- Fix Metadata XML (RequestedAttribute)
- Fix Windows specific Unix date formatting bug.
- Docs for OSx instlltion of libsecxml1
- Fix SHA384 Constant URI
- #142 Refactor of settings.py to make it a little more readable.
- Bugfix for ADFS lowercase signatures
- READMEs suggested wrong cert name
- #117 AttributeConsumingService support
- #114 Compare Assertion InResponseTo if not None
- Return empty list when there are no audience values
- Passing NameQualifier through to logout request
- Make deflate process when retrieving built SAML messages optional
- Add debug parameter to decrypt method
- Fix Idp Metadata parser
- Add documentation related to the new IdP metadata parser methods
- Extract the already encoded value directly from get_data
- #133 Fix typo and add extra assertions in util decrypt test
- Fix Signature with empty URI support
- Allow AuthnRequest with no NameIDPolicy
- Remove requirement of NameID on SAML responses
- Prevent signature wrapping attack!!
- #111 Add support for nested
NameIDchildren insideAttributeValues - ALOWED Misspell
- Improve how we obtain the settings path.
- Update docs adding reference to test depencence installation
- Fix Organization element on SP metadata.
- #100 Support Responses that don't have AttributeStatements.
- #86 Make idp settings optional (Usefull when validating SP metadata)
- #79 Remove unnecesary dependence. M2crypto is not used.
- #77 Fix server_port can be None
- Fix bug on settings constructor related to sp_validation_only
- Make SPNameQualifier optional on the generateNameId method. Avoid the use of SPNameQualifier when generating the NameID on the LogoutRequest builder.
- Allows the RequestedAuthnContext Comparison attribute to be set via settings
- Be able to retrieve Session Timeout after processResponse
- Update documentation. Clarify the use of the certFingerprint
- Now the SP is able to select the algorithm to be used on signatures (DSA_SHA1, RSA_SHA1, RSA_SHA256, RSA_SHA384, RSA_SHA512).
- Support sign validation of different kinds of algorithm
- Add demo example of the Bottle framework.
- #73 Improve decrypt method
- Handle valid but uncommon dsig block with no URI in the reference
- Split the setting check methods. Now 1 method for IdP settings and other for SP settings
- Let the setting object to avoid the IdP setting check. required if we want to publish SP * SAML Metadata when the IdP data is still not provided.
- Do accesible the ID of the object Logout Request (id attribute)
- Add SAMLServiceProviderBackend reference to the README.md
- Solve HTTPs issue on demos
- Fix PHP-style array element in settings json
- Add fingerprint algorithm support. Previously the toolkit assumed SHA-1 algorithm
- Fix creation of metadata with no SLS, when using settings.get_sp_metadata()
- Allow configuration of metadata caching/expiry via settings
- Allow metadata signing with SP key specified as config value, not file
- Set NAMEID_UNSPECIFIED as default NameIDFormat to prevent conflicts
- Improve validUntil/cacheDuration metadata settings
- Fix wrong element order in generated metadata (SLS before NameID). metadata xsd updated
- Added SLO with nameID and SessionIndex in the demos
- Fix Exception message on Destination validation of the Logout_request
- Update the dm.xmlsec.binding library to 1.3.2 (Improved transform support, Workaround for buildout problem)
- Fix flask demo settings example.
- Add nameID & sessionIndex support on Logout Request
- Reject SAML Response if not signed and strict = false
- Add ForceAuh and IsPassive support on AuthN Request
- Adding AuthnContextClassRef support
- Process nested StatusCode
- Fix settings bug
- SSO and SLO (SP-Initiated and IdP-Initiated).
- Assertion and nameId encryption.
- Assertion signature.
- Message signature: AuthNRequest, LogoutRequest, LogoutResponses.
- Enable an Assertion Consumer Service endpoint.
- Enable a Single Logout Service endpoint.
- Publish the SP metadata (which can be signed).
- Security improved, added more checks at the SAMLResponse validation
- OneLogin's SAML Python Toolkit v1.0.0