sustainsys.saml2 is vulnerable to authorization bypass. The vulnerability exists as it recognizes all incoming tokens as bearer tokens. A user would not require a valid Saml2 bearer token to create a log in session.
github.com/Sustainsys/Saml2/commit/2ebbdba792e8d66218de91e899f0f785eed670d0
github.com/Sustainsys/Saml2/commit/e58e0a1aff2b1ead6aca080b7cdced55ee6d5241
github.com/Sustainsys/Saml2/issues/1107
github.com/Sustainsys/Saml2/issues/711
github.com/Sustainsys/Saml2/issues/712
github.com/Sustainsys/Saml2/security/advisories/GHSA-9475-xg6m-j7pw
www.nuget.org/packages/Sustainsys.Saml2/