>
+    <SolutionDir Condition="$(SolutionDir) == '' Or $(SolutionDir) == '*Undefined*'">..\</SolutionDir>
+    <RestorePackages>true</RestorePackages>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
+    <DebugSymbols>true</DebugSymbols>
+    <DebugType>full</DebugType>
+    <Optimize>false</Optimize>
+    <OutputPath>bin\Debug\</OutputPath>
+    <DefineConstants>DEBUG;TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
+    <DebugType>pdbonly</DebugType>
+    <Optimize>true</Optimize>
+    <OutputPath>bin\Release\</OutputPath>
+    <DefineConstants>TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+  </PropertyGroup>
+  <ItemGroup>
+    <Reference Include="Microsoft.IdentityModel.Protocol.Extensions">
+      <HintPath>..\packages\Microsoft.IdentityModel.Protocol.Extensions.1.0.1\lib\net45\Microsoft.IdentityModel.Protocol.Extensions.dll</HintPath>
+    </Reference>
+    <Reference Include="Microsoft.Owin">
+      <HintPath>..\packages\Microsoft.Owin.3.0.0\lib\net45\Microsoft.Owin.dll</HintPath>
+    </Reference>
+    <Reference Include="Microsoft.Owin.Security">
+      <HintPath>..\packages\Microsoft.Owin.Security.3.0.0\lib\net45\Microsoft.Owin.Security.dll</HintPath>
+    </Reference>
+    <Reference Include="Owin">
+      <HintPath>..\packages\Owin.1.0\lib\net40\Owin.dll</HintPath>
+    </Reference>
+    <Reference Include="System" />
+    <Reference Include="System.Core" />
+    <Reference Include="System.IdentityModel.Tokens.Jwt">
+      <HintPath>..\packages\System.IdentityModel.Tokens.Jwt.4.0.1\lib\net45\System.IdentityModel.Tokens.Jwt.dll</HintPath>
+    </Reference>
+    <Reference Include="System.Net.Http" />
+    <Reference Include="System.Net.Http.WebRequest" />
+    <Reference Include="System.Runtime.Caching" />
+    <Reference Include="System.Xml.Linq" />
+    <Reference Include="Microsoft.CSharp" />
+    <Reference Include="System.Xml" />
+  </ItemGroup>
+  <ItemGroup>
+    <Compile Include="IDictionaryExtensions.cs" />
+    <Compile Include="IReadableStringCollectionExtensions.cs" />
+    <Compile Include="OwinRequestExtensions.cs" />
+    <Compile Include="Properties\AssemblyInfo.cs" />
+    <Compile Include="Saml20AssertionExtensions.cs" />
+    <Compile Include="SamlAttributeExtensions.cs" />
+    <Compile Include="SamlAuthenticationDefaults.cs" />
+    <Compile Include="SamlAuthenticationExtensions.cs" />
+    <Compile Include="SamlAuthenticationHandler.cs" />
+    <Compile Include="SamlAuthenticationMiddleware.cs" />
+    <Compile Include="SamlAuthenticationNotifications.cs" />
+    <Compile Include="SamlAuthenticationOptions.cs" />
+    <Compile Include="SamlLoginHandler.cs" />
+    <Compile Include="SamlMessage.cs" />
+    <Compile Include="SamlMetadataWriter.cs" />
+    <Compile Include="SelectSaml20IDP.cs" />
+  </ItemGroup>
+  <ItemGroup>
+    <None Include="packages.config" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\SAML2.Core\SAML2.Core.csproj">
+      <Project>{75e5bad2-a20c-43cc-b5c8-38004cedbdfd}</Project>
+      <Name>SAML2.Core</Name>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
+  <Import Project="$(SolutionDir)\.nuget\NuGet.targets" Condition="Exists('$(SolutionDir)\.nuget\NuGet.targets')" />
+  <Target Name="EnsureNuGetPackageBuildImports" BeforeTargets="PrepareForBuild">
+    <PropertyGroup>
+      <ErrorText>This project references NuGet package(s) that are missing on this computer. Enable NuGet Package Restore to download them.  For more information, see http://go.microsoft.com/fwlink/?LinkID=322105. The missing file is {0}.</ErrorText>
+    </PropertyGroup>
+    <Error Condition="!Exists('$(SolutionDir)\.nuget\NuGet.targets')" Text="$([System.String]::Format('$(ErrorText)', '$(SolutionDir)\.nuget\NuGet.targets'))" />
+  </Target>
   <!-- To modify your build process, add your task inside one of the targets below and uncomment it. 
        Other similar extension points exist, see Microsoft.Common.targets.
   <Target Name="BeforeBuild">
   </Target>
   <Target Name="AfterBuild">
   </Target>
-  -->
+  -->
 </Project>
\ No newline at end of file
diff --git a/src/Owin.Security.Saml/SamlMessage.cs b/src/Owin.Security.Saml/SamlMessage.cs
index e353a6a..118b66d 100644
--- a/src/Owin.Security.Saml/SamlMessage.cs
+++ b/src/Owin.Security.Saml/SamlMessage.cs
@@ -159,10 +159,10 @@ private string AuthnRequestForIdp(IdentityProvider identityProvider, Saml20Authn
                     context.Authentication.AuthenticationResponseChallenge.Properties.Dictionary != null &&
                     context.Authentication.AuthenticationResponseChallenge.Properties.Dictionary.Count > 0)
                     redirectBuilder.RelayState = context.Authentication.AuthenticationResponseChallenge.Properties.Dictionary.ToDelimitedString();
-                logger.DebugFormat(TraceMessages.AuthnRequestSent, redirectBuilder.Request);
-
-                var redirectLocation = request.Destination + "?" + redirectBuilder.ToQuery();
-                return redirectLocation;
+                logger.DebugFormat(TraceMessages.AuthnRequestSent, redirectBuilder.Request);
+
+				var redirectLocation = string.Format( "{0}{1}{2}", request.Destination, ( request.Destination.EndsWith( "?" ) ? "&" : "?" ), redirectBuilder.ToQuery() );
+				return redirectLocation;
             case BindingType.Post:
                 throw new NotImplementedException();
                 //logger.DebugFormat(TraceMessages.AuthnRequestPrepared, identityProvider.Id, Saml20Constants.ProtocolBindings.HttpPost);
@@ -201,7 +201,6 @@ private string AuthnRequestForIdp(IdentityProvider identityProvider, Saml20Authn
                 logger.Error(SAML2.ErrorMessages.EndpointBindingInvalid);
                 throw new Saml20Exception(SAML2.ErrorMessages.EndpointBindingInvalid);
             }
-            throw new NotImplementedException();
         }
 
         private static NameValueCollection BuildParams(IReadableStringCollection query)
diff --git a/src/SAML2.AspNet/Protocol/Saml20LogoutHandler.cs b/src/SAML2.AspNet/Protocol/Saml20LogoutHandler.cs
index 80bb0eb..1a409e2 100644
--- a/src/SAML2.AspNet/Protocol/Saml20LogoutHandler.cs
+++ b/src/SAML2.AspNet/Protocol/Saml20LogoutHandler.cs
@@ -328,7 +328,7 @@ private void HandleRequest(HttpContext context)
 
                 Logger.DebugFormat(TraceMessages.LogoutResponseSent, builder.Response);
 
-                context.Response.Redirect(destination.Url + "?" + builder.ToQuery(), true);
+                context.Response.Redirect(string.Format( "{0}{1}{2}", destination.Url, destination.Url.EndsWith("?") ? "&" : "?" , builder.ToQuery()), true);
                 return;
             }
 
diff --git a/src/SAML2.AspNet/Protocol/Saml20SignonHandler.cs b/src/SAML2.AspNet/Protocol/Saml20SignonHandler.cs
index 1de5334..f410916 100644
--- a/src/SAML2.AspNet/Protocol/Saml20SignonHandler.cs
+++ b/src/SAML2.AspNet/Protocol/Saml20SignonHandler.cs
@@ -189,7 +189,7 @@ private void TransferClient(IdentityProvider identityProvider, Saml20AuthnReques
 
                 Logger.DebugFormat(TraceMessages.AuthnRequestSent, redirectBuilder.Request);
 
-                var redirectLocation = request.Destination + "?" + redirectBuilder.ToQuery();
+				var redirectLocation = string.Format( "{0}{1}{2}", request.Destination, ( request.Destination.EndsWith( "?" ) ? "&" : "?" ), redirectBuilder.ToQuery() );
                 context.Response.Redirect(redirectLocation, true);
                 break;
             case BindingType.Post:
diff --git a/src/SAML2.AspNet/SAML2.AspNet.csproj b/src/SAML2.AspNet/SAML2.AspNet.csproj
index 04eb9c7..2bf9908 100644
--- a/src/SAML2.AspNet/SAML2.AspNet.csproj
+++ b/src/SAML2.AspNet/SAML2.AspNet.csproj
@@ -1,119 +1,116 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
-  <PropertyGroup>
-    <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
-    <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
-    <ProjectGuid>{D2136BFD-D2DA-4105-920B-8E05C090C597}</ProjectGuid>
-    <OutputType>Library</OutputType>
-    <AppDesignerFolder>Properties</AppDesignerFolder>
-    <RootNamespace>SAML2.AspNet</RootNamespace>
-    <AssemblyName>SAML2.AspNet</AssemblyName>
-    <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
-    <FileAlignment>512</FileAlignment>
-  </PropertyGroup>
-  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
-    <DebugSymbols>true</DebugSymbols>
-    <DebugType>full</DebugType>
-    <Optimize>false</Optimize>
-    <OutputPath>bin\Debug\</OutputPath>
-    <DefineConstants>DEBUG;TRACE</DefineConstants>
-    <ErrorReport>prompt</ErrorReport>
-    <WarningLevel>4</WarningLevel>
-  </PropertyGroup>
-  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
-    <DebugType>pdbonly</DebugType>
-    <Optimize>true</Optimize>
-    <OutputPath>bin\Release\</OutputPath>
-    <DefineConstants>TRACE</DefineConstants>
-    <ErrorReport>prompt</ErrorReport>
-    <WarningLevel>4</WarningLevel>
-  </PropertyGroup>
-  <ItemGroup>
-    <Reference Include="System" />
-    <Reference Include="System.Configuration" />
-    <Reference Include="System.Core" />
-    <Reference Include="System.Runtime.Serialization" />
-    <Reference Include="System.Security" />
-    <Reference Include="System.ServiceModel" />
-    <Reference Include="System.Web" />
-    <Reference Include="System.Xml.Linq" />
-    <Reference Include="System.Data.DataSetExtensions" />
-    <Reference Include="Microsoft.CSharp" />
-    <Reference Include="System.Data" />
-    <Reference Include="System.Xml" />
-  </ItemGroup>
-  <ItemGroup>
-    <Compile Include="Configuration.cs" />
-    <Compile Include="Config\ActionCollection.cs" />
-    <Compile Include="Config\ActionElement.cs" />
-    <Compile Include="Config\AllowedAudienceUriCollection.cs" />
-    <Compile Include="Config\AssertionProfileElement.cs" />
-    <Compile Include="Config\AttributeElement.cs" />
-    <Compile Include="Config\AudienceUriElement.cs" />
-    <Compile Include="Config\AuthenticationContextCollection.cs" />
-    <Compile Include="Config\AuthenticationContextElement.cs" />
-    <Compile Include="Config\CertificateElement.cs" />
-    <Compile Include="Config\CertificateValidationCollection.cs" />
-    <Compile Include="Config\CertificateValidationElement.cs" />
-    <Compile Include="Config\CommonDomainCookieElement.cs" />
-    <Compile Include="Config\ContactCollection.cs" />
-    <Compile Include="Config\ContactElement.cs" />
-    <Compile Include="Config\EnumerableConfigurationElementCollection.cs" />
-    <Compile Include="Config\HttpAuthCredentialsElement.cs" />
-    <Compile Include="Config\HttpAuthElement.cs" />
-    <Compile Include="Config\IConfigurationElementCollectionElement.cs" />
-    <Compile Include="Config\IdentityProviderCollection.cs" />
-    <Compile Include="Config\IdentityProviderElement.cs" />
-    <Compile Include="Config\IdentityProviderEndpointCollection.cs" />
-    <Compile Include="Config\IdentityProviderEndpointElement.cs" />
-    <Compile Include="Config\LoggingElement.cs" />
-    <Compile Include="Config\MetadataElement.cs" />
-    <Compile Include="Config\NameIdFormatCollection.cs" />
-    <Compile Include="Config\NameIdFormatElement.cs" />
-    <Compile Include="Config\OrganizationElement.cs" />
-    <Compile Include="Config\PersistentPseudonymElement.cs" />
-    <Compile Include="Config\RequestedAttributesCollection.cs" />
-    <Compile Include="Config\Saml2Section.cs" />
-    <Compile Include="Config\ServiceProviderElement.cs" />
-    <Compile Include="Config\ServiceProviderEndpointCollection.cs" />
-    <Compile Include="Config\ServiceProviderEndpointElement.cs" />
-    <Compile Include="Config\WritableConfigurationElement.cs" />
-    <Compile Include="Properties\AssemblyInfo.cs" />
-    <Compile Include="Protocol\AbstractEndpointHandler.cs" />
-    <Compile Include="Protocol\Pages\BasePage.cs">
-      <SubType>aspxcodebehind</SubType>
-    </Compile>
-    <Compile Include="Protocol\Pages\ErrorPage.cs">
-      <SubType>aspxcodebehind</SubType>
-    </Compile>
-    <Compile Include="Protocol\Pages\SelectIDP.cs">
-      <SubType>aspxcodebehind</SubType>
-    </Compile>
-    <Compile Include="Protocol\Saml20AbstractEndpointHandler.cs" />
-    <Compile Include="Protocol\Saml20CDCIdPReturnPoint.cs" />
-    <Compile Include="Protocol\Saml20CDCReader.cs" />
-    <Compile Include="Protocol\Saml20LogoutHandler.cs" />
-    <Compile Include="Protocol\Saml20MetadataHandler.cs" />
-    <Compile Include="Protocol\Saml20SignonHandler.cs" />
-    <Compile Include="Saml20MetadataFetcherModule.cs" />
-    <Compile Include="WebConfigConfigurationProvider.cs" />
-  </ItemGroup>
-  <ItemGroup>
-    <ProjectReference Include="..\SAML2.Core\SAML2.Core.csproj">
-      <Project>{75e5bad2-a20c-43cc-b5c8-38004cedbdfd}</Project>
-      <Name>SAML2.Core</Name>
-    </ProjectReference>
-  </ItemGroup>
-  <ItemGroup>
-    <None Include="Config\IdentityProviderElement.cs.orig" />
-  </ItemGroup>
-  <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
+  <PropertyGroup>
+    <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
+    <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
+    <ProjectGuid>{D2136BFD-D2DA-4105-920B-8E05C090C597}</ProjectGuid>
+    <OutputType>Library</OutputType>
+    <AppDesignerFolder>Properties</AppDesignerFolder>
+    <RootNamespace>SAML2.AspNet</RootNamespace>
+    <AssemblyName>SAML2.AspNet</AssemblyName>
+    <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
+    <FileAlignment>512</FileAlignment>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
+    <DebugSymbols>true</DebugSymbols>
+    <DebugType>full</DebugType>
+    <Optimize>false</Optimize>
+    <OutputPath>bin\Debug\</OutputPath>
+    <DefineConstants>DEBUG;TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
+    <DebugType>pdbonly</DebugType>
+    <Optimize>true</Optimize>
+    <OutputPath>bin\Release\</OutputPath>
+    <DefineConstants>TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+  </PropertyGroup>
+  <ItemGroup>
+    <Reference Include="System" />
+    <Reference Include="System.Configuration" />
+    <Reference Include="System.Core" />
+    <Reference Include="System.Runtime.Serialization" />
+    <Reference Include="System.Security" />
+    <Reference Include="System.ServiceModel" />
+    <Reference Include="System.Web" />
+    <Reference Include="System.Xml.Linq" />
+    <Reference Include="System.Data.DataSetExtensions" />
+    <Reference Include="Microsoft.CSharp" />
+    <Reference Include="System.Data" />
+    <Reference Include="System.Xml" />
+  </ItemGroup>
+  <ItemGroup>
+    <Compile Include="Configuration.cs" />
+    <Compile Include="Config\ActionCollection.cs" />
+    <Compile Include="Config\ActionElement.cs" />
+    <Compile Include="Config\AllowedAudienceUriCollection.cs" />
+    <Compile Include="Config\AssertionProfileElement.cs" />
+    <Compile Include="Config\AttributeElement.cs" />
+    <Compile Include="Config\AudienceUriElement.cs" />
+    <Compile Include="Config\AuthenticationContextCollection.cs" />
+    <Compile Include="Config\AuthenticationContextElement.cs" />
+    <Compile Include="Config\CertificateElement.cs" />
+    <Compile Include="Config\CertificateValidationCollection.cs" />
+    <Compile Include="Config\CertificateValidationElement.cs" />
+    <Compile Include="Config\CommonDomainCookieElement.cs" />
+    <Compile Include="Config\ContactCollection.cs" />
+    <Compile Include="Config\ContactElement.cs" />
+    <Compile Include="Config\EnumerableConfigurationElementCollection.cs" />
+    <Compile Include="Config\HttpAuthCredentialsElement.cs" />
+    <Compile Include="Config\HttpAuthElement.cs" />
+    <Compile Include="Config\IConfigurationElementCollectionElement.cs" />
+    <Compile Include="Config\IdentityProviderCollection.cs" />
+    <Compile Include="Config\IdentityProviderElement.cs" />
+    <Compile Include="Config\IdentityProviderEndpointCollection.cs" />
+    <Compile Include="Config\IdentityProviderEndpointElement.cs" />
+    <Compile Include="Config\LoggingElement.cs" />
+    <Compile Include="Config\MetadataElement.cs" />
+    <Compile Include="Config\NameIdFormatCollection.cs" />
+    <Compile Include="Config\NameIdFormatElement.cs" />
+    <Compile Include="Config\OrganizationElement.cs" />
+    <Compile Include="Config\PersistentPseudonymElement.cs" />
+    <Compile Include="Config\RequestedAttributesCollection.cs" />
+    <Compile Include="Config\Saml2Section.cs" />
+    <Compile Include="Config\ServiceProviderElement.cs" />
+    <Compile Include="Config\ServiceProviderEndpointCollection.cs" />
+    <Compile Include="Config\ServiceProviderEndpointElement.cs" />
+    <Compile Include="Config\WritableConfigurationElement.cs" />
+    <Compile Include="Properties\AssemblyInfo.cs" />
+    <Compile Include="Protocol\AbstractEndpointHandler.cs" />
+    <Compile Include="Protocol\Pages\BasePage.cs">
+      <SubType>aspxcodebehind</SubType>
+    </Compile>
+    <Compile Include="Protocol\Pages\ErrorPage.cs">
+      <SubType>aspxcodebehind</SubType>
+    </Compile>
+    <Compile Include="Protocol\Pages\SelectIDP.cs">
+      <SubType>aspxcodebehind</SubType>
+    </Compile>
+    <Compile Include="Protocol\Saml20AbstractEndpointHandler.cs" />
+    <Compile Include="Protocol\Saml20CDCIdPReturnPoint.cs" />
+    <Compile Include="Protocol\Saml20CDCReader.cs" />
+    <Compile Include="Protocol\Saml20LogoutHandler.cs" />
+    <Compile Include="Protocol\Saml20MetadataHandler.cs" />
+    <Compile Include="Protocol\Saml20SignonHandler.cs" />
+    <Compile Include="Saml20MetadataFetcherModule.cs" />
+    <Compile Include="WebConfigConfigurationProvider.cs" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\SAML2.Core\SAML2.Core.csproj">
+      <Project>{75e5bad2-a20c-43cc-b5c8-38004cedbdfd}</Project>
+      <Name>SAML2.Core</Name>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
   <!-- To modify your build process, add your task inside one of the targets below and uncomment it. 
        Other similar extension points exist, see Microsoft.Common.targets.
   <Target Name="BeforeBuild">
   </Target>
   <Target Name="AfterBuild">
   </Target>
-  -->
+  -->
 </Project>
\ No newline at end of file
diff --git a/src/SAML2.Core/Bindings/HttpArtifactBindingBuilder.cs b/src/SAML2.Core/Bindings/HttpArtifactBindingBuilder.cs
index 4e9ce13..a412236 100644
--- a/src/SAML2.Core/Bindings/HttpArtifactBindingBuilder.cs
+++ b/src/SAML2.Core/Bindings/HttpArtifactBindingBuilder.cs
@@ -14,17 +14,16 @@ public class HttpArtifactBindingBuilder : HttpSoapBindingBuilder
     {
         private readonly Saml2Configuration config;
         private readonly Action<string> redirect;
-        private readonly Action<string> sendResponseMessage;
-
-
-
-        /// <summary>
-        /// Initializes a new instance of the <see cref="HttpArtifactBindingBuilder"/> class.
-        /// </summary>
-        /// <param name="context">The current http context.</param>
-        /// <param name="redirect">Action to perform when redirecting. Parameter will be destination URL</param>
-        /// <param name="sendResponseMessage">Action to send messages to response stream</param>
-        public HttpArtifactBindingBuilder(Saml2Configuration config, Action<string> redirect, Action<string> sendResponseMessage)
+        private readonly Action<string> sendResponseMessage;
+
+
+	    /// <summary>
+	    /// Initializes a new instance of the <see cref="HttpArtifactBindingBuilder"/> class.
+	    /// </summary>
+	    /// <param name="config"></param>
+	    /// <param name="redirect">Action to perform when redirecting. Parameter will be destination URL</param>
+	    /// <param name="sendResponseMessage">Action to send messages to response stream</param>
+	    public HttpArtifactBindingBuilder(Saml2Configuration config, Action<string> redirect, Action<string> sendResponseMessage)
         {
             if (config == null) throw new ArgumentNullException("config");
             if (redirect == null) throw new ArgumentNullException("redirect");
@@ -32,59 +31,63 @@ public HttpArtifactBindingBuilder(Saml2Configuration config, Action<string> redi
             this.redirect = redirect;
             this.config = config;
             this.sendResponseMessage = sendResponseMessage;
-        }
-
-        /// <summary>
-        /// Creates an artifact and redirects the user to the IdP
-        /// </summary>
-        /// <param name="destination">The destination of the request.</param>
-        /// <param name="request">The authentication request.</param>
-        /// <param name="relayState">Relay state from client. May be null</param>
-        public void RedirectFromLogin(IdentityProviderEndpoint destination, Saml20AuthnRequest request, string relayState, Action<string, object> cacheInsert)
+        }
+
+	    /// <summary>
+	    /// Creates an artifact and redirects the user to the IdP
+	    /// </summary>
+	    /// <param name="destination">The destination of the request.</param>
+	    /// <param name="request">The authentication request.</param>
+	    /// <param name="relayState">Relay state from client. May be null</param>
+	    /// <param name="cacheInsert"></param>
+	    public void RedirectFromLogin(IdentityProviderEndpoint destination, Saml20AuthnRequest request, string relayState, Action<string, object> cacheInsert)
         {
             var index = (short)config.ServiceProvider.Endpoints.DefaultSignOnEndpoint.Index;
             var doc = request.GetXml();
             XmlSignatureUtils.SignDocument(doc, request.Request.Id, config.ServiceProvider.SigningCertificate);
             ArtifactRedirect(destination, index, doc, relayState, cacheInsert);
-        }
-
-
-        /// <summary>
-        /// Creates an artifact for the LogoutRequest and redirects the user to the IdP.
-        /// </summary>
-        /// <param name="destination">The destination of the request.</param>
-        /// <param name="request">The logout request.</param>
-        /// <param name="relayState">The query string relay state value (relayState) to add to the communication</param>
-        public void RedirectFromLogout(IdentityProviderEndpoint destination, Saml20LogoutRequest request, string relayState, Action<string, object> cacheInsert)
+        }
+
+
+	    /// <summary>
+	    /// Creates an artifact for the LogoutRequest and redirects the user to the IdP.
+	    /// </summary>
+	    /// <param name="destination">The destination of the request.</param>
+	    /// <param name="request">The logout request.</param>
+	    /// <param name="relayState">The query string relay state value (relayState) to add to the communication</param>
+	    /// <param name="cacheInsert"></param>
+	    public void RedirectFromLogout(IdentityProviderEndpoint destination, Saml20LogoutRequest request, string relayState, Action<string, object> cacheInsert)
         {
             var index = (short)config.ServiceProvider.Endpoints.DefaultLogoutEndpoint.Index;
             var doc = request.GetXml();
             XmlSignatureUtils.SignDocument(doc, request.Request.Id, config.ServiceProvider.SigningCertificate);
             ArtifactRedirect(destination, index, doc, relayState, cacheInsert);
-        }
-
-        /// <summary>
-        /// Creates an artifact for the LogoutResponse and redirects the user to the IdP.
-        /// </summary>
-        /// <param name="destination">The destination of the response.</param>
-        /// <param name="response">The logout response.</param>
-        /// <param name="relayState">The query string relay state value to add to the communication</param>
-
-        public void RedirectFromLogout(IdentityProviderEndpoint destination, Saml20LogoutResponse response, string relayState, Action<string, object> cacheInsert)
+        }
+
+	    /// <summary>
+	    /// Creates an artifact for the LogoutResponse and redirects the user to the IdP.
+	    /// </summary>
+	    /// <param name="destination">The destination of the response.</param>
+	    /// <param name="response">The logout response.</param>
+	    /// <param name="relayState">The query string relay state value to add to the communication</param>
+	    /// <param name="cacheInsert"></param>
+	    public void RedirectFromLogout(IdentityProviderEndpoint destination, Saml20LogoutResponse response, string relayState, Action<string, object> cacheInsert)
         {
             var index = (short)config.ServiceProvider.Endpoints.DefaultLogoutEndpoint.Index;
             var doc = response.GetXml();
             XmlSignatureUtils.SignDocument(doc, response.Response.ID, config.ServiceProvider.SigningCertificate);
 
