Skip to content

6.18.0

Choose a tag to compare

View all tags
@github-actions github-actions released this 07 Oct 12:49
· 197 commits to main since this release
6.18.0
e6ea2b3
This commit was signed with the committer’s verified signature.
baszoetekouw Bas Zoetekouw
GPG key ID: D183A517BFA98DE6
Verified
Learn about vigilant mode.

6.18.0

Dependencies:

  • This release requires Manage >= 9.0.1; for the IdP-based PDP calls, Manage 9.4 is required.

Maintenance:

  • Replace abandoned container-interop/container-interop
  • HTML templates: remove trailing slash on void elements
  • Update pbkdf2 from 3.1.2 to 3.1.3 in /theme

New feature:

  • Support for adding UserAtributes in the SFO AuthnRequest to the Stepup-Gateway (#1826).
    This is required for GSSP Fallback.
    The feature_stepup_send_user_attributes setting is used to enable this feature;
    if enabled, specify the attributes to add to the AuthnRequest using stepup.callout_user_attributes.
    The default is to send schacHomeOrganization and mail.
  • Prevent double entries in the Discovery caused by duplicate name:* and DiscoveryName:*` entries in Manage (#1852)
  • Request PDP decision based on IdP-setting (#1857); in Manage (>=9.4) it is possible to set the
    coin:policy_enforcement_decision_required flag for an IdP in addition to for an SP. Also policies no longer require an SP to
    be specified and can be applied to all logins from an IdP.

Changes:

  • Set width of the debug page to browser width (#1790)

Bugfixes:

  • Correctly json-decode the rememberchoice cookie
  • Engine ARP must not apply to user atrributes sent to stepup callout (#1849)
  • Make sure the javascript assets are versioned (#1869)

6.17.0 (not released)

Dependencies:

  • This release requires Manage >= 9.0.1

Maintenance:

  • Update database client version to MariaDB 10.6.0
  • Upgrade saml2 library to 4.17.0
  • Update nanoid to 3.3.6
  • Update elliptic to 6.6.1
  • Update Devconf installation and docs
  • Fix composer lock file (#1785)

New Features:

  • Add configurable default RequestedAuthnContext
    By setting the Manage option metadata:coin:defaultRAC for an IdP, this value will be sent by
    default if no other is set (either in the AuthnRequest or form a fixed MFA rule).
  • Support additional WAYF entries per IdP Endpoint with dedicated name, logo, keywords (#1338);
    multiple WAYF-entries per IdP can be specified by filling the DiscoveryName:[0-9]:<lang>,
    keywords:[0-9]:<lang> and logo:[0-9]:<lang> fields.
    See also OpenConext-manage#457
  • Add configurable client timeout for AA and PDP (#1777).
    Add the setting http_client.timeout to parameters.yml to set the limit.
  • Limited the number of outstanding AuthNRequests per session (#1345).
    Add the setting maximum_authentications_per_session to parameters.yml to set the limit.

Changes:

  • Remove confusing key_id from stepup callout logging (#1343)
  • Read & store metadata coin:collab_enabled (#1818);
    this setting does nothing for now but prepares for merging of SBS integration
  • Make the consent container slightly wider (#1324)
  • Improve the formatting and readability of the IdP debug mail (#1330)
  • Stricter regex for urn validation (#1339)
  • Improve validation of allowed values for eduPersonScopedAffiliation
  • Use assertion id for session index (#41)
  • Log to stderr by default (#1796)
  • Add explicit IdP signing key feedback (#1328)

Bugfixes

  • Improve handling of PDP timeout error (#1285)
  • Validate numeric key in ARP settings on metadata push (#1336)
  • Set the correct database version in doctrine (#1811)
Assets 6
Loading