Many thanks for major contributions (especially on the testing front where the project was lacking) from Amertz08 and askvortsov1
- Major and breaking change: Service Providers are now backed by the database instead of being configured via the settings: #51
- Test coverage has been improved significantly. CI was added to run tests, linting and report code coverage which will improve stability of development.
- Django 3.0 is added to the tests matrix. We currently are doing Python 3.6, 3.7, 3.8 and Django 2.2, 3.0.
- Dropped Python 3.5.
- Django 2.0 and 2.1 as they are no longer officially supported Django versions.
Bugfix release, thanks to contributions from pix666 in #61
Bugfix release, thanks to contributions from @mjholtkamp in #54, #55, and #56
Many thanks for contributions to @askvortsov1 and @peppelinux for the contributions in this release
- More NameID formats supported, and a check on support for a format by the IDP was added. #32, #38, #46
- The field on user to be used for the NameID can now be configured per SP via the
nameid_fieldin theSAML_IDP_SPCONFIG. - The setting for signed responses and assertions can be configured per SP in the
SAML_IDP_SPCONFIG. The default algorithm if not specified has been upgraded from SHA1 to SHA256. #35 - SLO (single_logout_service) support for both POST and REDIRECT binding. The path of the new view is
slo/<str:binding>/. #23 - The
attribute_mappingper SP in theSAML_IDP_SPCONFIGfor constructing the identity dict now accepts a callable method on an object next to a normal attribute. - Assertions can now be encrypted. This can be configured per SP using the
encrypt_saml_responsesin theSAML_IDP_SPCONFIG, and set globally using theSAML_ENCRYPT_AUTHN_RESPONSEsetting. #36
- BREAKING CHANGE: the
create_identity(...)method on the Processor class has had it's signature change. It now does not accept extra kwargs anymore, only the user and the attribute_mapping. This might or might not be relevant to you; it is if you have subclassed a processor and have customized thecreate_identitymethod there. - Improved logging with pretty representation of requests/responses.
Many thanks for contributions to @lgarvey
- The user identifier attribute is now customizable via the
SAML_IDP_DJANGO_USERNAME_FIELDsettings. PR#20 - Supports the HTTP REDIRECT binding. PR#20
- Bugfix in the NameID generation where destination instead of entity ID was used. #18
- BREAKING CHANGE: the
has_access(user)method on the Processor class has been changed tohas_access(request). This to allow a broader scope of access control checks to perform. If you have subclassed theBaseProcessorclass and have overriden this method with a custom implementation, you will need to change this.
Many thanks for contributions to @jlunger-arcweb
- IDP-initiated login
- Example project extended with IDP-initiated login and improved docs on it
Many thanks for contributions to @peppelinux, @saundersmatt, @JosephKiranBabu
- Python 3 support
- Django 2.x supported. Tested with 2.0 and 2.1
- Added some docstring on certain methods
- Added decorators to the views to restrict allowed HTTP methods, and disable browser caching of the views.
- Multi Factor Authentication: view is now a Class-Based View for easier subclassing. Functionality remains the same, so users who have implemented their own view with this name will not break.
- Updated certificates included in the example project
- Reworked login process view to a CBV.
- Small updates to example project to show where you are in the browser.
- Python 2 support
- Django < 2.x support
Many thanks for contributions to @goetzk
- Multi factor authentication