             ArtifactRedirect(destination, index, doc, relayState, cacheInsert);
-        }
-
-        /// <summary>
-        /// Resolves an artifact.
-        /// </summary>
-        /// <returns>A stream containing the artifact response from the IdP</returns>
-        /// <param name="artifact">artifact from request ("SAMLart")</param>
-        public Stream ResolveArtifact(string artifact, string relayState, Saml2Configuration config)
+        }
+
+	    /// <summary>
+	    /// Resolves an artifact.
+	    /// </summary>
+	    /// <returns>A stream containing the artifact response from the IdP</returns>
+	    /// <param name="artifact">artifact from request ("SAMLart")</param>
+	    /// <param name="relayState"></param>
+	    /// <param name="config"></param>
+	    public Stream ResolveArtifact(string artifact, string relayState, Saml2Configuration config)
         {
             var idpEndPoint = DetermineIdp(artifact);
             if (idpEndPoint == null)
@@ -113,13 +116,14 @@ public Stream ResolveArtifact(string artifact, string relayState, Saml2Configura
             Logger.DebugFormat(TraceMessages.ArtifactResolved, artifactResolveString);
 
             return GetResponse(endpointUrl, artifactResolveString, idpEndPoint.ArtifactResolution, relayState);
-        }
-
-        /// <summary>
-        /// Handles responses to an artifact resolve message.
-        /// </summary>
-        /// <param name="artifactResolve">The artifact resolve message.</param>
-        public void RespondToArtifactResolve(ArtifactResolve artifactResolve, XmlElement samlDoc)
+        }
+
+	    /// <summary>
+	    /// Handles responses to an artifact resolve message.
+	    /// </summary>
+	    /// <param name="artifactResolve">The artifact resolve message.</param>
+	    /// <param name="samlDoc"></param>
+	    public void RespondToArtifactResolve(ArtifactResolve artifactResolve, XmlElement samlDoc)
         {
             var response = Saml20ArtifactResponse.GetDefault(config.ServiceProvider.Id);
             response.StatusCode = Saml20Constants.StatusCodes.Success;
@@ -156,16 +160,17 @@ private static bool ByteArraysAreEqual(byte[] a, byte[] b)
             }
 
             return true;
-        }
-
-        /// <summary>
-        /// Handles all artifact creations and redirects.
-        /// </summary>
-        /// <param name="destination">The destination.</param>
-        /// <param name="localEndpointIndex">Index of the local endpoint.</param>
-        /// <param name="signedSamlMessage">The signed SAML message.</param>
-        /// <param name="relayState">The query string relay state value to add to the communication</param>
-        private void ArtifactRedirect(IdentityProviderEndpoint destination, short localEndpointIndex, XmlDocument signedSamlMessage, string relayState, Action<string, object> cacheInsert)
+        }
+
+	    /// <summary>
+	    /// Handles all artifact creations and redirects.
+	    /// </summary>
+	    /// <param name="destination">The destination.</param>
+	    /// <param name="localEndpointIndex">Index of the local endpoint.</param>
+	    /// <param name="signedSamlMessage">The signed SAML message.</param>
+	    /// <param name="relayState">The query string relay state value to add to the communication</param>
+	    /// <param name="cacheInsert"></param>
+	    private void ArtifactRedirect(IdentityProviderEndpoint destination, short localEndpointIndex, XmlDocument signedSamlMessage, string relayState, Action<string, object> cacheInsert)
         {
             Logger.DebugFormat(TraceMessages.ArtifactRedirectReceived, signedSamlMessage.OuterXml);
 
@@ -174,9 +179,9 @@ private void ArtifactRedirect(IdentityProviderEndpoint destination, short localE
             var messageHandle = ArtifactUtil.GenerateMessageHandle();
 
             var artifact = ArtifactUtil.CreateArtifact(HttpArtifactBindingConstants.ArtifactTypeCode, localEndpointIndex, sourceIdHash, messageHandle);
-            cacheInsert(artifact, signedSamlMessage);
-
-            var destinationUrl = destination.Url + "?" + HttpArtifactBindingConstants.ArtifactQueryStringName + "=" + Uri.EscapeDataString(artifact);
+            cacheInsert(artifact, signedSamlMessage);
+
+			var destinationUrl = string.Format( "{0}{1}{2}{3}{4}", destination.Url, ( destination.Url.EndsWith( "?" ) ? "&" : "?" ), HttpArtifactBindingConstants.ArtifactQueryStringName, "=", Uri.EscapeDataString( artifact ) );
             if (!string.IsNullOrEmpty(relayState))
             {
                 destinationUrl += "&relayState=" + relayState;
diff --git a/src/SAML2.Core/Config/Metadata.cs b/src/SAML2.Core/Config/Metadata.cs
index 0db1103..0032f56 100644
--- a/src/SAML2.Core/Config/Metadata.cs
+++ b/src/SAML2.Core/Config/Metadata.cs
@@ -9,8 +9,6 @@ namespace SAML2.Config
     /// </summary>
     public class Metadata 
     {
-        
-
         /// <summary>
         /// Gets or sets a value indicating whether to exclude artifact endpoints in metadata generation.
         /// </summary>
@@ -36,7 +34,12 @@ public class Metadata
         /// Gets or sets the requested attributes.
         /// </summary>
         /// <value>The requested attributes.</value>
-        public IList<Attribute> RequestedAttributes { get; set; }
+        public IList<Attribute> RequestedAttributes { get; set; }
+
+		/// <summary>
+		/// Set Metadata validUntil attribute to be the days from now. The default is to ignore the validUntil attribute so the metadata will not expire.
+		/// </summary>
+		public int? ValidForDays { get; set; }
 
