OneLogin's SAML PHP Toolkit v2.12.0

@pitbulk pitbulk released this Nov 6, 2017 · 3 commits to master since this release

Changelog v.2.12.0:

  • Improve Time management. Use DateTime/DateTimeZone classes.

  • Escape error messages in debug mode

  • Improve phpdoc

  • Add an extra filter to the url to be used on redirection

  • #242 Document that SHA-1 must not be used

  • #250 Fixed issue with IdPMetadataParser only keeping 1 certificate when multiple certificates of a single type were provided.

  • #263 Fix incompatibility with ADFS on SLO. When on php saml settings NameID Format is set as unspecified but the SAMLResponse has no NameID Format, no NameID Format should be specified on LogoutRequest.

Downloads

OneLogin's SAML PHP Toolkit v2.11.0

@pitbulk pitbulk released this Jul 21, 2017 · 62 commits to master since this release

Changelog v.2.11.0:

  • #236 Exclude unnecesary files from Composer production downloads
  • #226 Add possibility to handle nameId NameQualifier attribute in SLO Request
  • Improve logout documentation on Readme.
  • Improve multi-certificate support

Downloads

OneLogin's SAML PHP Toolkit v2.10.7

@pitbulk pitbulk released this May 19, 2017 · 79 commits to master since this release

  • Fix IdPMetadataParser. The SingleLogoutService retrieved method was wrong
  • #201 Fix issues with SP entity_id, acs url and sls url that contains &

Downloads

OneLogin's SAML PHP Toolkit v2.10.5

@pitbulk pitbulk released this Mar 13, 2017 · 95 commits to master since this release

Changelog v.2.10.5:

  • Be able to get at the auth object the last processed ID
  • Improve NameID Format support
  • Reset errorReason attribute of the auth object after each Process method
  • Validate serial number as string to work around libxml2 limitation
  • Make the Issuer on the Response Optional

Downloads

OneLogin's SAML PHP Toolkit v2.10.4

@pitbulk pitbulk released this Feb 28, 2017 · 100 commits to master since this release

Changelog v.2.10.4:

  • Security update for signature validation on LogoutRequest/LogoutResponse (read more)
  • #192 Added ability to configure DigestAlgorithm in settings
  • #183 Fix strpos bug when decrypting assertions
  • #186 Improve info on entityId validation Exception
  • #188 Fixed issue with undefined constant of UNEXPECTED_SIGNED_ELEMENT
  • Read ACS binding on AuthNRequest builder from settings
  • Be able to relax Destination validation on SAMLResponses and let this
    attribute to be empty with the 'relaxDestinationValidation' setting

Downloads

OneLogin's SAML PHP Toolkit v2.10.3

@pitbulk pitbulk released this Jan 11, 2017 · 119 commits to master since this release

Changelog v.2.10.3:

  • Implement a more specific exception class for handling some validation errors
  • Minor changes on time validation/exceptions
  • Add hooks to retrieve last-sent and last-received requests and responses
  • Improve/Fix tests
  • Add DigestAlgorithm support on addSign
  • #177 Add error message for bad OneLogin_Saml2_Settings argument

Downloads

OneLogin's SAML PHP Toolkit v2.10.2

@pitbulk pitbulk released this Nov 15, 2016 · 133 commits to master since this release

Changelog v.2.10.2:

  • #175 Allow overriding of host, port, protocol and url path for URL building
  • #173 Provide better support to NameIdFormat
  • Fix another issue on Assertion Signature validation when the assertion contains no namespace, container has saml2 namespace and it was encrypted

Downloads

OneLogin's SAML PHP Toolkit v2.10.1

@pitbulk pitbulk released this Oct 26, 2016 · 144 commits to master since this release

Changelog v.2.10.1:

  • Fix error message on SignMetadata process
  • Fix issue on Assertion Signature validation when the assertion contains no namespace and it was encrypted

Downloads

OneLogin's SAML PHP Toolkit v2.10.0

@pitbulk pitbulk released this Oct 14, 2016 · 151 commits to master since this release

This version includes a security patch that contains extra validations that will prevent signature wrapping attacks and other security improvements.

Changelog v.2.10.0:

  • Several security improvements:
    • Conditions element required and unique.
    • AuthnStatement element required and unique.
    • SPNameQualifier must match the SP EntityID
    • Reject saml:Attribute element with same “Name” attribute
    • Reject empty nameID
    • Require Issuer element. (Must match IdP EntityID).
    • Destination value can't be blank (if present must match ACS URL).
    • Check that the EncryptedAssertion element only contains 1 Assertion element.
  • Improve Signature validation process
  • AttributeConsumingService support
  • Support lowercase Urlencoding (ADFS compatibility).
  • #154 getSelfHost no longer returns a port number
  • #156 Use correct host on response destination fallback check
  • #158 NEW Control usage of X-Forwarded-* headers
  • Fix issue with buildRequestSignature. Added RelayState to the SignQuery only if is not null.
  • Add Signature Wrapping prevention Test
  • Improve _decryptAssertion in order to take care of Assertions with problems with namespaces
  • Improve documentation:

Downloads