SAML Python3 Toolkit v1.16.0

• #364 Improve get_metadata method from Parser, allowing to set headers
• Fix WantAuthnRequestsSigned parser
• Fix expired payloads used on tests
• Updated content from docs folder

SAML Python3 Toolkit v1.15.0

• #317 Handle unicode characters gracefully in python 2
• #338 Fix WantAuthnRequestsSigned parser
• #339 Add Poetry support
• Remove version restriction on lxml dependency
• Updated Django demo to 4.X (only py3 compatible)
• Updated Travis file. Forced lxml to be installed using no-validate_binary
• Removed references to OneLogin from documentation

OneLogin's SAML Python3 Toolkit v1.14.0

• #297 Don't require yanked version of lxml.
• #298 Add support for python 3.10 and cleanup the GHA.
• #299 Remove stats from coveralls removed as they are no longer maintained.

OneLogin's SAML Python3 Toolkit v1.13.0

• #296 Add rejectDeprecatedAlgorithm settings in order to be able reject messages signed with deprecated algorithms.
• Set sha256 and rsa-sha256 as default algorithms
• #288 Support building a LogoutResponse with non-success status
• Added warning about Open Redirect and Reply attacks
• ##274 Replace double-underscored names with single underscores
• Add at OneLogin_Saml2_Auth get_last_assertion_issue_instant() and get_last_response_in_response_to() methods
• Upgrade dependencies

OneLogin's SAML Python3 Toolkit v1.12.0

• #276 Deprecate server_port from request data dictionary

OneLogin's SAML Python3 Toolkit v1.11.0

• #261 Allow duplicate named attributes, controlled by a new setting
• #268 Make the redirect scheme matcher case-insensitive
• #256 Improve signature validation process. Add an option to use query string for validation
• #259 Add get metadata timeout
• #246 Add the ability to change the ProtocolBinding in the authn request.
• #248 Move storing the response data into its own method in the Auth class
• Remove the dependency on defusedxml
• #241 Improve AttributeConsumingService support
• Update expired dates from test responses
• Migrate from Travis to Github Actions

OneLogin's SAML Python3 Toolkit v1.10.1

• Fix bug on LogoutRequest class, get_idp_slo_response_url was used instead get_idp_slo_url

OneLogin's SAML Python3 Toolkit v1.10.0

• Added custom lxml parser based on the one defined at xmldefused. Parser will ignore comments and processing instructions and by default have deactivated huge_tree, DTD and access to external documents
• Destination URL Comparison is now case-insensitive for netloc
• Support single-label-domains as valid. New security parameter allowSingleLabelDomains
• Added get_idp_sso_url, get_idp_slo_url and get_idp_slo_response_url methods to the Settings class and use it in the toolkit
• #212 Overridability enhancements. Made classes overridable by subclassing. Use of classmethods instead staticmethods
• Add get_friendlyname_attributes support
• Remove external lib method get_ext_lib_path. Add set_cert_path in order to allow set the cert path in a different folder than the toolkit
• Add sha256 instead sha1 algorithm for sign/digest as recommended value on documentation and settings
• #178 Support for adding idp.crt from filesystem
• Add samlUserdata to demo-flask session
• Fix autoreloading in demo-tornado

OneLogin's SAML Python3 Toolkit v1.9.0

• Allow any number of decimal places for seconds on SAML datetimes
• Fix failOnAuthnContextMismatch code
• Improve signature validation when no reference uri
• Update demo versions. Improve them and add Tornado demo.

OneLogin's SAML Python3 Toolkit v1.8.0

• Set true as the default value for strict setting
• #152 Don't clean xsd and xsi namespaces
• Drop python3.4 support due lxml. See lxml 4.4.0 (2019-07-27)