         public Metadata()
         {
diff --git a/src/SAML2.Core/ErrorMessages.Designer.cs b/src/SAML2.Core/ErrorMessages.Designer.cs
new file mode 100644
index 0000000..81603f4
--- /dev/null
+++ b/src/SAML2.Core/ErrorMessages.Designer.cs
@@ -0,0 +1,459 @@
+//------------------------------------------------------------------------------
+// <auto-generated>
+//     This code was generated by a tool.
+//     Runtime Version:4.0.30319.34209
+//
+//     Changes to this file may cause incorrect behavior and will be lost if
+//     the code is regenerated.
+// </auto-generated>
+//------------------------------------------------------------------------------
+
+namespace SAML2 {
+    using System;
+    
+    
+    /// <summary>
+    ///   A strongly-typed resource class, for looking up localized strings, etc.
+    /// </summary>
+    // This class was auto-generated by the StronglyTypedResourceBuilder
+    // class via a tool like ResGen or Visual Studio.
+    // To add or remove a member, edit your .ResX file then rerun ResGen
+    // with the /str option, or rebuild your VS project.
+    [global::System.CodeDom.Compiler.GeneratedCodeAttribute("System.Resources.Tools.StronglyTypedResourceBuilder", "4.0.0.0")]
+    [global::System.Diagnostics.DebuggerNonUserCodeAttribute()]
+    [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()]
+    public class ErrorMessages {
+        
+        private static global::System.Resources.ResourceManager resourceMan;
+        
+        private static global::System.Globalization.CultureInfo resourceCulture;
+        
+        [global::System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Microsoft.Performance", "CA1811:AvoidUncalledPrivateCode")]
+        internal ErrorMessages() {
+        }
+        
+        /// <summary>
+        ///   Returns the cached ResourceManager instance used by this class.
+        /// </summary>
+        [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
+        public static global::System.Resources.ResourceManager ResourceManager {
+            get {
+                if (object.ReferenceEquals(resourceMan, null)) {
+                    global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager("SAML2.ErrorMessages", typeof(ErrorMessages).Assembly);
+                    resourceMan = temp;
+                }
+                return resourceMan;
+            }
+        }
+        
+        /// <summary>
+        ///   Overrides the current thread's CurrentUICulture property for all
+        ///   resource lookups using this strongly typed resource class.
+        /// </summary>
+        [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
+        public static global::System.Globalization.CultureInfo Culture {
+            get {
+                return resourceCulture;
+            }
+            set {
+                resourceCulture = value;
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Artifact is not from a known identity provider.
+        /// </summary>
+        public static string ArtifactResolveIdentityProviderUnknown {
+            get {
+                return ResourceManager.GetString("ArtifactResolveIdentityProviderUnknown", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Could not verify SAML SOAP binding message signature.
+        /// </summary>
+        public static string ArtifactResolveSignatureInvalid {
+            get {
+                return ResourceManager.GetString("ArtifactResolveSignatureInvalid", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to ArtifactResponse did not contain an assertion.
+        /// </summary>
+        public static string ArtifactResponseMissingAssertion {
+            get {
+                return ResourceManager.GetString("ArtifactResponseMissingAssertion", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Unsupported payload message in ArtifactResponse.
+        /// </summary>
+        public static string ArtifactResponseMissingResponse {
+            get {
+                return ResourceManager.GetString("ArtifactResponseMissingResponse", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Could not verify artifact response message signature.
+        /// </summary>
+        public static string ArtifactResponseSignatureInvalid {
+            get {
+                return ResourceManager.GetString("ArtifactResponseSignatureInvalid", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to ArtifactResponse status code was invalid, expected {0}.
+        /// </summary>
+        public static string ArtifactResponseStatusCodeInvalid {
+            get {
+                return ResourceManager.GetString("ArtifactResponseStatusCodeInvalid", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Assertion expiration has been exceeded.
+        /// </summary>
+        public static string AssertionExpired {
+            get {
+                return ResourceManager.GetString("AssertionExpired", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Could not process assertion with an unknown identity provider.
+        /// </summary>
+        public static string AssertionIdentityProviderUnknown {
+            get {
+                return ResourceManager.GetString("AssertionIdentityProviderUnknown", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Assertion not found.
+        /// </summary>
+        public static string AssertionNotFound {
+            get {
+                return ResourceManager.GetString("AssertionNotFound", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Assertion with OneTimeUse condition detected more than once.
+        /// </summary>
+        public static string AssertionOneTimeUseExceeded {
+            get {
+                return ResourceManager.GetString("AssertionOneTimeUseExceeded", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Assertion signature is invalid.
+        /// </summary>
+        public static string AssertionSignatureInvalid {
+            get {
+                return ResourceManager.GetString("AssertionSignatureInvalid", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Attribute query can not be performed when user is not logged in with an identity provider.
+        /// </summary>
+        public static string AttrQueryNoLogin {
+            get {
+                return ResourceManager.GetString("AttrQueryNoLogin", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to AttrQuery response with status code &quot;{0}&quot; received when &quot;Success&quot; was expected.
+        /// </summary>
+        public static string AttrQueryStatusNotSuccessful {
+            get {
+                return ResourceManager.GetString("AttrQueryStatusNotSuccessful", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Certificate with DN &quot;{0}&quot; and thumbprint &quot;{1}&quot; is not valid according to RFC3280.
+        /// </summary>
+        public static string CertificateIsNotRFC3280Valid {
+            get {
+                return ResourceManager.GetString("CertificateIsNotRFC3280Valid", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Certificate {0} was not found.
+        /// </summary>
+        public static string CertificateNotFound {
+            get {
+                return ResourceManager.GetString("CertificateNotFound", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Found more than one certificate matching {0}.
+        /// </summary>
+        public static string CertificateNotUnique {
+            get {
+                return ResourceManager.GetString("CertificateNotUnique", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Common Domain Cookie identity provider not found in list of known identity providers: {0}.
+        /// </summary>
+        public static string CommonDomainCookieIdentityProviderInvalid {
+            get {
+                return ResourceManager.GetString("CommonDomainCookieIdentityProviderInvalid", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Configuration element &lt;saml2&gt; does not contain an &lt;identityProviders&gt; element.
+        /// </summary>
+        public static string ConfigMissingIdentityProvidersElement {
+            get {
+                return ResourceManager.GetString("ConfigMissingIdentityProvidersElement", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Configuration for &lt;identityProviders&gt; does not contain a &quot;metadata&quot; attribute.
+        /// </summary>
+        public static string ConfigMissingMetadataLocation {
+            get {
+                return ResourceManager.GetString("ConfigMissingMetadataLocation", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Configuration does not contain &lt;saml2&gt; element.
+        /// </summary>
+        public static string ConfigMissingSaml2Element {
+            get {
+                return ResourceManager.GetString("ConfigMissingSaml2Element", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Configuration element &lt;saml2&gt; does not contain a &lt;serviceProvider&gt; element.
+        /// </summary>
+        public static string ConfigMissingServiceProviderElement {
+            get {
+                return ResourceManager.GetString("ConfigMissingServiceProviderElement", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Configuration for &lt;serviceProvider&gt; does not contain an &quot;id&quot; attribute.
+        /// </summary>
+        public static string ConfigMissingServiceProviderIdAttribute {
+            get {
+                return ResourceManager.GetString("ConfigMissingServiceProviderIdAttribute", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Configuration for &lt;serviceProvider&gt; does not contain a &lt;signingCertificate&gt; element.
+        /// </summary>
+        public static string ConfigMissingSigningCertificateElement {
+            get {
+                return ResourceManager.GetString("ConfigMissingSigningCertificateElement", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Configuration for &lt;serviceProvider&gt; does not contain a SignOn endpoint.
+        /// </summary>
+        public static string ConfigServiceProviderMissingSignOnEndpoint {
+            get {
+                return ResourceManager.GetString("ConfigServiceProviderMissingSignOnEndpoint", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Specified &lt;signingCertificate&gt; does not have a private key.
+        /// </summary>
+        public static string ConfigSigningCertificateMissingPrivateKey {
+            get {
+                return ResourceManager.GetString("ConfigSigningCertificateMissingPrivateKey", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to The endpoint binding must be one of POST, Redirect, or Artifact.
+        /// </summary>
+        public static string EndpointBindingInvalid {
+            get {
+                return ResourceManager.GetString("EndpointBindingInvalid", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Empty protocol message id is not allowed.
+        /// </summary>
+        public static string ExpectedInResponseToEmpty {
+            get {
+                return ResourceManager.GetString("ExpectedInResponseToEmpty", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Session ExpectedInResponseTo missing.
+        /// </summary>
+        public static string ExpectedInResponseToMissing {
+            get {
+                return ResourceManager.GetString("ExpectedInResponseToMissing", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to An error occurred.
+        /// </summary>
+        public static string GenericError {
+            get {
+                return ResourceManager.GetString("GenericError", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to The specified metadata directory &quot;{0}&quot; could not be located.
+        /// </summary>
+        public static string MetadataLocationNotFound {
+            get {
+                return ResourceManager.GetString("MetadataLocationNotFound", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to The &quot;sign&quot;query string parameter could not be parsed.
+        /// </summary>
+        public static string MetadataSignQueryParameterInvalid {
+            get {
+                return ResourceManager.GetString("MetadataSignQueryParameterInvalid", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Possible replay attack detected, unexpected value {0} for InResponseTo, expected {1}.
+        /// </summary>
+        public static string ReplayAttack {
+            get {
+                return ResourceManager.GetString("ReplayAttack", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Request signature is invalid.
+        /// </summary>
+        public static string RequestSignatureInvalid {
+            get {
+                return ResourceManager.GetString("RequestSignatureInvalid", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Request is not signed.
+        /// </summary>
+        public static string RequestSignatureMissing {
+            get {
+                return ResourceManager.GetString("RequestSignatureMissing", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Received a response message that did not contain an InResponseTo attribute.
+        /// </summary>
+        public static string ResponseMissingInResponseToAttribute {
+            get {
+                return ResourceManager.GetString("ResponseMissingInResponseToAttribute", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Response signature is invalid.
+        /// </summary>
+        public static string ResponseSignatureInvalid {
+            get {
+                return ResourceManager.GetString("ResponseSignatureInvalid", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Response is not signed.
+        /// </summary>
+        public static string ResponseSignatureMissing {
+            get {
+                return ResourceManager.GetString("ResponseSignatureMissing", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Response with status code NoPassive received. A user cannot be signed in with the IsPassiveFlag set when the user does not have a session with the identity provider.
+        /// </summary>
+        public static string ResponseStatusIsNoPassive {
+            get {
+                return ResourceManager.GetString("ResponseStatusIsNoPassive", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Response with status code &quot;{0}&quot; received when &quot;Success&quot;was expected.
+        /// </summary>
+        public static string ResponseStatusNotSuccessful {
+            get {
+                return ResourceManager.GetString("ResponseStatusNotSuccessful", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to SOAP message did not contain a supported SamlMessage element.
+        /// </summary>
+        public static string SOAPMessageUnsupportedSamlMessage {
+            get {
+                return ResourceManager.GetString("SOAPMessageUnsupportedSamlMessage", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to User accessing resource &quot;{0}&quot; without authentication.
+        /// </summary>
+        public static string UnauthenticatedAccess {
+            get {
+                return ResourceManager.GetString("UnauthenticatedAccess", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Encoding &quot;{0}&quot; is not supported.
+        /// </summary>
+        public static string UnknownEncoding {
+            get {
+                return ResourceManager.GetString("UnknownEncoding", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Unknown identity provider &quot;{0}&quot;.
+        /// </summary>
+        public static string UnknownIdentityProvider {
+            get {
+                return ResourceManager.GetString("UnknownIdentityProvider", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to RequestType &quot;{0}&quot; is not supported..
+        /// </summary>
+        public static string UnsupportedRequestType {
+            get {
+                return ResourceManager.GetString("UnsupportedRequestType", resourceCulture);
+            }
+        }
+    }
+}
diff --git a/src/SAML2.Core/ErrorMessages.resx b/src/SAML2.Core/ErrorMessages.resx
index 9f5b052..a7bad7d 100644
--- a/src/SAML2.Core/ErrorMessages.resx
+++ b/src/SAML2.Core/ErrorMessages.resx
@@ -1,252 +1,252 @@
-<?xml version="1.0" encoding="utf-8"?>
-<root>
-  <!-- 
-    Microsoft ResX Schema 
-    
-    Version 2.0
-    
-    The primary goals of this format is to allow a simple XML format 
-    that is mostly human readable. The generation and parsing of the 
-    various data types are done through the TypeConverter classes 
-    associated with the data types.
-    
-    Example:
-    
-    ... ado.net/XML headers & schema ...
-    <resheader name="resmimetype">text/microsoft-resx</resheader>
-    <resheader name="version">2.0</resheader>
-    <resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
-    <resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
-    <data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
-    <data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
-    <data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
-        <value>[base64 mime encoded serialized .NET Framework object]</value>
-    </data>
-    <data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
-        <value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
-        <comment>This is a comment</comment>
-    </data>
-                
-    There are any number of "resheader" rows that contain simple 
-    name/value pairs.
-    
-    Each data row contains a name, and value. The row also contains a 
-    type or mimetype. Type corresponds to a .NET class that support 
-    text/value conversion through the TypeConverter architecture. 
-    Classes that don't support this are serialized and stored with the 
-    mimetype set.
-    
-    The mimetype is used for serialized objects, and tells the 
-    ResXResourceReader how to depersist the object. This is currently not 
-    extensible. For a given mimetype the value must be set accordingly:
-    
-    Note - application/x-microsoft.net.object.binary.base64 is the format 
-    that the ResXResourceWriter will generate, however the reader can 
-    read any of the formats listed below.
-    
-    mimetype: application/x-microsoft.net.object.binary.base64
-    value   : The object must be serialized with 
-            : System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
-            : and then encoded with base64 encoding.
-    
-    mimetype: application/x-microsoft.net.object.soap.base64
-    value   : The object must be serialized with 
-            : System.Runtime.Serialization.Formatters.Soap.SoapFormatter
-            : and then encoded with base64 encoding.
-
-    mimetype: application/x-microsoft.net.object.bytearray.base64
-    value   : The object must be serialized into a byte array 
-            : using a System.ComponentModel.TypeConverter
-            : and then encoded with base64 encoding.
-    -->
-  <xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
-    <xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
-    <xsd:element name="root" msdata:IsDataSet="true">
-      <xsd:complexType>
-        <xsd:choice maxOccurs="unbounded">
-          <xsd:element name="metadata">
-            <xsd:complexType>
-              <xsd:sequence>
-                <xsd:element name="value" type="xsd:string" minOccurs="0" />
-              </xsd:sequence>
-              <xsd:attribute name="name" use="required" type="xsd:string" />
-              <xsd:attribute name="type" type="xsd:string" />
-              <xsd:attribute name="mimetype" type="xsd:string" />
-              <xsd:attribute ref="xml:space" />
-            </xsd:complexType>
-          </xsd:element>
-          <xsd:element name="assembly">
-            <xsd:complexType>
-              <xsd:attribute name="alias" type="xsd:string" />
-              <xsd:attribute name="name" type="xsd:string" />
-            </xsd:complexType>
-          </xsd:element>
-          <xsd:element name="data">
-            <xsd:complexType>
-              <xsd:sequence>
-                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
-                <xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
-              </xsd:sequence>
-              <xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
-              <xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
-              <xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
-              <xsd:attribute ref="xml:space" />
-            </xsd:complexType>
-          </xsd:element>
-          <xsd:element name="resheader">
-            <xsd:complexType>
-              <xsd:sequence>
-                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
-              </xsd:sequence>
-              <xsd:attribute name="name" type="xsd:string" use="required" />
-            </xsd:complexType>
-          </xsd:element>
-        </xsd:choice>
-      </xsd:complexType>
-    </xsd:element>
-  </xsd:schema>
-  <resheader name="resmimetype">
-    <value>text/microsoft-resx</value>
-  </resheader>
-  <resheader name="version">
-    <value>2.0</value>
-  </resheader>
-  <resheader name="reader">
-    <value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
-  </resheader>
-  <resheader name="writer">
-    <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
-  </resheader>
-  <data name="ArtifactResolveIdentityProviderUnknown" xml:space="preserve">
-    <value>Artifact is not from a known identity provider</value>
-  </data>
-  <data name="ArtifactResolveSignatureInvalid" xml:space="preserve">
-    <value>Could not verify SAML SOAP binding message signature</value>
-  </data>
-  <data name="ArtifactResponseMissingAssertion" xml:space="preserve">
-    <value>ArtifactResponse did not contain an assertion</value>
-  </data>
-  <data name="ArtifactResponseMissingResponse" xml:space="preserve">
-    <value>Unsupported payload message in ArtifactResponse</value>
-  </data>
-  <data name="ArtifactResponseSignatureInvalid" xml:space="preserve">
-    <value>Could not verify artifact response message signature</value>
-  </data>
-  <data name="ArtifactResponseStatusCodeInvalid" xml:space="preserve">
-    <value>ArtifactResponse status code was invalid, expected {0}</value>
-  </data>
-  <data name="AssertionExpired" xml:space="preserve">
-    <value>Assertion expiration has been exceeded</value>
-  </data>
-  <data name="AssertionIdentityProviderUnknown" xml:space="preserve">
-    <value>Could not process assertion with an unknown identity provider</value>
-  </data>
-  <data name="AssertionNotFound" xml:space="preserve">
-    <value>Assertion not found</value>
-  </data>
-  <data name="AssertionOneTimeUseExceeded" xml:space="preserve">
-    <value>Assertion with OneTimeUse condition detected more than once</value>
-  </data>
-  <data name="AssertionSignatureInvalid" xml:space="preserve">
-    <value>Assertion signature is invalid</value>
-  </data>
-  <data name="AttrQueryNoLogin" xml:space="preserve">
-    <value>Attribute query can not be performed when user is not logged in with an identity provider</value>
-  </data>
-  <data name="AttrQueryStatusNotSuccessful" xml:space="preserve">
-    <value>AttrQuery response with status code "{0}" received when "Success" was expected</value>
-  </data>
-  <data name="CertificateIsNotRFC3280Valid" xml:space="preserve">
-    <value>Certificate with DN "{0}" and thumbprint "{1}" is not valid according to RFC3280</value>
-  </data>
-  <data name="CertificateNotFound" xml:space="preserve">
-    <value>Certificate {0} was not found</value>
-  </data>
-  <data name="CertificateNotUnique" xml:space="preserve">
-    <value>Found more than one certificate matching {0}</value>
-  </data>
-  <data name="CommonDomainCookieIdentityProviderInvalid" xml:space="preserve">
-    <value>Common Domain Cookie identity provider not found in list of known identity providers: {0}</value>
-  </data>
-  <data name="ConfigMissingIdentityProvidersElement" xml:space="preserve">
-    <value>Configuration element &lt;saml2&gt; does not contain an &lt;identityProviders&gt; element</value>
-  </data>
-  <data name="ConfigMissingMetadataLocation" xml:space="preserve">
-    <value>Configuration for &lt;identityProviders&gt; does not contain a "metadata" attribute</value>
-  </data>
-  <data name="ConfigMissingSaml2Element" xml:space="preserve">
-    <value>Configuration does not contain &lt;saml2&gt; element</value>
-  </data>
-  <data name="ConfigMissingServiceProviderElement" xml:space="preserve">
-    <value>Configuration element &lt;saml2&gt; does not contain a &lt;serviceProvider&gt; element</value>
-  </data>
-  <data name="ConfigMissingServiceProviderIdAttribute" xml:space="preserve">
-    <value>Configuration for &lt;serviceProvider&gt; does not contain an "id" attribute</value>
-  </data>
-  <data name="ConfigMissingSigningCertificateElement" xml:space="preserve">
-    <value>Configuration for &lt;serviceProvider&gt; does not contain a &lt;signingCertificate&gt; element</value>
-  </data>
-  <data name="ConfigServiceProviderMissingSignOnEndpoint" xml:space="preserve">
-    <value>Configuration for &lt;serviceProvider&gt; does not contain a SignOn endpoint</value>
-  </data>
-  <data name="ConfigSigningCertificateMissingPrivateKey" xml:space="preserve">
-    <value>Specified &lt;signingCertificate&gt; does not have a private key</value>
-  </data>
-  <data name="EndpointBindingInvalid" xml:space="preserve">
-    <value>The endpoint binding must be one of POST, Redirect, or Artifact</value>
-  </data>
-  <data name="ExpectedInResponseToEmpty" xml:space="preserve">
-    <value>Empty protocol message id is not allowed</value>
-  </data>
-  <data name="ExpectedInResponseToMissing" xml:space="preserve">
-    <value>Session ExpectedInResponseTo missing</value>
-  </data>
-  <data name="GenericError" xml:space="preserve">
-    <value>An error occurred</value>
-  </data>
-  <data name="MetadataLocationNotFound" xml:space="preserve">
-    <value>The specified metadata directory "{0}" could not be located</value>
-  </data>
-  <data name="MetadataSignQueryParameterInvalid" xml:space="preserve">
-    <value>The "sign"query string parameter could not be parsed</value>
-  </data>
-  <data name="ReplayAttack" xml:space="preserve">
-    <value>Possible replay attack detected, unexpected value {0} for InResponseTo, expected {1}</value>
-  </data>
-  <data name="RequestSignatureInvalid" xml:space="preserve">
-    <value>Request signature is invalid</value>
-  </data>
-  <data name="RequestSignatureMissing" xml:space="preserve">
-    <value>Request is not signed</value>
-  </data>
-  <data name="ResponseMissingInResponseToAttribute" xml:space="preserve">
-    <value>Received a response message that did not contain an InResponseTo attribute</value>
-  </data>
-  <data name="ResponseSignatureInvalid" xml:space="preserve">
-    <value>Response signature is invalid</value>
-  </data>
-  <data name="ResponseSignatureMissing" xml:space="preserve">
-    <value>Response is not signed</value>
-  </data>
-  <data name="ResponseStatusIsNoPassive" xml:space="preserve">
-    <value>Response with status code NoPassive received. A user cannot be signed in with the IsPassiveFlag set when the user does not have a session with the identity provider</value>
-  </data>
-  <data name="ResponseStatusNotSuccessful" xml:space="preserve">
-    <value>Response with status code "{0}" received when "Success"was expected</value>
-  </data>
-  <data name="SOAPMessageUnsupportedSamlMessage" xml:space="preserve">
-    <value>SOAP message did not contain a supported SamlMessage element</value>
-  </data>
-  <data name="UnauthenticatedAccess" xml:space="preserve">
-    <value>User accessing resource "{0}" without authentication</value>
-  </data>
-  <data name="UnknownEncoding" xml:space="preserve">
-    <value>Encoding "{0}" is not supported</value>
-  </data>
-  <data name="UnknownIdentityProvider" xml:space="preserve">
-    <value>Unknown identity provider "{0}"</value>
-  </data>
-  <data name="UnsupportedRequestType" xml:space="preserve">
-    <value>RequestType "{0}" is not supported.</value>
-  </data>
+<?xml version="1.0" encoding="utf-8"?>
+<root>
+  <!-- 
+    Microsoft ResX Schema 
+    
+    Version 2.0
+    
+    The primary goals of this format is to allow a simple XML format 
+    that is mostly human readable. The generation and parsing of the 
+    various data types are done through the TypeConverter classes 
+    associated with the data types.
+    
+    Example:
+    
+    ... ado.net/XML headers & schema ...
+    <resheader name="resmimetype">text/microsoft-resx</resheader>
+    <resheader name="version">2.0</resheader>
+    <resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
+    <resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
+    <data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
+    <data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
+    <data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
+        <value>[base64 mime encoded serialized .NET Framework object]</value>
+    </data>
+    <data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+        <value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
+        <comment>This is a comment</comment>
+    </data>
+                
+    There are any number of "resheader" rows that contain simple 
+    name/value pairs.
+    
+    Each data row contains a name, and value. The row also contains a 
+    type or mimetype. Type corresponds to a .NET class that support 
+    text/value conversion through the TypeConverter architecture. 
+    Classes that don't support this are serialized and stored with the 
+    mimetype set.
+    
+    The mimetype is used for serialized objects, and tells the 
+    ResXResourceReader how to depersist the object. This is currently not 
+    extensible. For a given mimetype the value must be set accordingly:
+    
+    Note - application/x-microsoft.net.object.binary.base64 is the format 
+    that the ResXResourceWriter will generate, however the reader can 
+    read any of the formats listed below.
+    
+    mimetype: application/x-microsoft.net.object.binary.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
+            : and then encoded with base64 encoding.
+    
+    mimetype: application/x-microsoft.net.object.soap.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Soap.SoapFormatter
+            : and then encoded with base64 encoding.
+
+    mimetype: application/x-microsoft.net.object.bytearray.base64
+    value   : The object must be serialized into a byte array 
+            : using a System.ComponentModel.TypeConverter
+            : and then encoded with base64 encoding.
+    -->
+  <xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
+    <xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
+    <xsd:element name="root" msdata:IsDataSet="true">
+      <xsd:complexType>
+        <xsd:choice maxOccurs="unbounded">
+          <xsd:element name="metadata">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" />
+              </xsd:sequence>
+              <xsd:attribute name="name" use="required" type="xsd:string" />
+              <xsd:attribute name="type" type="xsd:string" />
+              <xsd:attribute name="mimetype" type="xsd:string" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="assembly">
+            <xsd:complexType>
+              <xsd:attribute name="alias" type="xsd:string" />
+              <xsd:attribute name="name" type="xsd:string" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="data">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+                <xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
+              <xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
+              <xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="resheader">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" />
+            </xsd:complexType>
+          </xsd:element>
+        </xsd:choice>
+      </xsd:complexType>
+    </xsd:element>
+  </xsd:schema>
+  <resheader name="resmimetype">
+    <value>text/microsoft-resx</value>
+  </resheader>
+  <resheader name="version">
+    <value>2.0</value>
+  </resheader>
+  <resheader name="reader">
+    <value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <resheader name="writer">
+    <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <data name="ArtifactResolveIdentityProviderUnknown" xml:space="preserve">
+    <value>Artifact is not from a known identity provider</value>
+  </data>
+  <data name="ArtifactResolveSignatureInvalid" xml:space="preserve">
+    <value>Could not verify SAML SOAP binding message signature</value>
+  </data>
+  <data name="ArtifactResponseMissingAssertion" xml:space="preserve">
+    <value>ArtifactResponse did not contain an assertion</value>
+  </data>
+  <data name="ArtifactResponseMissingResponse" xml:space="preserve">
+    <value>Unsupported payload message in ArtifactResponse</value>
+  </data>
+  <data name="ArtifactResponseSignatureInvalid" xml:space="preserve">
+    <value>Could not verify artifact response message signature</value>
+  </data>
+  <data name="ArtifactResponseStatusCodeInvalid" xml:space="preserve">
+    <value>ArtifactResponse status code was invalid, expected {0}</value>
+  </data>
+  <data name="AssertionExpired" xml:space="preserve">
+    <value>Assertion expiration has been exceeded</value>
+  </data>
+  <data name="AssertionIdentityProviderUnknown" xml:space="preserve">
+    <value>Could not process assertion with an unknown identity provider</value>
+  </data>
+  <data name="AssertionNotFound" xml:space="preserve">
+    <value>Assertion not found</value>
+  </data>
+  <data name="AssertionOneTimeUseExceeded" xml:space="preserve">
+    <value>Assertion with OneTimeUse condition detected more than once</value>
+  </data>
+  <data name="AssertionSignatureInvalid" xml:space="preserve">
+    <value>Assertion signature is invalid</value>
+  </data>
+  <data name="AttrQueryNoLogin" xml:space="preserve">
+    <value>Attribute query can not be performed when user is not logged in with an identity provider</value>
+  </data>
+  <data name="AttrQueryStatusNotSuccessful" xml:space="preserve">
+    <value>AttrQuery response with status code "{0}" received when "Success" was expected</value>
+  </data>
+  <data name="CertificateIsNotRFC3280Valid" xml:space="preserve">
+    <value>Certificate with DN "{0}" and thumbprint "{1}" is not valid according to RFC3280</value>
+  </data>
+  <data name="CertificateNotFound" xml:space="preserve">
+    <value>Certificate {0} was not found</value>
+  </data>
+  <data name="CertificateNotUnique" xml:space="preserve">
+    <value>Found more than one certificate matching {0}</value>
+  </data>
+  <data name="CommonDomainCookieIdentityProviderInvalid" xml:space="preserve">
+    <value>Common Domain Cookie identity provider not found in list of known identity providers: {0}</value>
+  </data>
+  <data name="ConfigMissingIdentityProvidersElement" xml:space="preserve">
+    <value>Configuration element &lt;saml2&gt; does not contain an &lt;identityProviders&gt; element</value>
+  </data>
+  <data name="ConfigMissingMetadataLocation" xml:space="preserve">
+    <value>Configuration for &lt;identityProviders&gt; does not contain a "metadata" attribute</value>
+  </data>
+  <data name="ConfigMissingSaml2Element" xml:space="preserve">
+    <value>Configuration does not contain &lt;saml2&gt; element</value>
+  </data>
+  <data name="ConfigMissingServiceProviderElement" xml:space="preserve">
+    <value>Configuration element &lt;saml2&gt; does not contain a &lt;serviceProvider&gt; element</value>
+  </data>
+  <data name="ConfigMissingServiceProviderIdAttribute" xml:space="preserve">
+    <value>Configuration for &lt;serviceProvider&gt; does not contain an "id" attribute</value>
+  </data>
+  <data name="ConfigMissingSigningCertificateElement" xml:space="preserve">
+    <value>Configuration for &lt;serviceProvider&gt; does not contain a &lt;signingCertificate&gt; element</value>
+  </data>
+  <data name="ConfigServiceProviderMissingSignOnEndpoint" xml:space="preserve">
+    <value>Configuration for &lt;serviceProvider&gt; does not contain a SignOn endpoint</value>
+  </data>
+  <data name="ConfigSigningCertificateMissingPrivateKey" xml:space="preserve">
+    <value>Specified &lt;signingCertificate&gt; does not have a private key</value>
+  </data>
+  <data name="EndpointBindingInvalid" xml:space="preserve">
+    <value>The endpoint binding must be one of POST, Redirect, or Artifact</value>
+  </data>
+  <data name="ExpectedInResponseToEmpty" xml:space="preserve">
+    <value>Empty protocol message id is not allowed</value>
+  </data>
+  <data name="ExpectedInResponseToMissing" xml:space="preserve">
+    <value>Session ExpectedInResponseTo missing</value>
+  </data>
+  <data name="GenericError" xml:space="preserve">
+    <value>An error occurred</value>
+  </data>
+  <data name="MetadataLocationNotFound" xml:space="preserve">
+    <value>The specified metadata directory "{0}" could not be located</value>
+  </data>
+  <data name="MetadataSignQueryParameterInvalid" xml:space="preserve">
+    <value>The "sign"query string parameter could not be parsed</value>
+  </data>
+  <data name="ReplayAttack" xml:space="preserve">
+    <value>Possible replay attack detected, unexpected value {0} for InResponseTo, expected {1}</value>
+  </data>
+  <data name="RequestSignatureInvalid" xml:space="preserve">
+    <value>Request signature is invalid</value>
+  </data>
+  <data name="RequestSignatureMissing" xml:space="preserve">
+    <value>Request is not signed</value>
+  </data>
+  <data name="ResponseMissingInResponseToAttribute" xml:space="preserve">
+    <value>Received a response message that did not contain an InResponseTo attribute</value>
+  </data>
+  <data name="ResponseSignatureInvalid" xml:space="preserve">
+    <value>Response signature is invalid</value>
+  </data>
+  <data name="ResponseSignatureMissing" xml:space="preserve">
+    <value>Response is not signed</value>
+  </data>
+  <data name="ResponseStatusIsNoPassive" xml:space="preserve">
+    <value>Response with status code NoPassive received. A user cannot be signed in with the IsPassiveFlag set when the user does not have a session with the identity provider</value>
+  </data>
+  <data name="ResponseStatusNotSuccessful" xml:space="preserve">
+    <value>Response with status code "{0}" received when "Success"was expected</value>
+  </data>
+  <data name="SOAPMessageUnsupportedSamlMessage" xml:space="preserve">
+    <value>SOAP message did not contain a supported SamlMessage element</value>
+  </data>
+  <data name="UnauthenticatedAccess" xml:space="preserve">
+    <value>User accessing resource "{0}" without authentication</value>
+  </data>
+  <data name="UnknownEncoding" xml:space="preserve">
+    <value>Encoding "{0}" is not supported</value>
+  </data>
+  <data name="UnknownIdentityProvider" xml:space="preserve">
+    <value>Unknown identity provider "{0}"</value>
+  </data>
+  <data name="UnsupportedRequestType" xml:space="preserve">
+    <value>RequestType "{0}" is not supported.</value>
+  </data>
 </root>
\ No newline at end of file
diff --git a/src/SAML2.Core/Protocol/Utility.cs b/src/SAML2.Core/Protocol/Utility.cs
index f863c46..bafa353 100644
--- a/src/SAML2.Core/Protocol/Utility.cs
+++ b/src/SAML2.Core/Protocol/Utility.cs
@@ -166,14 +166,15 @@ public static XmlDocument GetDecodedSamlResponse(string samlResponse, Encoding e
             logger.DebugFormat(TraceMessages.SamlResponseDecoded, samlResponse);
 
             return doc;
-        }
-
-        /// <summary>
-        /// Gets the decrypted assertion.
-        /// </summary>
-        /// <param name="elem">The elem.</param>
-        /// <returns>The decrypted <see cref="Saml20EncryptedAssertion"/>.</returns>
-        public static Saml20EncryptedAssertion GetDecryptedAssertion(XmlElement elem, Saml2Configuration config)
+        }
+
+	    /// <summary>
+	    /// Gets the decrypted assertion.
+	    /// </summary>
+	    /// <param name="elem">The elem.</param>
+	    /// <param name="config"></param>
+	    /// <returns>The decrypted <see cref="Saml20EncryptedAssertion"/>.</returns>
+	    public static Saml20EncryptedAssertion GetDecryptedAssertion(XmlElement elem, Saml2Configuration config)
         {
             logger.Debug(TraceMessages.EncryptedAssertionDecrypting);
 
@@ -195,14 +196,15 @@ public static Status GetStatusElement(XmlElement element)
         {
             var statElem = element.GetElementsByTagName(Status.ElementName, Saml20Constants.Protocol)[0];
             return Serialization.DeserializeFromXmlString<Status>(statElem.OuterXml);
-        }
-
-        /// <summary>
-        /// Checks for replay attack.
-        /// </summary>
-        /// <param name="context">The context.</param>
-        /// <param name="element">The element.</param>
-        public static void CheckReplayAttack(XmlElement element, bool requireInResponseTo, IDictionary<string, object> session)
+        }
+
+	    /// <summary>
+	    /// Checks for replay attack.
+	    /// </summary>
+	    /// <param name="element">The element.</param>
+	    /// <param name="requireInResponseTo"></param>
+	    /// <param name="session"></param>
+	    public static void CheckReplayAttack(XmlElement element, bool requireInResponseTo, IDictionary<string, object> session)
         {
             logger.Debug(TraceMessages.ReplayAttackCheck);
 
@@ -246,14 +248,16 @@ public static void AddExpectedResponse(Saml20AuthnRequest request, IDictionary<s
             } else {
                 expectedResponses.Add(request.Id);
             }
-        }
-
-        /// <summary>
-        /// Deserializes an assertion, verifies its signature and logs in the user if the assertion is valid.
-        /// </summary>
-        /// <param name="context">The context.</param>
-        /// <param name="elem">The elem.</param>
-        public static Saml20Assertion HandleAssertion(XmlElement elem, Saml2Configuration config, Func<string, object> getFromCache, Action<string, object, DateTime> setInCache)
+        }
+
+	    /// <summary>
+	    /// Deserializes an assertion, verifies its signature and logs in the user if the assertion is valid.
+	    /// </summary>
+	    /// <param name="elem">The elem.</param>
+	    /// <param name="config"></param>
+	    /// <param name="getFromCache"></param>
+	    /// <param name="setInCache"></param>
+	    public static Saml20Assertion HandleAssertion(XmlElement elem, Saml2Configuration config, Func<string, object> getFromCache, Action<string, object, DateTime> setInCache)
         {
             logger.DebugFormat(TraceMessages.AssertionProcessing, elem.OuterXml);
 
@@ -296,24 +300,31 @@ public static Saml20Assertion HandleAssertion(XmlElement elem, Saml2Configuratio
 
             logger.DebugFormat(TraceMessages.AssertionParsed, assertion.Id);
             return assertion;
-        }
-
-        /// <summary>
-        /// Decrypts an encrypted assertion, and sends the result to the HandleAssertion method.
-        /// </summary>
-        /// <param name="context">The context.</param>
-        /// <param name="elem">The elem.</param>
-        public static Saml20Assertion HandleEncryptedAssertion(XmlElement elem, Saml2Configuration config, Func<string, object> getFromCache, Action<string, object, DateTime> setInCache)
+        }
+
+	    /// <summary>
+	    /// Decrypts an encrypted assertion, and sends the result to the HandleAssertion method.
+	    /// </summary>
+	    /// <param name="elem">The elem.</param>
+	    /// <param name="config"></param>
+	    /// <param name="getFromCache"></param>
+	    /// <param name="setInCache"></param>
+	    public static Saml20Assertion HandleEncryptedAssertion(XmlElement elem, Saml2Configuration config, Func<string, object> getFromCache, Action<string, object, DateTime> setInCache)
         {
             return HandleAssertion(GetDecryptedAssertion(elem, config).Assertion.DocumentElement, config, getFromCache, setInCache);
-        }
-
-        /// <summary>
-        /// Handles the SOAP.
-        /// </summary>
-        /// <param name="context">The context.</param>
-        /// <param name="inputStream">The input stream.</param>
-        public static void HandleSoap(HttpArtifactBindingBuilder builder, Stream inputStream, Saml2Configuration config, Action<Saml20Assertion> signonCallback, Func<string, object> getFromCache, Action<string, object, DateTime> setInCache, IDictionary<string, object> session)
+        }
+
+	    /// <summary>
+	    /// Handles the SOAP.
+	    /// </summary>
+	    /// <param name="builder"></param>
+	    /// <param name="inputStream">The input stream.</param>
+	    /// <param name="config"></param>
+	    /// <param name="signonCallback"></param>
+	    /// <param name="getFromCache"></param>
+	    /// <param name="setInCache"></param>
+	    /// <param name="session"></param>
+	    public static void HandleSoap(HttpArtifactBindingBuilder builder, Stream inputStream, Saml2Configuration config, Action<Saml20Assertion> signonCallback, Func<string, object> getFromCache, Action<string, object, DateTime> setInCache, IDictionary<string, object> session)
         {
             var parser = new HttpArtifactBindingParser(inputStream);
             logger.DebugFormat(TraceMessages.SOAPMessageParse, parser.SamlMessage.OuterXml);
@@ -371,14 +382,18 @@ public static void HandleSoap(HttpArtifactBindingBuilder builder, Stream inputSt
                 logger.ErrorFormat(ErrorMessages.SOAPMessageUnsupportedSamlMessage);
                 throw new Saml20Exception(ErrorMessages.SOAPMessageUnsupportedSamlMessage);
             }
-        }
-
-
-        /// <summary>
-        /// Handle the authentication response from the IDP.
-        /// </summary>
-        /// <param name="context">The context.</param>
-        public static Saml20Assertion HandleResponse(Saml2Configuration config, string samlResponse, IDictionary<string, object> session, Func<string, object> getFromCache, Action<string, object, DateTime> setInCache)
+        }
+
+
+	    /// <summary>
+	    /// Handle the authentication response from the IDP.
+	    /// </summary>
+	    /// <param name="config"></param>
+	    /// <param name="samlResponse"></param>
+	    /// <param name="session"></param>
+	    /// <param name="getFromCache"></param>
+	    /// <param name="setInCache"></param>
+	    public static Saml20Assertion HandleResponse(Saml2Configuration config, string samlResponse, IDictionary<string, object> session, Func<string, object> getFromCache, Action<string, object, DateTime> setInCache)
         {
             var defaultEncoding = Encoding.UTF8;
             var doc = Utility.GetDecodedSamlResponse(samlResponse, defaultEncoding);
diff --git a/src/SAML2.Core/SAML2.Core.csproj b/src/SAML2.Core/SAML2.Core.csproj
index 92e6661..c1791a2 100644
--- a/src/SAML2.Core/SAML2.Core.csproj
+++ b/src/SAML2.Core/SAML2.Core.csproj
@@ -1,303 +1,303 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="4.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <PropertyGroup>
-    <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
-    <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
-    <ProductVersion>8.0.30703</ProductVersion>
-    <SchemaVersion>2.0</SchemaVersion>
-    <ProjectGuid>{75E5BAD2-A20C-43CC-B5C8-38004CEDBDFD}</ProjectGuid>
-    <OutputType>Library</OutputType>
-    <AppDesignerFolder>Properties</AppDesignerFolder>
-    <RootNamespace>SAML2</RootNamespace>
-    <AssemblyName>SAML2.Core</AssemblyName>
-    <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
-    <FileAlignment>512</FileAlignment>
-    <TargetFrameworkProfile />
-    <SolutionDir Condition="$(SolutionDir) == '' Or $(SolutionDir) == '*Undefined*'">..\</SolutionDir>
-    <RestorePackages>true</RestorePackages>
-  </PropertyGroup>
-  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
-    <DebugSymbols>true</DebugSymbols>
-    <DebugType>full</DebugType>
-    <Optimize>false</Optimize>
-    <OutputPath>bin\Debug\</OutputPath>
-    <DefineConstants>DEBUG;TRACE</DefineConstants>
-    <ErrorReport>prompt</ErrorReport>
-    <WarningLevel>4</WarningLevel>
-    <Prefer32Bit>false</Prefer32Bit>
-    <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
-  </PropertyGroup>
-  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
-    <DebugType>pdbonly</DebugType>
-    <Optimize>true</Optimize>
-    <OutputPath>bin\Release\</OutputPath>
-    <DefineConstants>TRACE</DefineConstants>
-    <ErrorReport>prompt</ErrorReport>
-    <WarningLevel>4</WarningLevel>
-    <Prefer32Bit>false</Prefer32Bit>
-  </PropertyGroup>
-  <ItemGroup>
-    <Reference Include="System" />
-    <Reference Include="System.Core" />
-    <Reference Include="System.IdentityModel" />
-    <Reference Include="System.IdentityModel.Selectors" />
-    <Reference Include="System.Runtime.Serialization" />
-    <Reference Include="System.Security" />
-    <Reference Include="System.ServiceModel" />
-    <Reference Include="System.Xml.Linq" />
-    <Reference Include="System.Xml" />
-  </ItemGroup>
-  <ItemGroup>
-    <Compile Include="Bindings\BindingUtility.cs" />
-    <Compile Include="Bindings\HttpArtifactBindingBuilder.cs" />
-    <Compile Include="Bindings\HttpArtifactBindingConstants.cs" />
-    <Compile Include="Bindings\HttpArtifactBindingParser.cs" />
-    <Compile Include="Bindings\HttpPostBindingBuilder.cs" />
-    <Compile Include="Bindings\HttpPostBindingParser.cs" />
-    <Compile Include="Bindings\HttpRedirectBindingBuilder.cs" />
-    <Compile Include="Bindings\HttpRedirectBindingConstants.cs" />
-    <Compile Include="Bindings\HttpRedirectBindingParser.cs" />
-    <Compile Include="Bindings\HttpSOAPBindingBuilder.cs" />
-    <Compile Include="Bindings\HttpSOAPBindingParser.cs" />
-    <Compile Include="Bindings\SOAPConstants.cs" />
-    <Compile Include="Config\Attribute.cs" />
-    <Compile Include="Config\AuthenticationContexts.cs" />
-    <Compile Include="Config\AuthenticationContextComparison.cs" />
-    <Compile Include="Config\AuthenticationContext.cs" />
-    <Compile Include="Config\BindingType.cs" />
-    <Compile Include="Config\CommonDomainCookie.cs" />
-    <Compile Include="Config\Contact.cs" />
-    <Compile Include="Config\ContactType.cs" />
-    <Compile Include="Config\EndpointType.cs" />
-    <Compile Include="Config\HttpAuthCredentials.cs" />
-    <Compile Include="Config\HttpAuth.cs" />
-    <Compile Include="Config\IConfigurationProvider.cs" />
-    <Compile Include="Config\IdentityProviderEndpoint.cs" />
-    <Compile Include="Config\IdentityProviderEndpoints.cs" />
-    <Compile Include="Config\IdentityProviders.cs" />
-    <Compile Include="Config\IdentityProvider.cs" />
-    <Compile Include="Config\Metadata.cs" />
-    <Compile Include="Config\NameIdFormats.cs" />
-    <Compile Include="Config\NameIdFormat.cs" />
-    <Compile Include="Config\Organization.cs" />
-    <Compile Include="Config\PersistentPseudonym.cs" />
-    <Compile Include="Config\Saml2Configuration.cs" />
-    <Compile Include="Config\ServiceProvider.cs" />
-    <Compile Include="Config\ServiceProviderEndpoints.cs" />
-    <Compile Include="Config\ServiceProviderEndpoint.cs" />
-    <Compile Include="ErrorMessages.Designer.cs">
-      <AutoGen>True</AutoGen>
-      <DesignTime>True</DesignTime>
-      <DependentUpon>ErrorMessages.resx</DependentUpon>
-    </Compile>
-    <Compile Include="Identity\IPersistentPseudonymMapper.cs" />
-    <Compile Include="Identity\ISaml20Identity.cs" />
-    <Compile Include="Identity\Saml20Identity.cs" />
-    <Compile Include="ISaml20IdpTokenAccessor.cs" />
-    <Compile Include="Logging\DebugLoggerFactory.cs" />
-    <Compile Include="Logging\IInternalLogger.cs" />
-    <Compile Include="Logging\ILoggerFactory.cs" />
-    <Compile Include="Logging\LoggerProvider.cs" />
-    <Compile Include="Logging\NoLoggingInternalLogger.cs" />
-    <Compile Include="Logging\NoLoggingLoggerFactory.cs" />
-    <Compile Include="Properties\AssemblyInfo.cs" />
-    <Compile Include="Protocol\CommonDomainCookie.cs" />
-    <Compile Include="Protocol\Logout.cs" />
-    <Compile Include="Protocol\Utility.cs" />
-    <Compile Include="Resources.Designer.cs">
-      <AutoGen>True</AutoGen>
-      <DesignTime>True</DesignTime>
-      <DependentUpon>Resources.resx</DependentUpon>
-    </Compile>
-    <Compile Include="Saml20ArtifactResolve.cs" />
-    <Compile Include="Saml20ArtifactResponse.cs" />
-    <Compile Include="Saml20Assertion.cs" />
-    <Compile Include="Saml20AttributeQuery.cs" />
-    <Compile Include="Saml20AuthnRequest.cs" />
-    <Compile Include="Saml20Constants.cs" />
-    <Compile Include="Saml20EncryptedAssertion.cs" />
-    <Compile Include="Saml20Exception.cs" />
-    <Compile Include="Saml20FormatException.cs" />
-    <Compile Include="Saml20LogoutRequest.cs" />
-    <Compile Include="Saml20LogoutResponse.cs" />
-    <Compile Include="Saml20MetadataDocument.cs" />
-    <Compile Include="Saml20NameFormat.cs" />
-    <Compile Include="SamlActionType.cs" />
-    <Compile Include="Schema\Core\Action.cs" />
-    <Compile Include="Schema\Core\Advice.cs" />
-    <Compile Include="Schema\Core\AdviceType.cs" />
-    <Compile Include="Schema\Core\Assertion.cs" />
-    <Compile Include="Schema\Core\AttributeStatement.cs" />
-    <Compile Include="Schema\Core\AudienceRestriction.cs" />
-    <Compile Include="Schema\Core\AuthnContext.cs" />
-    <Compile Include="Schema\Core\AuthnStatement.cs" />
-    <Compile Include="Schema\Core\AuthzDecisionStatement.cs" />
-    <Compile Include="Schema\Core\BaseIdAbstract.cs" />
-    <Compile Include="Schema\Core\ConditionAbstract.cs" />
-    <Compile Include="Schema\Core\Conditions.cs" />
-    <Compile Include="Schema\Core\DecisionType.cs" />
-    <Compile Include="Schema\Core\AuthnContextType.cs" />
-    <Compile Include="Schema\Core\Evidence.cs" />
-    <Compile Include="Schema\Core\EvidenceType.cs" />
-    <Compile Include="Schema\Core\KeyInfoConfirmationData.cs" />
-    <Compile Include="Schema\Core\NameId.cs" />
-    <Compile Include="Schema\Core\OneTimeUse.cs" />
-    <Compile Include="Schema\Core\ProxyRestriction.cs" />
-    <Compile Include="Schema\Core\SamlAttribute.cs" />
-    <Compile Include="Schema\Core\StatementAbstract.cs" />
-    <Compile Include="Schema\Core\Subject.cs" />
-    <Compile Include="Schema\Core\SubjectConfirmation.cs" />
-    <Compile Include="Schema\Core\SubjectConfirmationData.cs" />
-    <Compile Include="Schema\Core\SubjectLocality.cs" />
-    <Compile Include="Schema\Metadata\AdditionalMetadataLocation.cs" />
-    <Compile Include="Schema\Metadata\AffiliationDescriptor.cs" />
-    <Compile Include="Schema\Metadata\AttributeAuthorityDescriptor.cs" />
-    <Compile Include="Schema\Metadata\AttributeConsumingService.cs" />
-    <Compile Include="Schema\Metadata\AuthnAuthorityDescriptor.cs" />
-    <Compile Include="Schema\Metadata\Contact.cs" />
-    <Compile Include="Schema\Metadata\ContactType.cs" />
-    <Compile Include="Schema\Metadata\Endpoint.cs" />
-    <Compile Include="Schema\Metadata\EntitiesDescriptor.cs" />
-    <Compile Include="Schema\Metadata\EntityDescriptor.cs" />
-    <Compile Include="Schema\Metadata\KeyTypes.cs" />
-    <Compile Include="Schema\Metadata\Extensions.cs" />
-    <Compile Include="Schema\Metadata\IdpSsoDescriptor.cs" />
-    <Compile Include="Schema\Metadata\IndexedEndpoint.cs" />
-    <Compile Include="Schema\Metadata\KeyDescriptor.cs" />
-    <Compile Include="Schema\Metadata\LocalizedName.cs" />
-    <Compile Include="Schema\Metadata\LocalizedURI.cs" />
-    <Compile Include="Schema\Metadata\Organization.cs" />
-    <Compile Include="Schema\Metadata\PdpDescriptor.cs" />
-    <Compile Include="Schema\Metadata\RequestedAttribute.cs" />
-    <Compile Include="Schema\Metadata\RoleDescriptor.cs" />
-    <Compile Include="Schema\Metadata\SpSsoDescriptor.cs" />
-    <Compile Include="Schema\Metadata\SsoDescriptor.cs" />
-    <Compile Include="Schema\Protocol\ArtifactResolve.cs" />
-    <Compile Include="Schema\Protocol\ArtifactResponse.cs" />
-    <Compile Include="Schema\Protocol\AssertionIdRequest.cs" />
-    <Compile Include="Schema\Protocol\AttributeQuery.cs" />
-    <Compile Include="Schema\Protocol\AuthnContextComparisonType.cs" />
-    <Compile Include="Schema\Protocol\AuthnQuery.cs" />
-    <Compile Include="Schema\Protocol\AuthnRequest.cs" />
-    <Compile Include="Schema\Protocol\AuthzDecisionQuery.cs" />
-    <Compile Include="Schema\Protocol\EncryptedAssertion.cs" />
-    <Compile Include="Schema\Protocol\EncryptedElement.cs" />
-    <Compile Include="Schema\Protocol\AuthnContextType.cs" />
-    <Compile Include="Schema\Protocol\Extensions.cs" />
-    <Compile Include="Schema\Protocol\IdpEntry.cs" />
-    <Compile Include="Schema\Protocol\IdpList.cs" />
-    <Compile Include="Schema\Protocol\LogoutRequest.cs" />
-    <Compile Include="Schema\Protocol\LogoutResponse.cs" />
-    <Compile Include="Schema\Protocol\ManageNameIdRequest.cs" />
-    <Compile Include="Schema\Protocol\NameIdMappingRequest.cs" />
-    <Compile Include="Schema\Protocol\NameIdMappingResponse.cs" />
-    <Compile Include="Schema\Protocol\NameIdPolicy.cs" />
-    <Compile Include="Schema\Protocol\RequestAbstract.cs" />
-    <Compile Include="Schema\Protocol\RequestedAuthnContext.cs" />
-    <Compile Include="Schema\Protocol\Response.cs" />
-    <Compile Include="Schema\Protocol\Scoping.cs" />
-    <Compile Include="Schema\Protocol\Status.cs" />
-    <Compile Include="Schema\Protocol\StatusCode.cs" />
-    <Compile Include="Schema\Protocol\StatusDetail.cs" />
-    <Compile Include="Schema\Protocol\StatusResponse.cs" />
-    <Compile Include="Schema\Protocol\SubjectQueryAbstract.cs" />
-    <Compile Include="Schema\Protocol\Terminate.cs" />
-    <Compile Include="Schema\XEnc\AgreementMethod.cs" />
-    <Compile Include="Schema\XEnc\CipherData.cs" />
-    <Compile Include="Schema\XEnc\CipherReference.cs" />
-    <Compile Include="Schema\XEnc\Encrypted.cs" />
-    <Compile Include="Schema\XEnc\EncryptedData.cs" />
-    <Compile Include="Schema\XEnc\EncryptedKey.cs" />
-    <Compile Include="Schema\XEnc\EncryptionMethod.cs" />
-    <Compile Include="Schema\XEnc\EncryptionProperties.cs" />
-    <Compile Include="Schema\XEnc\EncryptionProperty.cs" />
-    <Compile Include="Schema\XEnc\ReferenceListType.cs" />
-    <Compile Include="Schema\XEnc\ReferenceList.cs" />
-    <Compile Include="Schema\XEnc\ReferenceType.cs" />
-    <Compile Include="Schema\XEnc\TransformsType.cs" />
-    <Compile Include="Schema\XmlDSig\CanonicalizationMethod.cs" />
-    <Compile Include="Schema\XmlDSig\DigestMethod.cs" />
-    <Compile Include="Schema\XmlDSig\DsaKeyValue.cs" />
-    <Compile Include="Schema\XmlDSig\KeyInfoItemType.cs" />
-    <Compile Include="Schema\XmlDSig\KeyInfo.cs" />
-    <Compile Include="Schema\XmlDSig\KeyValue.cs" />
-    <Compile Include="Schema\XmlDSig\Manifest.cs" />
-    <Compile Include="Schema\XmlDSig\ObjectType.cs" />
-    <Compile Include="Schema\XmlDSig\PgpData.cs" />
-    <Compile Include="Schema\XmlDSig\PgpItemType.cs" />
-    <Compile Include="Schema\XmlDSig\Reference.cs" />
-    <Compile Include="Schema\XmlDSig\RetrievalMethod.cs" />
-    <Compile Include="Schema\XmlDSig\RsaKeyValue.cs" />
-    <Compile Include="Schema\XmlDSig\Signature.cs" />
-    <Compile Include="Schema\XmlDSig\SignatureMethod.cs" />
-    <Compile Include="Schema\XmlDSig\SignatureProperties.cs" />
-    <Compile Include="Schema\XmlDSig\SignatureProperty.cs" />
-    <Compile Include="Schema\XmlDSig\SignatureValue.cs" />
-    <Compile Include="Schema\XmlDSig\SignedInfo.cs" />
-    <Compile Include="Schema\XmlDSig\SpkiData.cs" />
-    <Compile Include="Schema\XmlDSig\Transform.cs" />
-    <Compile Include="Schema\XmlDSig\Transforms.cs" />
-    <Compile Include="Schema\XmlDSig\X509Data.cs" />
-    <Compile Include="Schema\XmlDSig\X509IssuerSerial.cs" />
-    <Compile Include="Schema\XmlDSig\X509ItemType.cs" />
-    <Compile Include="Specification\DefaultCertificateSpecification.cs" />
-    <Compile Include="Specification\ICertificateSpecification.cs" />
-    <Compile Include="Specification\SelfIssuedCertificateSpecification.cs" />
-    <Compile Include="Specification\SpecificationFactory.cs" />
-    <Compile Include="TraceMessages.Designer.cs">
-      <AutoGen>True</AutoGen>
-      <DesignTime>True</DesignTime>
-      <DependentUpon>TraceMessages.resx</DependentUpon>
-    </Compile>
-    <Compile Include="Utils\ArtifactUtil.cs" />
-    <Compile Include="Utils\Compression.cs" />
-    <Compile Include="Utils\IdpSelectionUtil.cs" />
-    <Compile Include="Utils\MetadataUtils.cs" />
-    <Compile Include="Utils\Saml20Utils.cs" />
-    <Compile Include="Utils\Serialization.cs" />
-    <Compile Include="Utils\TimeRestrictionValidation.cs" />
-    <Compile Include="Utils\XmlSignatureUtils.cs" />
-    <Compile Include="Validation\ISaml20AssertionValidator.cs" />
-    <Compile Include="Validation\ISaml20AttributeValidator.cs" />
-    <Compile Include="Validation\ISaml20NameIdValidator.cs" />
-    <Compile Include="Validation\ISaml20StatementValidator.cs" />
-    <Compile Include="Validation\ISaml20SubjectConfirmationDataValidator.cs" />
-    <Compile Include="Validation\ISaml20SubjectConfirmationValidator.cs" />
-    <Compile Include="Validation\ISaml20SubjectValidator.cs" />
-    <Compile Include="Validation\Saml20AssertionValidator.cs" />
-    <Compile Include="Validation\Saml20AttributeValidator.cs" />
-    <Compile Include="Validation\Saml20EncryptedElementValidator.cs" />
-    <Compile Include="Validation\Saml20KeyInfoValidator.cs" />
-    <Compile Include="Validation\Saml20NameIdValidator.cs" />
-    <Compile Include="Validation\Saml20StatementValidator.cs" />
-    <Compile Include="Validation\Saml20SubjectConfirmationDataValidator.cs" />
-    <Compile Include="Validation\Saml20SubjectConfirmationValidator.cs" />
-    <Compile Include="Validation\Saml20SubjectValidator.cs" />
-    <Compile Include="Validation\Saml20XmlAnyAttributeValidator.cs" />
-  </ItemGroup>
-  <ItemGroup>
-    <EmbeddedResource Include="ErrorMessages.resx">
-      <Generator>PublicResXFileCodeGenerator</Generator>
-      <LastGenOutput>ErrorMessages.Designer.cs</LastGenOutput>
-      <SubType>Designer</SubType>
-    </EmbeddedResource>
-    <EmbeddedResource Include="Resources.resx">
-      <Generator>PublicResXFileCodeGenerator</Generator>
-      <LastGenOutput>Resources.Designer.cs</LastGenOutput>
-    </EmbeddedResource>
-    <EmbeddedResource Include="TraceMessages.resx">
-      <Generator>PublicResXFileCodeGenerator</Generator>
-      <LastGenOutput>TraceMessages.Designer.cs</LastGenOutput>
-    </EmbeddedResource>
-  </ItemGroup>
-  <ItemGroup />
-  <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup>
+    <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
+    <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
+    <ProductVersion>8.0.30703</ProductVersion>
+    <SchemaVersion>2.0</SchemaVersion>
+    <ProjectGuid>{75E5BAD2-A20C-43CC-B5C8-38004CEDBDFD}</ProjectGuid>
+    <OutputType>Library</OutputType>
+    <AppDesignerFolder>Properties</AppDesignerFolder>
+    <RootNamespace>SAML2</RootNamespace>
+    <AssemblyName>SAML2.Core</AssemblyName>
+    <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
+    <FileAlignment>512</FileAlignment>
+    <TargetFrameworkProfile />
+    <SolutionDir Condition="$(SolutionDir) == '' Or $(SolutionDir) == '*Undefined*'">..\</SolutionDir>
+    <RestorePackages>true</RestorePackages>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
+    <DebugSymbols>true</DebugSymbols>
+    <DebugType>full</DebugType>
+    <Optimize>false</Optimize>
+    <OutputPath>bin\Debug\</OutputPath>
+    <DefineConstants>DEBUG;TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+    <Prefer32Bit>false</Prefer32Bit>
+    <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
+    <DebugType>pdbonly</DebugType>
+    <Optimize>true</Optimize>
+    <OutputPath>bin\Release\</OutputPath>
+    <DefineConstants>TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+    <Prefer32Bit>false</Prefer32Bit>
+  </PropertyGroup>
+  <ItemGroup>
+    <Reference Include="System" />
+    <Reference Include="System.Core" />
+    <Reference Include="System.IdentityModel" />
+    <Reference Include="System.IdentityModel.Selectors" />
+    <Reference Include="System.Runtime.Serialization" />
+    <Reference Include="System.Security" />
+    <Reference Include="System.ServiceModel" />
+    <Reference Include="System.Xml.Linq" />
+    <Reference Include="System.Xml" />
+  </ItemGroup>
+  <ItemGroup>
+    <Compile Include="Bindings\BindingUtility.cs" />
+    <Compile Include="Bindings\HttpArtifactBindingBuilder.cs" />
+    <Compile Include="Bindings\HttpArtifactBindingConstants.cs" />
+    <Compile Include="Bindings\HttpArtifactBindingParser.cs" />
+    <Compile Include="Bindings\HttpPostBindingBuilder.cs" />
+    <Compile Include="Bindings\HttpPostBindingParser.cs" />
+    <Compile Include="Bindings\HttpRedirectBindingBuilder.cs" />
+    <Compile Include="Bindings\HttpRedirectBindingConstants.cs" />
+    <Compile Include="Bindings\HttpRedirectBindingParser.cs" />
+    <Compile Include="Bindings\HttpSOAPBindingBuilder.cs" />
+    <Compile Include="Bindings\HttpSOAPBindingParser.cs" />
+    <Compile Include="Bindings\SOAPConstants.cs" />
+    <Compile Include="Config\Attribute.cs" />
+    <Compile Include="Config\AuthenticationContexts.cs" />
+    <Compile Include="Config\AuthenticationContextComparison.cs" />
+    <Compile Include="Config\AuthenticationContext.cs" />
+    <Compile Include="Config\BindingType.cs" />
+    <Compile Include="Config\CommonDomainCookie.cs" />
+    <Compile Include="Config\Contact.cs" />
+    <Compile Include="Config\ContactType.cs" />
+    <Compile Include="Config\EndpointType.cs" />
+    <Compile Include="Config\HttpAuthCredentials.cs" />
+    <Compile Include="Config\HttpAuth.cs" />
+    <Compile Include="Config\IConfigurationProvider.cs" />
+    <Compile Include="Config\IdentityProviderEndpoint.cs" />
+    <Compile Include="Config\IdentityProviderEndpoints.cs" />
+    <Compile Include="Config\IdentityProviders.cs" />
+    <Compile Include="Config\IdentityProvider.cs" />
+    <Compile Include="Config\Metadata.cs" />
+    <Compile Include="Config\NameIdFormats.cs" />
+    <Compile Include="Config\NameIdFormat.cs" />
+    <Compile Include="Config\Organization.cs" />
+    <Compile Include="Config\PersistentPseudonym.cs" />
+    <Compile Include="Config\Saml2Configuration.cs" />
+    <Compile Include="Config\ServiceProvider.cs" />
+    <Compile Include="Config\ServiceProviderEndpoints.cs" />
+    <Compile Include="Config\ServiceProviderEndpoint.cs" />
+    <Compile Include="ErrorMessages.Designer.cs">
+      <AutoGen>True</AutoGen>
+      <DesignTime>True</DesignTime>
+      <DependentUpon>ErrorMessages.resx</DependentUpon>
+    </Compile>
+    <Compile Include="Identity\IPersistentPseudonymMapper.cs" />
+    <Compile Include="Identity\ISaml20Identity.cs" />
+    <Compile Include="Identity\Saml20Identity.cs" />
+    <Compile Include="ISaml20IdpTokenAccessor.cs" />
+    <Compile Include="Logging\DebugLoggerFactory.cs" />
+    <Compile Include="Logging\IInternalLogger.cs" />
+    <Compile Include="Logging\ILoggerFactory.cs" />
+    <Compile Include="Logging\LoggerProvider.cs" />
+    <Compile Include="Logging\NoLoggingInternalLogger.cs" />
+    <Compile Include="Logging\NoLoggingLoggerFactory.cs" />
+    <Compile Include="Properties\AssemblyInfo.cs" />
+    <Compile Include="Protocol\CommonDomainCookie.cs" />
+    <Compile Include="Protocol\Logout.cs" />
+    <Compile Include="Protocol\Utility.cs" />
+    <Compile Include="Resources.Designer.cs">
+      <AutoGen>True</AutoGen>
+      <DesignTime>True</DesignTime>
+      <DependentUpon>Resources.resx</DependentUpon>
+    </Compile>
+    <Compile Include="Saml20ArtifactResolve.cs" />
+    <Compile Include="Saml20ArtifactResponse.cs" />
+    <Compile Include="Saml20Assertion.cs" />
+    <Compile Include="Saml20AttributeQuery.cs" />
+    <Compile Include="Saml20AuthnRequest.cs" />
+    <Compile Include="Saml20Constants.cs" />
+    <Compile Include="Saml20EncryptedAssertion.cs" />
+    <Compile Include="Saml20Exception.cs" />
+    <Compile Include="Saml20FormatException.cs" />
+    <Compile Include="Saml20LogoutRequest.cs" />
+    <Compile Include="Saml20LogoutResponse.cs" />
+    <Compile Include="Saml20MetadataDocument.cs" />
+    <Compile Include="Saml20NameFormat.cs" />
+    <Compile Include="SamlActionType.cs" />
+    <Compile Include="Schema\Core\Action.cs" />
+    <Compile Include="Schema\Core\Advice.cs" />
+    <Compile Include="Schema\Core\AdviceType.cs" />
+    <Compile Include="Schema\Core\Assertion.cs" />
+    <Compile Include="Schema\Core\AttributeStatement.cs" />
+    <Compile Include="Schema\Core\AudienceRestriction.cs" />
+    <Compile Include="Schema\Core\AuthnContext.cs" />
+    <Compile Include="Schema\Core\AuthnStatement.cs" />
+    <Compile Include="Schema\Core\AuthzDecisionStatement.cs" />
+    <Compile Include="Schema\Core\BaseIdAbstract.cs" />
+    <Compile Include="Schema\Core\ConditionAbstract.cs" />
+    <Compile Include="Schema\Core\Conditions.cs" />
+    <Compile Include="Schema\Core\DecisionType.cs" />
+    <Compile Include="Schema\Core\AuthnContextType.cs" />
+    <Compile Include="Schema\Core\Evidence.cs" />
+    <Compile Include="Schema\Core\EvidenceType.cs" />
+    <Compile Include="Schema\Core\KeyInfoConfirmationData.cs" />
+    <Compile Include="Schema\Core\NameId.cs" />
+    <Compile Include="Schema\Core\OneTimeUse.cs" />
+    <Compile Include="Schema\Core\ProxyRestriction.cs" />
+    <Compile Include="Schema\Core\SamlAttribute.cs" />
+    <Compile Include="Schema\Core\StatementAbstract.cs" />
+    <Compile Include="Schema\Core\Subject.cs" />
+    <Compile Include="Schema\Core\SubjectConfirmation.cs" />
+    <Compile Include="Schema\Core\SubjectConfirmationData.cs" />
+    <Compile Include="Schema\Core\SubjectLocality.cs" />
+    <Compile Include="Schema\Metadata\AdditionalMetadataLocation.cs" />
+    <Compile Include="Schema\Metadata\AffiliationDescriptor.cs" />
+    <Compile Include="Schema\Metadata\AttributeAuthorityDescriptor.cs" />
+    <Compile Include="Schema\Metadata\AttributeConsumingService.cs" />
+    <Compile Include="Schema\Metadata\AuthnAuthorityDescriptor.cs" />
+    <Compile Include="Schema\Metadata\Contact.cs" />
+    <Compile Include="Schema\Metadata\ContactType.cs" />
+    <Compile Include="Schema\Metadata\Endpoint.cs" />
+    <Compile Include="Schema\Metadata\EntitiesDescriptor.cs" />
+    <Compile Include="Schema\Metadata\EntityDescriptor.cs" />
+    <Compile Include="Schema\Metadata\KeyTypes.cs" />
+    <Compile Include="Schema\Metadata\Extensions.cs" />
+    <Compile Include="Schema\Metadata\IdpSsoDescriptor.cs" />
+    <Compile Include="Schema\Metadata\IndexedEndpoint.cs" />
+    <Compile Include="Schema\Metadata\KeyDescriptor.cs" />
+    <Compile Include="Schema\Metadata\LocalizedName.cs" />
+    <Compile Include="Schema\Metadata\LocalizedURI.cs" />
+    <Compile Include="Schema\Metadata\Organization.cs" />
+    <Compile Include="Schema\Metadata\PdpDescriptor.cs" />
+    <Compile Include="Schema\Metadata\RequestedAttribute.cs" />
+    <Compile Include="Schema\Metadata\RoleDescriptor.cs" />
+    <Compile Include="Schema\Metadata\SpSsoDescriptor.cs" />
+    <Compile Include="Schema\Metadata\SsoDescriptor.cs" />
+    <Compile Include="Schema\Protocol\ArtifactResolve.cs" />
+    <Compile Include="Schema\Protocol\ArtifactResponse.cs" />
+    <Compile Include="Schema\Protocol\AssertionIdRequest.cs" />
+    <Compile Include="Schema\Protocol\AttributeQuery.cs" />
+    <Compile Include="Schema\Protocol\AuthnContextComparisonType.cs" />
+    <Compile Include="Schema\Protocol\AuthnQuery.cs" />
+    <Compile Include="Schema\Protocol\AuthnRequest.cs" />
+    <Compile Include="Schema\Protocol\AuthzDecisionQuery.cs" />
+    <Compile Include="Schema\Protocol\EncryptedAssertion.cs" />
+    <Compile Include="Schema\Protocol\EncryptedElement.cs" />
+    <Compile Include="Schema\Protocol\AuthnContextType.cs" />
+    <Compile Include="Schema\Protocol\Extensions.cs" />
+    <Compile Include="Schema\Protocol\IdpEntry.cs" />
+    <Compile Include="Schema\Protocol\IdpList.cs" />
+    <Compile Include="Schema\Protocol\LogoutRequest.cs" />
+    <Compile Include="Schema\Protocol\LogoutResponse.cs" />
+    <Compile Include="Schema\Protocol\ManageNameIdRequest.cs" />
+    <Compile Include="Schema\Protocol\NameIdMappingRequest.cs" />
+    <Compile Include="Schema\Protocol\NameIdMappingResponse.cs" />
+    <Compile Include="Schema\Protocol\NameIdPolicy.cs" />
+    <Compile Include="Schema\Protocol\RequestAbstract.cs" />
+    <Compile Include="Schema\Protocol\RequestedAuthnContext.cs" />
+    <Compile Include="Schema\Protocol\Response.cs" />
+    <Compile Include="Schema\Protocol\Scoping.cs" />
+    <Compile Include="Schema\Protocol\Status.cs" />
+    <Compile Include="Schema\Protocol\StatusCode.cs" />
+    <Compile Include="Schema\Protocol\StatusDetail.cs" />
+    <Compile Include="Schema\Protocol\StatusResponse.cs" />
+    <Compile Include="Schema\Protocol\SubjectQueryAbstract.cs" />
+    <Compile Include="Schema\Protocol\Terminate.cs" />
+    <Compile Include="Schema\XEnc\AgreementMethod.cs" />
+    <Compile Include="Schema\XEnc\CipherData.cs" />
+    <Compile Include="Schema\XEnc\CipherReference.cs" />
+    <Compile Include="Schema\XEnc\Encrypted.cs" />
+    <Compile Include="Schema\XEnc\EncryptedData.cs" />
+    <Compile Include="Schema\XEnc\EncryptedKey.cs" />
+    <Compile Include="Schema\XEnc\EncryptionMethod.cs" />
+    <Compile Include="Schema\XEnc\EncryptionProperties.cs" />
+    <Compile Include="Schema\XEnc\EncryptionProperty.cs" />
+    <Compile Include="Schema\XEnc\ReferenceListType.cs" />
+    <Compile Include="Schema\XEnc\ReferenceList.cs" />
+    <Compile Include="Schema\XEnc\ReferenceType.cs" />
+    <Compile Include="Schema\XEnc\TransformsType.cs" />
+    <Compile Include="Schema\XmlDSig\CanonicalizationMethod.cs" />
+    <Compile Include="Schema\XmlDSig\DigestMethod.cs" />
+    <Compile Include="Schema\XmlDSig\DsaKeyValue.cs" />
+    <Compile Include="Schema\XmlDSig\KeyInfoItemType.cs" />
+    <Compile Include="Schema\XmlDSig\KeyInfo.cs" />
+    <Compile Include="Schema\XmlDSig\KeyValue.cs" />
+    <Compile Include="Schema\XmlDSig\Manifest.cs" />
+    <Compile Include="Schema\XmlDSig\ObjectType.cs" />
+    <Compile Include="Schema\XmlDSig\PgpData.cs" />
+    <Compile Include="Schema\XmlDSig\PgpItemType.cs" />
+    <Compile Include="Schema\XmlDSig\Reference.cs" />
+    <Compile Include="Schema\XmlDSig\RetrievalMethod.cs" />
+    <Compile Include="Schema\XmlDSig\RsaKeyValue.cs" />
+    <Compile Include="Schema\XmlDSig\Signature.cs" />
+    <Compile Include="Schema\XmlDSig\SignatureMethod.cs" />
+    <Compile Include="Schema\XmlDSig\SignatureProperties.cs" />
+    <Compile Include="Schema\XmlDSig\SignatureProperty.cs" />
+    <Compile Include="Schema\XmlDSig\SignatureValue.cs" />
+    <Compile Include="Schema\XmlDSig\SignedInfo.cs" />
+    <Compile Include="Schema\XmlDSig\SpkiData.cs" />
+    <Compile Include="Schema\XmlDSig\Transform.cs" />
+    <Compile Include="Schema\XmlDSig\Transforms.cs" />
+    <Compile Include="Schema\XmlDSig\X509Data.cs" />
+    <Compile Include="Schema\XmlDSig\X509IssuerSerial.cs" />
+    <Compile Include="Schema\XmlDSig\X509ItemType.cs" />
+    <Compile Include="Specification\DefaultCertificateSpecification.cs" />
+    <Compile Include="Specification\ICertificateSpecification.cs" />
+    <Compile Include="Specification\SelfIssuedCertificateSpecification.cs" />
+    <Compile Include="Specification\SpecificationFactory.cs" />
+    <Compile Include="TraceMessages.Designer.cs">
+      <AutoGen>True</AutoGen>
+      <DesignTime>True</DesignTime>
+      <DependentUpon>TraceMessages.resx</DependentUpon>
+    </Compile>
+    <Compile Include="Utils\ArtifactUtil.cs" />
+    <Compile Include="Utils\Compression.cs" />
+    <Compile Include="Utils\IdpSelectionUtil.cs" />
+    <Compile Include="Utils\MetadataUtils.cs" />
+    <Compile Include="Utils\Saml20Utils.cs" />
+    <Compile Include="Utils\Serialization.cs" />
+    <Compile Include="Utils\TimeRestrictionValidation.cs" />
+    <Compile Include="Utils\XmlSignatureUtils.cs" />
+    <Compile Include="Validation\ISaml20AssertionValidator.cs" />
+    <Compile Include="Validation\ISaml20AttributeValidator.cs" />
+    <Compile Include="Validation\ISaml20NameIdValidator.cs" />
+    <Compile Include="Validation\ISaml20StatementValidator.cs" />
+    <Compile Include="Validation\ISaml20SubjectConfirmationDataValidator.cs" />
+    <Compile Include="Validation\ISaml20SubjectConfirmationValidator.cs" />
+    <Compile Include="Validation\ISaml20SubjectValidator.cs" />
+    <Compile Include="Validation\Saml20AssertionValidator.cs" />
+    <Compile Include="Validation\Saml20AttributeValidator.cs" />
+    <Compile Include="Validation\Saml20EncryptedElementValidator.cs" />
+    <Compile Include="Validation\Saml20KeyInfoValidator.cs" />
+    <Compile Include="Validation\Saml20NameIdValidator.cs" />
+    <Compile Include="Validation\Saml20StatementValidator.cs" />
+    <Compile Include="Validation\Saml20SubjectConfirmationDataValidator.cs" />
+    <Compile Include="Validation\Saml20SubjectConfirmationValidator.cs" />
+    <Compile Include="Validation\Saml20SubjectValidator.cs" />
+    <Compile Include="Validation\Saml20XmlAnyAttributeValidator.cs" />
+  </ItemGroup>
+  <ItemGroup>
+    <EmbeddedResource Include="ErrorMessages.resx">
+      <Generator>PublicResXFileCodeGenerator</Generator>
+      <LastGenOutput>ErrorMessages.Designer.cs</LastGenOutput>
+      <SubType>Designer</SubType>
+    </EmbeddedResource>
+    <EmbeddedResource Include="Resources.resx">
+      <Generator>PublicResXFileCodeGenerator</Generator>
+      <LastGenOutput>Resources.Designer.cs</LastGenOutput>
+    </EmbeddedResource>
+    <EmbeddedResource Include="TraceMessages.resx">
+      <Generator>PublicResXFileCodeGenerator</Generator>
+      <LastGenOutput>TraceMessages.Designer.cs</LastGenOutput>
+    </EmbeddedResource>
+  </ItemGroup>
+  <ItemGroup />
+  <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
   <!-- To modify your build process, add your task inside one of the targets below and uncomment it. 
        Other similar extension points exist, see Microsoft.Common.targets.
   <Target Name="BeforeBuild">
   </Target>
   <Target Name="AfterBuild">
   </Target>
-  -->
-  <Import Project="$(SolutionDir)\.nuget\NuGet.targets" Condition="Exists('$(SolutionDir)\.nuget\NuGet.targets')" />
+  -->
+  <Import Project="$(SolutionDir)\.nuget\NuGet.targets" Condition="Exists('$(SolutionDir)\.nuget\NuGet.targets')" />
 </Project>
\ No newline at end of file
diff --git a/src/SAML2.Core/Saml20MetadataDocument.cs b/src/SAML2.Core/Saml20MetadataDocument.cs
index 7b7d9c4..1cf3dc4 100644
--- a/src/SAML2.Core/Saml20MetadataDocument.cs
+++ b/src/SAML2.Core/Saml20MetadataDocument.cs
@@ -160,8 +160,8 @@ private void InitializeDocument(XmlDocument doc)
                 }
 
                 // TODO Decide how to handle several entities in one metadata file.
-                if (child.LocalName == EntitiesDescriptor.ElementName) {
-                    throw new NotImplementedException();
+                if (child.LocalName == EntitiesDescriptor.ElementName) {
+					throw new NotImplementedException( "Decide how to handle several entities in one metadata file" );
                 }
             }
 
@@ -192,14 +192,16 @@ private static XmlDocument LoadFileAsXmlDocument(string filename, IEnumerable<En
                     var reader = new StreamReader(filename, e);
                     d.Load(reader);
             });
-        }
-
-        /// <summary>
-        /// Loads a file into an XmlDocument. If the loading or the signature check fails, the method will retry using another encoding.
-        /// </summary>
-        /// <param name="filename">The filename.</param>
-        /// <returns>The XML document.</returns>
-        private static XmlDocument LoadAsXmlDocument(IEnumerable<Encoding> encodings, Action<XmlDocument> docLoad, Action<XmlDocument, Encoding> quirksModeDocLoad)
+        }
+
+	    /// <summary>
+	    /// Loads a file into an XmlDocument. If the loading or the signature check fails, the method will retry using another encoding.
+	    /// </summary>
+	    /// <param name="encodings"></param>
+	    /// <param name="docLoad"></param>
+	    /// <param name="quirksModeDocLoad"></param>
+	    /// <returns>The XML document.</returns>
+	    private static XmlDocument LoadAsXmlDocument(IEnumerable<Encoding> encodings, Action<XmlDocument> docLoad, Action<XmlDocument, Encoding> quirksModeDocLoad)
         {
             var doc = new XmlDocument { PreserveWhitespace = true };
 
@@ -515,13 +517,14 @@ private static EntityDescriptor GetDefaultEntityInstance()
             };
 
             return result;
-        }
-
-        /// <summary>
-        /// Signs the document.
-        /// </summary>
-        /// <param name="doc">The doc.</param>
-        private static void SignDocument(XmlDocument doc, X509Certificate2 certificate)
+        }
+
+	    /// <summary>
+	    /// Signs the document.
+	    /// </summary>
+	    /// <param name="doc">The doc.</param>
+	    /// <param name="certificate"></param>
+	    private static void SignDocument(XmlDocument doc, X509Certificate2 certificate)
         {
             if (!certificate.HasPrivateKey)
             {
@@ -560,8 +563,10 @@ private static void SignDocument(XmlDocument doc, X509Certificate2 certificate)
         private void ConvertToMetadata(Saml2Configuration config, KeyInfo keyInfo)
         {
             var entity = CreateDefaultEntity();
-            entity.EntityID = config.ServiceProvider.Id;
-            entity.ValidUntil = DateTime.Now.AddDays(7);
+            entity.EntityID = config.ServiceProvider.Id;
+			
+			if( config.Metadata.ValidForDays.HasValue ) 
+				entity.ValidUntil = DateTime.Now.AddDays(config.Metadata.ValidForDays.Value);
 
             var serviceProviderDescriptor = new SpSsoDescriptor
                                    {
diff --git a/src/SAML2.Core/TraceMessages.Designer.cs b/src/SAML2.Core/TraceMessages.Designer.cs
new file mode 100644
index 0000000..5af14ff
--- /dev/null
+++ b/src/SAML2.Core/TraceMessages.Designer.cs
@@ -0,0 +1,531 @@
+//------------------------------------------------------------------------------
+// <auto-generated>
+//     This code was generated by a tool.
+//     Runtime Version:4.0.30319.34209
+//
+//     Changes to this file may cause incorrect behavior and will be lost if
+//     the code is regenerated.
+// </auto-generated>
+//------------------------------------------------------------------------------
+
+namespace SAML2 {
+    using System;
+    
+    
+    /// <summary>
+    ///   A strongly-typed resource class, for looking up localized strings, etc.
+    /// </summary>
+    // This class was auto-generated by the StronglyTypedResourceBuilder
+    // class via a tool like ResGen or Visual Studio.
+    // To add or remove a member, edit your .ResX file then rerun ResGen
+    // with the /str option, or rebuild your VS project.
+    [global::System.CodeDom.Compiler.GeneratedCodeAttribute("System.Resources.Tools.StronglyTypedResourceBuilder", "4.0.0.0")]
+    [global::System.Diagnostics.DebuggerNonUserCodeAttribute()]
+    [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()]
+    public class TraceMessages {
+        
+        private static global::System.Resources.ResourceManager resourceMan;
+        
+        private static global::System.Globalization.CultureInfo resourceCulture;
+        
+        [global::System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Microsoft.Performance", "CA1811:AvoidUncalledPrivateCode")]
+        internal TraceMessages() {
+        }
+        
+        /// <summary>
+        ///   Returns the cached ResourceManager instance used by this class.
+        /// </summary>
+        [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
+        public static global::System.Resources.ResourceManager ResourceManager {
+            get {
+                if (object.ReferenceEquals(resourceMan, null)) {
+                    global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager("SAML2.TraceMessages", typeof(TraceMessages).Assembly);
+                    resourceMan = temp;
+                }
+                return resourceMan;
+            }
+        }
+        
+        /// <summary>
+        ///   Overrides the current thread's CurrentUICulture property for all
+        ///   resource lookups using this strongly typed resource class.
+        /// </summary>
+        [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
+        public static global::System.Globalization.CultureInfo Culture {
+            get {
+                return resourceCulture;
+            }
+            set {
+                resourceCulture = value;
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Artifact created: {0}.
+        /// </summary>
+        public static string ArtifactCreated {
+            get {
+                return ResourceManager.GetString("ArtifactCreated", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Artifact redirect received: {0}.
+        /// </summary>
+        public static string ArtifactRedirectReceived {
+            get {
+                return ResourceManager.GetString("ArtifactRedirectReceived", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Artifact resolved: {0}.
+        /// </summary>
+        public static string ArtifactResolved {
+            get {
+                return ResourceManager.GetString("ArtifactResolved", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Resolving artifact &quot;{0}&quot; from identity provider &quot;{1}&quot; endpoint &quot;{2}&quot;.
+        /// </summary>
+        public static string ArtifactResolveForKnownIdentityProvider {
+            get {
+                return ResourceManager.GetString("ArtifactResolveForKnownIdentityProvider", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Artifact resolve received: {0}.
+        /// </summary>
+        public static string ArtifactResolveReceived {
+            get {
+                return ResourceManager.GetString("ArtifactResolveReceived", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Sending response to artifact resolve request &quot;{0}&quot;: {1}.
+        /// </summary>
+        public static string ArtifactResolveResponseSent {
+            get {
+                return ResourceManager.GetString("ArtifactResolveResponseSent", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Artifact response received: {0}.
+        /// </summary>
+        public static string ArtifactResponseReceived {
+            get {
+                return ResourceManager.GetString("ArtifactResponseReceived", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Assertion found: {0}.
+        /// </summary>
+        public static string AssertionFound {
+            get {
+                return ResourceManager.GetString("AssertionFound", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Assertion being parsed.
+        /// </summary>
+        public static string AssertionParse {
+            get {
+                return ResourceManager.GetString("AssertionParse", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Successfully parsed Assertion: {0}.
+        /// </summary>
+        public static string AssertionParsed {
+            get {
+                return ResourceManager.GetString("AssertionParsed", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Assertion prehandler called.
+        /// </summary>
+        public static string AssertionPrehandlerCalled {
+            get {
+                return ResourceManager.GetString("AssertionPrehandlerCalled", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Processing assertion: {0}.
+        /// </summary>
+        public static string AssertionProcessing {
+            get {
+                return ResourceManager.GetString("AssertionProcessing", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to AttrQuery assertion received: {0}.
+        /// </summary>
+        public static string AttrQueryAssertionReceived {
+            get {
+                return ResourceManager.GetString("AttrQueryAssertionReceived", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to AttrQuery sent to &quot;{0}&quot;: {1}.
+        /// </summary>
+        public static string AttrQuerySent {
+            get {
+                return ResourceManager.GetString("AttrQuerySent", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Audience restriction validated for intended URIs {0} against allowed URIs {1}.
+        /// </summary>
+        public static string AudienceRestrictionValidated {
+            get {
+                return ResourceManager.GetString("AudienceRestrictionValidated", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to AuthRequest sent for identity provider &quot;{0}&quot; using binding &quot;{1}&quot;.
+        /// </summary>
+        public static string AuthnRequestPrepared {
+            get {
+                return ResourceManager.GetString("AuthnRequestPrepared", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to AuthnRequest sent: {0}.
+        /// </summary>
+        public static string AuthnRequestSent {
+            get {
+                return ResourceManager.GetString("AuthnRequestSent", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Common domain cookie received: {0}.
+        /// </summary>
+        public static string CommonDomainCookieReceived {
+            get {
+                return ResourceManager.GetString("CommonDomainCookieReceived", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Redirect to SignOn endpoint found in Common Domain Cookie.
+        /// </summary>
+        public static string CommonDomainCookieRedirect {
+            get {
+                return ResourceManager.GetString("CommonDomainCookieRedirect", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Redirecting to Common Domain for identity provider discovery.
+        /// </summary>
+        public static string CommonDomainCookieRedirectForDiscovery {
+            get {
+                return ResourceManager.GetString("CommonDomainCookieRedirectForDiscovery", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Redirect to SignOn endpoint &quot;{0}&quot;.
+        /// </summary>
+        public static string CommonDomainCookieRedirectNotFound {
+            get {
+                return ResourceManager.GetString("CommonDomainCookieRedirectNotFound", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to EncryptedAssertion Decrypted: {0}.
+        /// </summary>
+        public static string EncryptedAssertionDecrypted {
+            get {
+                return ResourceManager.GetString("EncryptedAssertionDecrypted", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Decrypting EncryptedAssertion.
+        /// </summary>
+        public static string EncryptedAssertionDecrypting {
+            get {
+                return ResourceManager.GetString("EncryptedAssertionDecrypting", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to EncryptedAssertion found: {0}.
+        /// </summary>
+        public static string EncryptedAssertionFound {
+            get {
+                return ResourceManager.GetString("EncryptedAssertionFound", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Identity provider not found. Redirecting for identity provider selection.
+        /// </summary>
+        public static string IdentityProviderRedirect {
+            get {
+                return ResourceManager.GetString("IdentityProviderRedirect", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Identity provider retreived from Common Domain Cookie: {0}.
+        /// </summary>
+        public static string IdentityProviderRetreivedFromCommonDomainCookie {
+            get {
+                return ResourceManager.GetString("IdentityProviderRetreivedFromCommonDomainCookie", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Identity provider retreived from known providers: {0}.
+        /// </summary>
+        public static string IdentityProviderRetreivedFromDefault {
+            get {
+                return ResourceManager.GetString("IdentityProviderRetreivedFromDefault", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Identity provider retreived from IDPChoiceParamater: {0}.
+        /// </summary>
+        public static string IdentityProviderRetreivedFromQueryString {
+            get {
+                return ResourceManager.GetString("IdentityProviderRetreivedFromQueryString", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Redirecting to idpSelectionUrl for selection of identity provider: {0}.
+        /// </summary>
+        public static string IdentityProviderRetreivedFromSelection {
+            get {
+                return ResourceManager.GetString("IdentityProviderRetreivedFromSelection", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Executing Logout Actions.
+        /// </summary>
+        public static string LogoutActionsExecuting {
+            get {
+                return ResourceManager.GetString("LogoutActionsExecuting", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Logout handler called.
+        /// </summary>
+        public static string LogoutHandlerCalled {
+            get {
+                return ResourceManager.GetString("LogoutHandlerCalled", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Successfully parsed Logout request: {0}.
+        /// </summary>
+        public static string LogoutRequestParsed {
+            get {
+                return ResourceManager.GetString("LogoutRequestParsed", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Parsing Logout request POST binding message: {0}.
+        /// </summary>
+        public static string LogoutRequestPostBindingParse {
+            get {
+                return ResourceManager.GetString("LogoutRequestPostBindingParse", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Logout request received: {0}.
+        /// </summary>
+        public static string LogoutRequestReceived {
+            get {
+                return ResourceManager.GetString("LogoutRequestReceived", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Parsing Logout request Redirect binding message with signature algorithm {1} and signature {2}: {0}.
+        /// </summary>
+        public static string LogoutRequestRedirectBindingParse {
+            get {
+                return ResourceManager.GetString("LogoutRequestRedirectBindingParse", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Logout request sent for identity provider &quot;{0}&quot; using &quot;{1}&quot; binding: {2}.
+        /// </summary>
+        public static string LogoutRequestSent {
+            get {
+                return ResourceManager.GetString("LogoutRequestSent", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Successfully parsed Logout response: {0}.
+        /// </summary>
+        public static string LogoutResponseParsed {
+            get {
+                return ResourceManager.GetString("LogoutResponseParsed", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Parsing Logout response POST binding message: {0}.
+        /// </summary>
+        public static string LogoutResponsePostBindingParse {
+            get {
+                return ResourceManager.GetString("LogoutResponsePostBindingParse", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Logout response received.
+        /// </summary>
+        public static string LogoutResponseReceived {
+            get {
+                return ResourceManager.GetString("LogoutResponseReceived", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Parsing Logout response Redirect binding message with signature algorithm {1} and signature {2}: {0}.
+        /// </summary>
+        public static string LogoutResponseRedirectBindingParse {
+            get {
+                return ResourceManager.GetString("LogoutResponseRedirectBindingParse", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Logout response sent: {0}.
+        /// </summary>
+        public static string LogoutResponseSent {
+            get {
+                return ResourceManager.GetString("LogoutResponseSent", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Metadata document being created.
+        /// </summary>
+        public static string MetadataDocumentBeingCreated {
+            get {
+                return ResourceManager.GetString("MetadataDocumentBeingCreated", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Metadata document successfully created.
+        /// </summary>
+        public static string MetadataDocumentCreated {
+            get {
+                return ResourceManager.GetString("MetadataDocumentCreated", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to No replay attack detected.
+        /// </summary>
+        public static string ReplaceAttackCheckCleared {
+            get {
+                return ResourceManager.GetString("ReplaceAttackCheckCleared", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Checking for replay attack.
+        /// </summary>
+        public static string ReplayAttackCheck {
+            get {
+                return ResourceManager.GetString("ReplayAttackCheck", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Successfully decoded SamlResponse: {0}.
+        /// </summary>
+        public static string SamlResponseDecoded {
+            get {
+                return ResourceManager.GetString("SamlResponseDecoded", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to SamlResponse decoding.
+        /// </summary>
+        public static string SamlResponseDecoding {
+            get {
+                return ResourceManager.GetString("SamlResponseDecoding", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to SamlResponse received: {0}.
+        /// </summary>
+        public static string SamlResponseReceived {
+            get {
+                return ResourceManager.GetString("SamlResponseReceived", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Executing SignOn Actions.
+        /// </summary>
+        public static string SignOnActionsExecuting {
+            get {
+                return ResourceManager.GetString("SignOnActionsExecuting", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to SignOn handler called.
+        /// </summary>
+        public static string SignOnHandlerCalled {
+            get {
+                return ResourceManager.GetString("SignOnHandlerCalled", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Successfully processed signon request for &quot;{1}&quot; using NameIdFormat &quot;{2}&quot; for session &quot;{0}&quot;.
+        /// </summary>
+        public static string SignOnProcessed {
+            get {
+                return ResourceManager.GetString("SignOnProcessed", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Parsing SOAP message: {0}.
+        /// </summary>
+        public static string SOAPMessageParse {
+            get {
+                return ResourceManager.GetString("SOAPMessageParse", resourceCulture);
+            }
+        }
+    }
+}
diff --git a/src/SAML2.Core/TraceMessages.resx b/src/SAML2.Core/TraceMessages.resx
index 1f40883..6339bb0 100644
--- a/src/SAML2.Core/TraceMessages.resx
+++ b/src/SAML2.Core/TraceMessages.resx
@@ -1,276 +1,276 @@
-<?xml version="1.0" encoding="utf-8"?>
-<root>
-  <!-- 
-    Microsoft ResX Schema 
-    
-    Version 2.0
-    
-    The primary goals of this format is to allow a simple XML format 
-    that is mostly human readable. The generation and parsing of the 
-    various data types are done through the TypeConverter classes 
-    associated with the data types.
-    
-    Example:
-    
-    ... ado.net/XML headers & schema ...
-    <resheader name="resmimetype">text/microsoft-resx</resheader>
-    <resheader name="version">2.0</resheader>
-    <resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
-    <resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
-    <data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
-    <data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
-    <data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
-        <value>[base64 mime encoded serialized .NET Framework object]</value>
-    </data>
-    <data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
-        <value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
-        <comment>This is a comment</comment>
-    </data>
-                
-    There are any number of "resheader" rows that contain simple 
-    name/value pairs.
-    
-    Each data row contains a name, and value. The row also contains a 
-    type or mimetype. Type corresponds to a .NET class that support 
-    text/value conversion through the TypeConverter architecture. 
-    Classes that don't support this are serialized and stored with the 
-    mimetype set.
-    
-    The mimetype is used for serialized objects, and tells the 
-    ResXResourceReader how to depersist the object. This is currently not 
-    extensible. For a given mimetype the value must be set accordingly:
-    
-    Note - application/x-microsoft.net.object.binary.base64 is the format 
-    that the ResXResourceWriter will generate, however the reader can 
-    read any of the formats listed below.
-    
-    mimetype: application/x-microsoft.net.object.binary.base64
-    value   : The object must be serialized with 
-            : System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
-            : and then encoded with base64 encoding.
-    
-    mimetype: application/x-microsoft.net.object.soap.base64
-    value   : The object must be serialized with 
-            : System.Runtime.Serialization.Formatters.Soap.SoapFormatter
-            : and then encoded with base64 encoding.
-
-    mimetype: application/x-microsoft.net.object.bytearray.base64
-    value   : The object must be serialized into a byte array 
-            : using a System.ComponentModel.TypeConverter
-            : and then encoded with base64 encoding.
-    -->
-  <xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
-    <xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
-    <xsd:element name="root" msdata:IsDataSet="true">
-      <xsd:complexType>
-        <xsd:choice maxOccurs="unbounded">
-          <xsd:element name="metadata">
-            <xsd:complexType>
-              <xsd:sequence>
-                <xsd:element name="value" type="xsd:string" minOccurs="0" />
-              </xsd:sequence>
-              <xsd:attribute name="name" use="required" type="xsd:string" />
-              <xsd:attribute name="type" type="xsd:string" />
-              <xsd:attribute name="mimetype" type="xsd:string" />
-              <xsd:attribute ref="xml:space" />
-            </xsd:complexType>
-          </xsd:element>
-          <xsd:element name="assembly">
-            <xsd:complexType>
-              <xsd:attribute name="alias" type="xsd:string" />
-              <xsd:attribute name="name" type="xsd:string" />
-            </xsd:complexType>
-          </xsd:element>
-          <xsd:element name="data">
-            <xsd:complexType>
-              <xsd:sequence>
-                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
-                <xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
-              </xsd:sequence>
-              <xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
-              <xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
-              <xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
-              <xsd:attribute ref="xml:space" />
-            </xsd:complexType>
-          </xsd:element>
-          <xsd:element name="resheader">
-            <xsd:complexType>
-              <xsd:sequence>
-                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
-              </xsd:sequence>
-              <xsd:attribute name="name" type="xsd:string" use="required" />
-            </xsd:complexType>
-          </xsd:element>
-        </xsd:choice>
-      </xsd:complexType>
-    </xsd:element>
-  </xsd:schema>
-  <resheader name="resmimetype">
-    <value>text/microsoft-resx</value>
-  </resheader>
-  <resheader name="version">
-    <value>2.0</value>
-  </resheader>
-  <resheader name="reader">
-    <value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
-  </resheader>
-  <resheader name="writer">
-    <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
-  </resheader>
-  <data name="ArtifactCreated" xml:space="preserve">
-    <value>Artifact created: {0}</value>
-  </data>
-  <data name="ArtifactRedirectReceived" xml:space="preserve">
-    <value>Artifact redirect received: {0}</value>
-  </data>
-  <data name="ArtifactResolved" xml:space="preserve">
-    <value>Artifact resolved: {0}</value>
-  </data>
-  <data name="ArtifactResolveForKnownIdentityProvider" xml:space="preserve">
-    <value>Resolving artifact "{0}" from identity provider "{1}" endpoint "{2}"</value>
-  </data>
-  <data name="ArtifactResolveReceived" xml:space="preserve">
-    <value>Artifact resolve received: {0}</value>
-  </data>
-  <data name="ArtifactResolveResponseSent" xml:space="preserve">
-    <value>Sending response to artifact resolve request "{0}": {1}</value>
-  </data>
-  <data name="ArtifactResponseReceived" xml:space="preserve">
-    <value>Artifact response received: {0}</value>
-  </data>
-  <data name="AttrQueryAssertionReceived" xml:space="preserve">
-    <value>AttrQuery assertion received: {0}</value>
-  </data>
-  <data name="AttrQuerySent" xml:space="preserve">
-    <value>AttrQuery sent to "{0}": {1}</value>
-  </data>
-  <data name="AuthnRequestPrepared" xml:space="preserve">
-    <value>AuthRequest sent for identity provider "{0}" using binding "{1}"</value>
-  </data>
-  <data name="CommonDomainCookieReceived" xml:space="preserve">
-    <value>Common domain cookie received: {0}</value>
-  </data>
-  <data name="CommonDomainCookieRedirect" xml:space="preserve">
-    <value>Redirect to SignOn endpoint found in Common Domain Cookie</value>
-  </data>
-  <data name="CommonDomainCookieRedirectNotFound" xml:space="preserve">
-    <value>Redirect to SignOn endpoint "{0}"</value>
-  </data>
-  <data name="LogoutActionsExecuting" xml:space="preserve">
-    <value>Executing Logout Actions</value>
-  </data>
-  <data name="LogoutRequestReceived" xml:space="preserve">
-    <value>Logout request received: {0}</value>
-  </data>
-  <data name="LogoutRequestSent" xml:space="preserve">
-    <value>Logout request sent for identity provider "{0}" using "{1}" binding: {2}</value>
-  </data>
-  <data name="SignOnActionsExecuting" xml:space="preserve">
-    <value>Executing SignOn Actions</value>
-  </data>
-  <data name="SignOnProcessed" xml:space="preserve">
-    <value>Successfully processed signon request for "{1}" using NameIdFormat "{2}" for session "{0}"</value>
-  </data>
-  <data name="SOAPMessageParse" xml:space="preserve">
-    <value>Parsing SOAP message: {0}</value>
-  </data>
-  <data name="AssertionFound" xml:space="preserve">
-    <value>Assertion found: {0}</value>
-  </data>
-  <data name="AssertionParse" xml:space="preserve">
-    <value>Assertion being parsed</value>
-  </data>
-  <data name="AssertionParsed" xml:space="preserve">
-    <value>Successfully parsed Assertion: {0}</value>
-  </data>
-  <data name="AssertionPrehandlerCalled" xml:space="preserve">
-    <value>Assertion prehandler called</value>
-  </data>
-  <data name="AssertionProcessing" xml:space="preserve">
-    <value>Processing assertion: {0}</value>
-  </data>
-  <data name="AudienceRestrictionValidated" xml:space="preserve">
-    <value>Audience restriction validated for intended URIs {0} against allowed URIs {1}</value>
-  </data>
-  <data name="AuthnRequestSent" xml:space="preserve">
-    <value>AuthnRequest sent: {0}</value>
-  </data>
-  <data name="CommonDomainCookieRedirectForDiscovery" xml:space="preserve">
-    <value>Redirecting to Common Domain for identity provider discovery</value>
-  </data>
-  <data name="EncryptedAssertionDecrypted" xml:space="preserve">
-    <value>EncryptedAssertion Decrypted: {0}</value>
-  </data>
-  <data name="EncryptedAssertionDecrypting" xml:space="preserve">
-    <value>Decrypting EncryptedAssertion</value>
-  </data>
-  <data name="EncryptedAssertionFound" xml:space="preserve">
-    <value>EncryptedAssertion found: {0}</value>
-  </data>
-  <data name="IdentityProviderRedirect" xml:space="preserve">
-    <value>Identity provider not found. Redirecting for identity provider selection</value>
-  </data>
-  <data name="IdentityProviderRetreivedFromCommonDomainCookie" xml:space="preserve">
-    <value>Identity provider retreived from Common Domain Cookie: {0}</value>
-  </data>
-  <data name="IdentityProviderRetreivedFromDefault" xml:space="preserve">
-    <value>Identity provider retreived from known providers: {0}</value>
-  </data>
-  <data name="IdentityProviderRetreivedFromQueryString" xml:space="preserve">
-    <value>Identity provider retreived from IDPChoiceParamater: {0}</value>
-  </data>
-  <data name="IdentityProviderRetreivedFromSelection" xml:space="preserve">
-    <value>Redirecting to idpSelectionUrl for selection of identity provider: {0}</value>
-  </data>
-  <data name="LogoutHandlerCalled" xml:space="preserve">
-    <value>Logout handler called</value>
-  </data>
-  <data name="LogoutRequestParsed" xml:space="preserve">
-    <value>Successfully parsed Logout request: {0}</value>
-  </data>
-  <data name="LogoutRequestPostBindingParse" xml:space="preserve">
-    <value>Parsing Logout request POST binding message: {0}</value>
-  </data>
-  <data name="LogoutRequestRedirectBindingParse" xml:space="preserve">
-    <value>Parsing Logout request Redirect binding message with signature algorithm {1} and signature {2}: {0}</value>
-  </data>
-  <data name="LogoutResponseParsed" xml:space="preserve">
-    <value>Successfully parsed Logout response: {0}</value>
-  </data>
-  <data name="LogoutResponsePostBindingParse" xml:space="preserve">
-    <value>Parsing Logout response POST binding message: {0}</value>
-  </data>
-  <data name="LogoutResponseReceived" xml:space="preserve">
-    <value>Logout response received</value>
-  </data>
-  <data name="LogoutResponseRedirectBindingParse" xml:space="preserve">
-    <value>Parsing Logout response Redirect binding message with signature algorithm {1} and signature {2}: {0}</value>
-  </data>
-  <data name="LogoutResponseSent" xml:space="preserve">
-    <value>Logout response sent: {0}</value>
-  </data>
-  <data name="MetadataDocumentBeingCreated" xml:space="preserve">
-    <value>Metadata document being created</value>
-  </data>
-  <data name="MetadataDocumentCreated" xml:space="preserve">
-    <value>Metadata document successfully created</value>
-  </data>
-  <data name="ReplaceAttackCheckCleared" xml:space="preserve">
-    <value>No replay attack detected</value>
-  </data>
-  <data name="ReplayAttackCheck" xml:space="preserve">
-    <value>Checking for replay attack</value>
-  </data>
-  <data name="SamlResponseDecoded" xml:space="preserve">
-    <value>Successfully decoded SamlResponse: {0}</value>
-  </data>
-  <data name="SamlResponseDecoding" xml:space="preserve">
-    <value>SamlResponse decoding</value>
-  </data>
-  <data name="SamlResponseReceived" xml:space="preserve">
-    <value>SamlResponse received: {0}</value>
-  </data>
-  <data name="SignOnHandlerCalled" xml:space="preserve">
-    <value>SignOn handler called</value>
-  </data>
+<?xml version="1.0" encoding="utf-8"?>
+<root>
+  <!-- 
+    Microsoft ResX Schema 
+    
+    Version 2.0
+    
+    The primary goals of this format is to allow a simple XML format 
+    that is mostly human readable. The generation and parsing of the 
+    various data types are done through the TypeConverter classes 
+    associated with the data types.
+    
+    Example:
+    
+    ... ado.net/XML headers & schema ...
+    <resheader name="resmimetype">text/microsoft-resx</resheader>
+    <resheader name="version">2.0</resheader>
+    <resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
+    <resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
+    <data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
+    <data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
+    <data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
+        <value>[base64 mime encoded serialized .NET Framework object]</value>
+    </data>
+    <data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+        <value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
+        <comment>This is a comment</comment>
+    </data>
+                
+    There are any number of "resheader" rows that contain simple 
+    name/value pairs.
+    
+    Each data row contains a name, and value. The row also contains a 
+    type or mimetype. Type corresponds to a .NET class that support 
+    text/value conversion through the TypeConverter architecture. 
+    Classes that don't support this are serialized and stored with the 
+    mimetype set.
+    
+    The mimetype is used for serialized objects, and tells the 
+    ResXResourceReader how to depersist the object. This is currently not 
+    extensible. For a given mimetype the value must be set accordingly:
+    
+    Note - application/x-microsoft.net.object.binary.base64 is the format 
+    that the ResXResourceWriter will generate, however the reader can 
+    read any of the formats listed below.
+    
+    mimetype: application/x-microsoft.net.object.binary.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
+            : and then encoded with base64 encoding.
+    
+    mimetype: application/x-microsoft.net.object.soap.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Soap.SoapFormatter
+            : and then encoded with base64 encoding.
+
+    mimetype: application/x-microsoft.net.object.bytearray.base64
+    value   : The object must be serialized into a byte array 
+            : using a System.ComponentModel.TypeConverter
+            : and then encoded with base64 encoding.
+    -->
+  <xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
+    <xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
+    <xsd:element name="root" msdata:IsDataSet="true">
+      <xsd:complexType>
+        <xsd:choice maxOccurs="unbounded">
+          <xsd:element name="metadata">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" />
+              </xsd:sequence>
+              <xsd:attribute name="name" use="required" type="xsd:string" />
+              <xsd:attribute name="type" type="xsd:string" />
+              <xsd:attribute name="mimetype" type="xsd:string" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="assembly">
+            <xsd:complexType>
+              <xsd:attribute name="alias" type="xsd:string" />
+              <xsd:attribute name="name" type="xsd:string" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="data">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+                <xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
+              <xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
+              <xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="resheader">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" />
+            </xsd:complexType>
+          </xsd:element>
+        </xsd:choice>
+      </xsd:complexType>
+    </xsd:element>
+  </xsd:schema>
+  <resheader name="resmimetype">
+    <value>text/microsoft-resx</value>
+  </resheader>
+  <resheader name="version">
+    <value>2.0</value>
+  </resheader>
+  <resheader name="reader">
+    <value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <resheader name="writer">
+    <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <data name="ArtifactCreated" xml:space="preserve">
+    <value>Artifact created: {0}</value>
+  </data>
+  <data name="ArtifactRedirectReceived" xml:space="preserve">
+    <value>Artifact redirect received: {0}</value>
+  </data>
+  <data name="ArtifactResolved" xml:space="preserve">
+    <value>Artifact resolved: {0}</value>
+  </data>
+  <data name="ArtifactResolveForKnownIdentityProvider" xml:space="preserve">
+    <value>Resolving artifact "{0}" from identity provider "{1}" endpoint "{2}"</value>
+  </data>
+  <data name="ArtifactResolveReceived" xml:space="preserve">
+    <value>Artifact resolve received: {0}</value>
+  </data>
+  <data name="ArtifactResolveResponseSent" xml:space="preserve">
+    <value>Sending response to artifact resolve request "{0}": {1}</value>
+  </data>
+  <data name="ArtifactResponseReceived" xml:space="preserve">
+    <value>Artifact response received: {0}</value>
+  </data>
+  <data name="AttrQueryAssertionReceived" xml:space="preserve">
+    <value>AttrQuery assertion received: {0}</value>
+  </data>
+  <data name="AttrQuerySent" xml:space="preserve">
+    <value>AttrQuery sent to "{0}": {1}</value>
+  </data>
+  <data name="AuthnRequestPrepared" xml:space="preserve">
+    <value>AuthRequest sent for identity provider "{0}" using binding "{1}"</value>
+  </data>
+  <data name="CommonDomainCookieReceived" xml:space="preserve">
+    <value>Common domain cookie received: {0}</value>
+  </data>
+  <data name="CommonDomainCookieRedirect" xml:space="preserve">
+    <value>Redirect to SignOn endpoint found in Common Domain Cookie</value>
+  </data>
+  <data name="CommonDomainCookieRedirectNotFound" xml:space="preserve">
+    <value>Redirect to SignOn endpoint "{0}"</value>
+  </data>
+  <data name="LogoutActionsExecuting" xml:space="preserve">
+    <value>Executing Logout Actions</value>
+  </data>
+  <data name="LogoutRequestReceived" xml:space="preserve">
+    <value>Logout request received: {0}</value>
+  </data>
+  <data name="LogoutRequestSent" xml:space="preserve">
+    <value>Logout request sent for identity provider "{0}" using "{1}" binding: {2}</value>
+  </data>
+  <data name="SignOnActionsExecuting" xml:space="preserve">
+    <value>Executing SignOn Actions</value>
+  </data>
+  <data name="SignOnProcessed" xml:space="preserve">
+    <value>Successfully processed signon request for "{1}" using NameIdFormat "{2}" for session "{0}"</value>
+  </data>
+  <data name="SOAPMessageParse" xml:space="preserve">
+    <value>Parsing SOAP message: {0}</value>
+  </data>
+  <data name="AssertionFound" xml:space="preserve">
+    <value>Assertion found: {0}</value>
+  </data>
+  <data name="AssertionParse" xml:space="preserve">
+    <value>Assertion being parsed</value>
+  </data>
+  <data name="AssertionParsed" xml:space="preserve">
+    <value>Successfully parsed Assertion: {0}</value>
+  </data>
+  <data name="AssertionPrehandlerCalled" xml:space="preserve">
+    <value>Assertion prehandler called</value>
+  </data>
+  <data name="AssertionProcessing" xml:space="preserve">
+    <value>Processing assertion: {0}</value>
+  </data>
+  <data name="AudienceRestrictionValidated" xml:space="preserve">
+    <value>Audience restriction validated for intended URIs {0} against allowed URIs {1}</value>
+  </data>
+  <data name="AuthnRequestSent" xml:space="preserve">
+    <value>AuthnRequest sent: {0}</value>
+  </data>
+  <data name="CommonDomainCookieRedirectForDiscovery" xml:space="preserve">
+    <value>Redirecting to Common Domain for identity provider discovery</value>
+  </data>
+  <data name="EncryptedAssertionDecrypted" xml:space="preserve">
+    <value>EncryptedAssertion Decrypted: {0}</value>
+  </data>
+  <data name="EncryptedAssertionDecrypting" xml:space="preserve">
+    <value>Decrypting EncryptedAssertion</value>
+  </data>
+  <data name="EncryptedAssertionFound" xml:space="preserve">
+    <value>EncryptedAssertion found: {0}</value>
+  </data>
+  <data name="IdentityProviderRedirect" xml:space="preserve">
+    <value>Identity provider not found. Redirecting for identity provider selection</value>
+  </data>
+  <data name="IdentityProviderRetreivedFromCommonDomainCookie" xml:space="preserve">
+    <value>Identity provider retreived from Common Domain Cookie: {0}</value>
+  </data>
+  <data name="IdentityProviderRetreivedFromDefault" xml:space="preserve">
+    <value>Identity provider retreived from known providers: {0}</value>
+  </data>
+  <data name="IdentityProviderRetreivedFromQueryString" xml:space="preserve">
+    <value>Identity provider retreived from IDPChoiceParamater: {0}</value>
+  </data>
+  <data name="IdentityProviderRetreivedFromSelection" xml:space="preserve">
+    <value>Redirecting to idpSelectionUrl for selection of identity provider: {0}</value>
+  </data>
+  <data name="LogoutHandlerCalled" xml:space="preserve">
+    <value>Logout handler called</value>
+  </data>
+  <data name="LogoutRequestParsed" xml:space="preserve">
+    <value>Successfully parsed Logout request: {0}</value>
+  </data>
+  <data name="LogoutRequestPostBindingParse" xml:space="preserve">
+    <value>Parsing Logout request POST binding message: {0}</value>
+  </data>
+  <data name="LogoutRequestRedirectBindingParse" xml:space="preserve">
+    <value>Parsing Logout request Redirect binding message with signature algorithm {1} and signature {2}: {0}</value>
+  </data>
+  <data name="LogoutResponseParsed" xml:space="preserve">
+    <value>Successfully parsed Logout response: {0}</value>
+  </data>
+  <data name="LogoutResponsePostBindingParse" xml:space="preserve">
+    <value>Parsing Logout response POST binding message: {0}</value>
+  </data>
+  <data name="LogoutResponseReceived" xml:space="preserve">
+    <value>Logout response received</value>
+  </data>
+  <data name="LogoutResponseRedirectBindingParse" xml:space="preserve">
+    <value>Parsing Logout response Redirect binding message with signature algorithm {1} and signature {2}: {0}</value>
+  </data>
+  <data name="LogoutResponseSent" xml:space="preserve">
+    <value>Logout response sent: {0}</value>
+  </data>
+  <data name="MetadataDocumentBeingCreated" xml:space="preserve">
+    <value>Metadata document being created</value>
+  </data>
+  <data name="MetadataDocumentCreated" xml:space="preserve">
+    <value>Metadata document successfully created</value>
+  </data>
+  <data name="ReplaceAttackCheckCleared" xml:space="preserve">
+    <value>No replay attack detected</value>
+  </data>
+  <data name="ReplayAttackCheck" xml:space="preserve">
+    <value>Checking for replay attack</value>
+  </data>
+  <data name="SamlResponseDecoded" xml:space="preserve">
+    <value>Successfully decoded SamlResponse: {0}</value>
+  </data>
+  <data name="SamlResponseDecoding" xml:space="preserve">
+    <value>SamlResponse decoding</value>
+  </data>
+  <data name="SamlResponseReceived" xml:space="preserve">
+    <value>SamlResponse received: {0}</value>
+  </data>
+  <data name="SignOnHandlerCalled" xml:space="preserve">
+    <value>SignOn handler called</value>
+  </data>
 </root>
\ No newline at end of file
diff --git a/src/SAML2.Tests/Certificates/SafewhereTest_SFS.pfx b/src/SAML2.Tests/Certificates/SafewhereTest_SFS.pfx
new file mode 100644
index 0000000..604649c
Binary files /dev/null and b/src/SAML2.Tests/Certificates/SafewhereTest_SFS.pfx differ
diff --git a/src/SAML2.Tests/Certificates/sts_dev_certificate.pfx b/src/SAML2.Tests/Certificates/sts_dev_certificate.pfx
new file mode 100644
index 0000000..c78d2fb
Binary files /dev/null and b/src/SAML2.Tests/Certificates/sts_dev_certificate.pfx differ
diff --git a/src/SAML2.sln b/src/SAML2.sln
index 72ae66d..20f69ee 100644
--- a/src/SAML2.sln
+++ b/src/SAML2.sln
@@ -1,46 +1,53 @@
-
-Microsoft Visual Studio Solution File, Format Version 12.00
-# Visual Studio 14
-VisualStudioVersion = 14.0.22310.1
-MinimumVisualStudioVersion = 10.0.40219.1
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "SAML2.Core", "SAML2.Core\SAML2.Core.csproj", "{75E5BAD2-A20C-43CC-B5C8-38004CEDBDFD}"
-EndProject
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "SAML2.Tests", "SAML2.Tests\SAML2.Tests.csproj", "{39FE8EA4-860C-4A15-A09C-B5B9EEF8CFA2}"
-EndProject
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Owin.Security.Saml", "Owin.Security.Saml\Owin.Security.Saml.csproj", "{0054DAFD-1A69-4807-B24E-A6A6B71927C7}"
-EndProject
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "SAML2.AspNet", "SAML2.AspNet\SAML2.AspNet.csproj", "{D2136BFD-D2DA-4105-920B-8E05C090C597}"
-EndProject
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "SelfHostOwinSPExample", "SelfHostOwinSPExample\SelfHostOwinSPExample.csproj", "{6A489386-AFB0-4172-ACF4-61F79DC340DC}"
-EndProject
-Global
-	GlobalSection(SolutionConfigurationPlatforms) = preSolution
-		Debug|Any CPU = Debug|Any CPU
-		Release|Any CPU = Release|Any CPU
-	EndGlobalSection
-	GlobalSection(ProjectConfigurationPlatforms) = postSolution
-		{75E5BAD2-A20C-43CC-B5C8-38004CEDBDFD}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{75E5BAD2-A20C-43CC-B5C8-38004CEDBDFD}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{75E5BAD2-A20C-43CC-B5C8-38004CEDBDFD}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{75E5BAD2-A20C-43CC-B5C8-38004CEDBDFD}.Release|Any CPU.Build.0 = Release|Any CPU
-		{39FE8EA4-860C-4A15-A09C-B5B9EEF8CFA2}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{39FE8EA4-860C-4A15-A09C-B5B9EEF8CFA2}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{39FE8EA4-860C-4A15-A09C-B5B9EEF8CFA2}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{39FE8EA4-860C-4A15-A09C-B5B9EEF8CFA2}.Release|Any CPU.Build.0 = Release|Any CPU
-		{0054DAFD-1A69-4807-B24E-A6A6B71927C7}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{0054DAFD-1A69-4807-B24E-A6A6B71927C7}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{0054DAFD-1A69-4807-B24E-A6A6B71927C7}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{0054DAFD-1A69-4807-B24E-A6A6B71927C7}.Release|Any CPU.Build.0 = Release|Any CPU
-		{D2136BFD-D2DA-4105-920B-8E05C090C597}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{D2136BFD-D2DA-4105-920B-8E05C090C597}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{D2136BFD-D2DA-4105-920B-8E05C090C597}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{D2136BFD-D2DA-4105-920B-8E05C090C597}.Release|Any CPU.Build.0 = Release|Any CPU
-		{6A489386-AFB0-4172-ACF4-61F79DC340DC}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{6A489386-AFB0-4172-ACF4-61F79DC340DC}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{6A489386-AFB0-4172-ACF4-61F79DC340DC}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{6A489386-AFB0-4172-ACF4-61F79DC340DC}.Release|Any CPU.Build.0 = Release|Any CPU
-	EndGlobalSection
-	GlobalSection(SolutionProperties) = preSolution
-		HideSolutionNode = FALSE
-	EndGlobalSection
-EndGlobal
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio 2013
+VisualStudioVersion = 12.0.40629.0
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "SAML2.Core", "SAML2.Core\SAML2.Core.csproj", "{75E5BAD2-A20C-43CC-B5C8-38004CEDBDFD}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "SAML2.Tests", "SAML2.Tests\SAML2.Tests.csproj", "{39FE8EA4-860C-4A15-A09C-B5B9EEF8CFA2}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Owin.Security.Saml", "Owin.Security.Saml\Owin.Security.Saml.csproj", "{0054DAFD-1A69-4807-B24E-A6A6B71927C7}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "SAML2.AspNet", "SAML2.AspNet\SAML2.AspNet.csproj", "{D2136BFD-D2DA-4105-920B-8E05C090C597}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "SelfHostOwinSPExample", "SelfHostOwinSPExample\SelfHostOwinSPExample.csproj", "{6A489386-AFB0-4172-ACF4-61F79DC340DC}"
+EndProject
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = ".nuget", ".nuget", "{3042234F-B95F-44EB-A228-C6EAE64F01B1}"
+	ProjectSection(SolutionItems) = preProject
+		.nuget\NuGet.Config = .nuget\NuGet.Config
+		.nuget\NuGet.exe = .nuget\NuGet.exe
+		.nuget\NuGet.targets = .nuget\NuGet.targets
+	EndProjectSection
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Any CPU = Debug|Any CPU
+		Release|Any CPU = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{75E5BAD2-A20C-43CC-B5C8-38004CEDBDFD}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{75E5BAD2-A20C-43CC-B5C8-38004CEDBDFD}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{75E5BAD2-A20C-43CC-B5C8-38004CEDBDFD}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{75E5BAD2-A20C-43CC-B5C8-38004CEDBDFD}.Release|Any CPU.Build.0 = Release|Any CPU
+		{39FE8EA4-860C-4A15-A09C-B5B9EEF8CFA2}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{39FE8EA4-860C-4A15-A09C-B5B9EEF8CFA2}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{39FE8EA4-860C-4A15-A09C-B5B9EEF8CFA2}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{39FE8EA4-860C-4A15-A09C-B5B9EEF8CFA2}.Release|Any CPU.Build.0 = Release|Any CPU
+		{0054DAFD-1A69-4807-B24E-A6A6B71927C7}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{0054DAFD-1A69-4807-B24E-A6A6B71927C7}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{0054DAFD-1A69-4807-B24E-A6A6B71927C7}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{0054DAFD-1A69-4807-B24E-A6A6B71927C7}.Release|Any CPU.Build.0 = Release|Any CPU
+		{D2136BFD-D2DA-4105-920B-8E05C090C597}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{D2136BFD-D2DA-4105-920B-8E05C090C597}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{D2136BFD-D2DA-4105-920B-8E05C090C597}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{D2136BFD-D2DA-4105-920B-8E05C090C597}.Release|Any CPU.Build.0 = Release|Any CPU
+		{6A489386-AFB0-4172-ACF4-61F79DC340DC}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{6A489386-AFB0-4172-ACF4-61F79DC340DC}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{6A489386-AFB0-4172-ACF4-61F79DC340DC}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{6A489386-AFB0-4172-ACF4-61F79DC340DC}.Release|Any CPU.Build.0 = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+EndGlobal
diff --git a/src/SAML2.v12.suo b/src/SAML2.v12.suo
new file mode 100644
index 0000000..3f2f14f
Binary files /dev/null and b/src/SAML2.v12.suo differ
diff --git a/src/SelfHostOwinSPExample/SeekableRequestBodyMiddleware.cs b/src/SelfHostOwinSPExample/SeekableRequestBodyMiddleware.cs
new file mode 100644
index 0000000..7227d5f
--- /dev/null
+++ b/src/SelfHostOwinSPExample/SeekableRequestBodyMiddleware.cs
@@ -0,0 +1,33 @@
+using System;
+using System.Collections.Generic;
+using System.IO;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+using Microsoft.Owin;
+
+namespace SelfHostOwinSPExample {
+	/// <summary>
+	/// Self-Host Owin Request Body stream is not seekable by default unlike its counter part on IIS
+	/// </summary>
+	public class SeekableRequestBodyMiddleware : OwinMiddleware {
+		public SeekableRequestBodyMiddleware( OwinMiddleware next ) : base( next ) { }
+
+		public async override Task Invoke( IOwinContext context ) {
+			ReplaceBodyWithMemoryStreamIfNotCanSeek( context.Request );
+			await Next.Invoke( context );
+		}
+		/// <summary>
+		/// In OWIN selfhost environment, Request.Body is using HttpRequestStream that is not rewindable, it is causing issues for other components in pipeline trying to access the body content.
+		/// </summary>
+		/// <param name="request"></param>
+		private void ReplaceBodyWithMemoryStreamIfNotCanSeek( IOwinRequest request ) {
+			if( !request.Body.CanSeek ) {
+				var bodyStream = request.Body;
+				request.Body = new MemoryStream();
+				bodyStream.CopyTo( request.Body );
+				request.Body.Seek( 0, SeekOrigin.Begin );
+			}
+		}
+	}
+}
diff --git a/src/SelfHostOwinSPExample/SelfHostOwinSPExample.csproj b/src/SelfHostOwinSPExample/SelfHostOwinSPExample.csproj
index 4bcb46e..81f2ecc 100644
--- a/src/SelfHostOwinSPExample/SelfHostOwinSPExample.csproj
+++ b/src/SelfHostOwinSPExample/SelfHostOwinSPExample.csproj
@@ -1,96 +1,106 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
-  <PropertyGroup>
-    <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
-    <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
-    <ProjectGuid>{6A489386-AFB0-4172-ACF4-61F79DC340DC}</ProjectGuid>
-    <OutputType>Exe</OutputType>
-    <AppDesignerFolder>Properties</AppDesignerFolder>
-    <RootNamespace>SelfHostOwinSPExample</RootNamespace>
-    <AssemblyName>SelfHostOwinSPExample</AssemblyName>
-    <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
-    <FileAlignment>512</FileAlignment>
-  </PropertyGroup>
-  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
-    <PlatformTarget>AnyCPU</PlatformTarget>
-    <DebugSymbols>true</DebugSymbols>
-    <DebugType>full</DebugType>
-    <Optimize>false</Optimize>
-    <OutputPath>bin\Debug\</OutputPath>
-    <DefineConstants>TRACE;DEBUG</DefineConstants>
-    <ErrorReport>prompt</ErrorReport>
-    <WarningLevel>4</WarningLevel>
-  </PropertyGroup>
-  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
-    <PlatformTarget>AnyCPU</PlatformTarget>
-    <DebugType>pdbonly</DebugType>
-    <Optimize>true</Optimize>
-    <OutputPath>bin\Release\</OutputPath>
-    <DefineConstants>TRACE</DefineConstants>
-    <ErrorReport>prompt</ErrorReport>
-    <WarningLevel>4</WarningLevel>
-  </PropertyGroup>
-  <ItemGroup>
-    <Reference Include="Microsoft.Owin">
-      <HintPath>..\packages\Microsoft.Owin.3.0.0\lib\net45\Microsoft.Owin.dll</HintPath>
-    </Reference>
-    <Reference Include="Microsoft.Owin.Host.HttpListener">
-      <HintPath>..\packages\Microsoft.Owin.Host.HttpListener.3.0.0\lib\net45\Microsoft.Owin.Host.HttpListener.dll</HintPath>
-    </Reference>
-    <Reference Include="Microsoft.Owin.Hosting">
-      <HintPath>..\packages\Microsoft.Owin.Hosting.3.0.0\lib\net45\Microsoft.Owin.Hosting.dll</HintPath>
-    </Reference>
-    <Reference Include="Microsoft.Owin.Security">
-      <HintPath>..\packages\Microsoft.Owin.Security.3.0.0\lib\net45\Microsoft.Owin.Security.dll</HintPath>
-    </Reference>
-    <Reference Include="Microsoft.Owin.Security.Cookies">
-      <HintPath>..\packages\Microsoft.Owin.Security.Cookies.3.0.0\lib\net45\Microsoft.Owin.Security.Cookies.dll</HintPath>
-    </Reference>
-    <Reference Include="Owin">
-      <HintPath>..\packages\Owin.1.0\lib\net40\Owin.dll</HintPath>
-    </Reference>
-    <Reference Include="System" />
-    <Reference Include="System.Core" />
-    <Reference Include="System.Xml.Linq" />
-    <Reference Include="System.Data.DataSetExtensions" />
-    <Reference Include="Microsoft.CSharp" />
-    <Reference Include="System.Data" />
-    <Reference Include="System.Xml" />
-  </ItemGroup>
-  <ItemGroup>
-    <Compile Include="Startup-Test.cs" />
-    <Compile Include="Program.cs" />
-    <Compile Include="Properties\AssemblyInfo.cs" />
-    <Compile Include="Startup.cs" />
-  </ItemGroup>
-  <ItemGroup>
-    <None Include="App.config" />
-    <None Include="packages.config" />
-    <EmbeddedResource Include="sts_dev_certificate.pfx">
-      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
-    </EmbeddedResource>
-  </ItemGroup>
-  <ItemGroup>
-    <ProjectReference Include="..\Owin.Security.Saml\Owin.Security.Saml.csproj">
-      <Project>{0054dafd-1a69-4807-b24e-a6a6b71927c7}</Project>
-      <Name>Owin.Security.Saml</Name>
-    </ProjectReference>
-    <ProjectReference Include="..\SAML2.Core\SAML2.Core.csproj">
-      <Project>{75e5bad2-a20c-43cc-b5c8-38004cedbdfd}</Project>
-      <Name>SAML2.Core</Name>
-    </ProjectReference>
-  </ItemGroup>
-  <ItemGroup>
-    <Folder Include="Metadata-Test\" />
-    <Folder Include="Metadata\" />
-  </ItemGroup>
-  <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
+  <PropertyGroup>
+    <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
+    <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
+    <ProjectGuid>{6A489386-AFB0-4172-ACF4-61F79DC340DC}</ProjectGuid>
+    <OutputType>Exe</OutputType>
+    <AppDesignerFolder>Properties</AppDesignerFolder>
+    <RootNamespace>SelfHostOwinSPExample</RootNamespace>
+    <AssemblyName>SelfHostOwinSPExample</AssemblyName>
+    <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
+    <FileAlignment>512</FileAlignment>
+    <SolutionDir Condition="$(SolutionDir) == '' Or $(SolutionDir) == '*Undefined*'">..\</SolutionDir>
+    <RestorePackages>true</RestorePackages>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
+    <PlatformTarget>AnyCPU</PlatformTarget>
+    <DebugSymbols>true</DebugSymbols>
+    <DebugType>full</DebugType>
+    <Optimize>false</Optimize>
+    <OutputPath>bin\Debug\</OutputPath>
+    <DefineConstants>TRACE;DEBUG</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
+    <PlatformTarget>AnyCPU</PlatformTarget>
+    <DebugType>pdbonly</DebugType>
+    <Optimize>true</Optimize>
+    <OutputPath>bin\Release\</OutputPath>
+    <DefineConstants>TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+  </PropertyGroup>
+  <ItemGroup>
+    <Reference Include="Microsoft.Owin">
+      <HintPath>..\packages\Microsoft.Owin.3.0.0\lib\net45\Microsoft.Owin.dll</HintPath>
+    </Reference>
+    <Reference Include="Microsoft.Owin.Host.HttpListener">
+      <HintPath>..\packages\Microsoft.Owin.Host.HttpListener.3.0.0\lib\net45\Microsoft.Owin.Host.HttpListener.dll</HintPath>
+    </Reference>
+    <Reference Include="Microsoft.Owin.Hosting">
+      <HintPath>..\packages\Microsoft.Owin.Hosting.3.0.0\lib\net45\Microsoft.Owin.Hosting.dll</HintPath>
+    </Reference>
+    <Reference Include="Microsoft.Owin.Security">
+      <HintPath>..\packages\Microsoft.Owin.Security.3.0.0\lib\net45\Microsoft.Owin.Security.dll</HintPath>
+    </Reference>
+    <Reference Include="Microsoft.Owin.Security.Cookies">
+      <HintPath>..\packages\Microsoft.Owin.Security.Cookies.3.0.0\lib\net45\Microsoft.Owin.Security.Cookies.dll</HintPath>
+    </Reference>
+    <Reference Include="Owin">
+      <HintPath>..\packages\Owin.1.0\lib\net40\Owin.dll</HintPath>
+    </Reference>
+    <Reference Include="System" />
+    <Reference Include="System.Core" />
+    <Reference Include="System.Xml.Linq" />
+    <Reference Include="System.Data.DataSetExtensions" />
+    <Reference Include="Microsoft.CSharp" />
+    <Reference Include="System.Data" />
+    <Reference Include="System.Xml" />
+  </ItemGroup>
+  <ItemGroup>
+    <Compile Include="SeekableRequestBodyMiddleware.cs" />
+    <Compile Include="Startup-Test.cs" />
+    <Compile Include="Program.cs" />
+    <Compile Include="Properties\AssemblyInfo.cs" />
+    <Compile Include="Startup.cs" />
+  </ItemGroup>
+  <ItemGroup>
+    <None Include="App.config" />
+    <None Include="packages.config" />
+    <EmbeddedResource Include="sts_dev_certificate.pfx">
+      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
+    </EmbeddedResource>
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\Owin.Security.Saml\Owin.Security.Saml.csproj">
+      <Project>{0054dafd-1a69-4807-b24e-a6a6b71927c7}</Project>
+      <Name>Owin.Security.Saml</Name>
+    </ProjectReference>
+    <ProjectReference Include="..\SAML2.Core\SAML2.Core.csproj">
+      <Project>{75e5bad2-a20c-43cc-b5c8-38004cedbdfd}</Project>
+      <Name>SAML2.Core</Name>
+    </ProjectReference>
+  </ItemGroup>
+  <ItemGroup>
+    <Folder Include="Metadata-Test\" />
+    <Folder Include="Metadata\" />
+  </ItemGroup>
+  <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
+  <Import Project="$(SolutionDir)\.nuget\NuGet.targets" Condition="Exists('$(SolutionDir)\.nuget\NuGet.targets')" />
+  <Target Name="EnsureNuGetPackageBuildImports" BeforeTargets="PrepareForBuild">
+    <PropertyGroup>
+      <ErrorText>This project references NuGet package(s) that are missing on this computer. Enable NuGet Package Restore to download them.  For more information, see http://go.microsoft.com/fwlink/?LinkID=322105. The missing file is {0}.</ErrorText>
+    </PropertyGroup>
+    <Error Condition="!Exists('$(SolutionDir)\.nuget\NuGet.targets')" Text="$([System.String]::Format('$(ErrorText)', '$(SolutionDir)\.nuget\NuGet.targets'))" />
+  </Target>
   <!-- To modify your build process, add your task inside one of the targets below and uncomment it. 
        Other similar extension points exist, see Microsoft.Common.targets.
   <Target Name="BeforeBuild">
   </Target>
   <Target Name="AfterBuild">
   </Target>
-  -->
+  -->
 </Project>
\ No newline at end of file
diff --git a/src/SelfHostOwinSPExample/Startup.cs b/src/SelfHostOwinSPExample/Startup.cs
index ba667dc..880724a 100644
--- a/src/SelfHostOwinSPExample/Startup.cs
+++ b/src/SelfHostOwinSPExample/Startup.cs
@@ -1,83 +1,83 @@
-using System;
-using System.Linq;
-using Owin;
-using SAML2.Config;
-using System.IO;
-
-namespace SelfHostOwinSPExample
-{
-    internal partial class Startup
-    {
-        public void Configuration(IAppBuilder appBuilder)
-        {
-            var config = GetSamlConfiguration();
-#if TEST
-            config = TestEnvironmentConfiguration();
-#endif
-
-            appBuilder.UseCookieAuthentication(new Microsoft.Owin.Security.Cookies.CookieAuthenticationOptions
-            {
-                AuthenticationType = "SAML2",
-                AuthenticationMode = Microsoft.Owin.Security.AuthenticationMode.Active
-            });
-            appBuilder.UseSamlAuthentication(new Owin.Security.Saml.SamlAuthenticationOptions
-            {
-                Configuration = config,
-                RedirectAfterLogin = "/core",
-            });
-            appBuilder.Run(async c => {
-                if (c.Authentication.User != null &&
-                    c.Authentication.User.Identity != null &&
-                    c.Authentication.User.Identity.IsAuthenticated) {
-                    await c.Response.WriteAsync(c.Authentication.User.Identity.Name + "\r\n");
-                    await c.Response.WriteAsync(c.Authentication.User.Identity.AuthenticationType + "\r\n");
-                    foreach (var claim in c.Authentication.User.Identities.SelectMany(i => i.Claims))
-                        await c.Response.WriteAsync(claim.Value + "\r\n");
-                    await c.Response.WriteAsync("authenticated");
-                } else {
-                    // trigger authentication
-                    c.Authentication.Challenge(c.Authentication.GetAuthenticationTypes().Select(d => d.AuthenticationType).ToArray());
-                }
-                return;
-            });
-        }
-
-        private Saml2Configuration GetSamlConfiguration()
-        {
-            var myconfig = new Saml2Configuration
-            {
-                ServiceProvider = new ServiceProvider
-                {
-                    SigningCertificate = new System.Security.Cryptography.X509Certificates.X509Certificate2(FileEmbeddedResource("SelfHostOwinSPExample.sts_dev_certificate.pfx"), "test1234", System.Security.Cryptography.X509Certificates.X509KeyStorageFlags.MachineKeySet),
-                    Server = "https://localhost:44333/core",
-                    Id = "https://localhost:44333/core"
-                },
-                AllowedAudienceUris = new System.Collections.Generic.List<Uri>(new[] { new Uri("https://localhost:44333/core") })
-            };
-            myconfig.ServiceProvider.Endpoints.AddRange(new[] {
-                new ServiceProviderEndpoint(EndpointType.SignOn, "/core/saml2/login", "/core"),
-                new ServiceProviderEndpoint(EndpointType.Logout, "/core/saml2/logout", "/core"),
-                new ServiceProviderEndpoint(EndpointType.Metadata, "/core/saml2/metadata")
-            });
-            myconfig.IdentityProviders.AddByMetadataDirectory("..\\..\\Metadata");
-            //myconfig.IdentityProviders.AddByMetadataUrl(new Uri("https://tas.fhict.nl/identity/saml2/metadata"));
-            myconfig.IdentityProviders.First().OmitAssertionSignatureCheck = true;
-            myconfig.LoggingFactoryType = "SAML2.Logging.DebugLoggerFactory";
-            return myconfig;
-        }
-
-        private byte[] FileEmbeddedResource(string path)
-        {
-            var assembly = System.Reflection.Assembly.GetExecutingAssembly();
-            var resourceName = path;
-
-            byte[] result = null;
-            using (Stream stream = assembly.GetManifestResourceStream(resourceName))
-            using (var memoryStream = new MemoryStream()) {
-                stream.CopyTo(memoryStream);
-                result = memoryStream.ToArray();
-            }
-            return result;
-        }
-    }
+using System;
+using System.Linq;
+using Owin;
+using SAML2.Config;
+using System.IO;
+
+namespace SelfHostOwinSPExample
+{
+    internal partial class Startup
+    {
+        public void Configuration(IAppBuilder appBuilder)
+        {
+            var config = GetSamlConfiguration();
+#if TEST
+            config = TestEnvironmentConfiguration();
+#endif
+			appBuilder.Use<SeekableRequestBodyMiddleware>();
+            appBuilder.UseCookieAuthentication(new Microsoft.Owin.Security.Cookies.CookieAuthenticationOptions
+            {
+                AuthenticationType = "SAML2",
+                AuthenticationMode = Microsoft.Owin.Security.AuthenticationMode.Active
+            });
+            appBuilder.UseSamlAuthentication(new Owin.Security.Saml.SamlAuthenticationOptions
+            {
+                Configuration = config,
+                RedirectAfterLogin = "/core",
+            });
+            appBuilder.Run(async c => {
+                if (c.Authentication.User != null &&
+                    c.Authentication.User.Identity != null &&
+                    c.Authentication.User.Identity.IsAuthenticated) {
+                    await c.Response.WriteAsync(c.Authentication.User.Identity.Name + "\r\n");
+                    await c.Response.WriteAsync(c.Authentication.User.Identity.AuthenticationType + "\r\n");
+                    foreach (var claim in c.Authentication.User.Identities.SelectMany(i => i.Claims))
+                        await c.Response.WriteAsync(claim.Value + "\r\n");
+                    await c.Response.WriteAsync("authenticated");
+                } else {
+                    // trigger authentication
+                    c.Authentication.Challenge(c.Authentication.GetAuthenticationTypes().Select(d => d.AuthenticationType).ToArray());
+                }
+                return;
+            });
+        }
+
+        private Saml2Configuration GetSamlConfiguration()
+        {
+            var myconfig = new Saml2Configuration
+            {
+                ServiceProvider = new ServiceProvider
+                {
+                    SigningCertificate = new System.Security.Cryptography.X509Certificates.X509Certificate2(FileEmbeddedResource("SelfHostOwinSPExample.sts_dev_certificate.pfx"), "test1234", System.Security.Cryptography.X509Certificates.X509KeyStorageFlags.MachineKeySet),
+                    Server = "https://localhost:44333/core",
+                    Id = "https://www.testsamlgithub.com"
+                },
+				AllowedAudienceUris = new System.Collections.Generic.List<Uri>( new[] { new Uri( "https://www.testsamlgithub.com" ) } )
+            };
+            myconfig.ServiceProvider.Endpoints.AddRange(new[] {
+                new ServiceProviderEndpoint(EndpointType.SignOn, "/core/saml2/login", "/core"),
+                new ServiceProviderEndpoint(EndpointType.Logout, "/core/saml2/logout", "/core"),
+                new ServiceProviderEndpoint(EndpointType.Metadata, "/core/saml2/metadata")
+            });
+            myconfig.IdentityProviders.AddByMetadataDirectory("..\\..\\Metadata");
+            //myconfig.IdentityProviders.AddByMetadataUrl(new Uri("https://tas.fhict.nl/identity/saml2/metadata"));
+            myconfig.IdentityProviders.First().OmitAssertionSignatureCheck = true;
+            myconfig.LoggingFactoryType = "SAML2.Logging.DebugLoggerFactory";
+            return myconfig;
+        }
+
+        private byte[] FileEmbeddedResource(string path)
+        {
+            var assembly = System.Reflection.Assembly.GetExecutingAssembly();
+            var resourceName = path;
+
+            byte[] result = null;
+            using (Stream stream = assembly.GetManifestResourceStream(resourceName))
+            using (var memoryStream = new MemoryStream()) {
+                stream.CopyTo(memoryStream);
+                result = memoryStream.ToArray();
+            }
+            return result;
+        }
+    }
 }
\ No newline at end of file
diff --git a/src/SelfHostOwinSPExample/sts_dev_certificate.pfx b/src/SelfHostOwinSPExample/sts_dev_certificate.pfx
new file mode 100644
index 0000000..c78d2fb
Binary files /dev/null and b/src/SelfHostOwinSPExample/sts_dev_certificate.pfx differ
diff --git a/src/packages/repositories.config b/src/packages/repositories.config
new file mode 100644
index 0000000..4eb7a7c
--- /dev/null
+++ b/src/packages/repositories.config
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="utf-8"?>
+<repositories>
+  <repository path="..\Owin.Security.Saml\packages.config" />
+  <repository path="..\SAML2.Tests\packages.config" />
+  <repository path="..\SelfHostOwinSPExample\packages.config" />
+</repositories>
\ No newline at end of file