@pitbulk pitbulk released this Jul 19, 2016 · 235 commits to master since this release

Assets 2

This 2.9.1 version:

  • 134 PHP7 production settings compiles out assert(), throw an exception explicitly
  • 132 Add note for "wantAssertionsEncrypted"
  • Update copyright on LICENSE

@pitbulk pitbulk released this Jun 27, 2016 · 244 commits to master since this release

Assets 2

This 2.9.0 version:

  • Change the decrypt assertion process.
  • Add 2 extra validations to prevent Signature wrapping attacks.
  • Remove reference to wrong NameIDFormat: urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified should be urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
  • 128 Test php7 and upgrade phpunit
  • Update Readme with more descriptive requestedAuthnContext description and Security Guidelines

@pitbulk pitbulk released this May 12, 2016 · 256 commits to master since this release

Assets 2

This 2.8.0 version:

  • Make NameIDPolicy of AuthNRequest optional
  • Make nameID requirement on SAMLResponse optional
  • Fix empty URI support
  • Symmetric encryption key support
  • Add more Auth Context options to the constant class
  • Fix DSA_SHA1 constant on xmlseclibs
  • Set requestedAuthnContext to false (none requestedAuthnContext sent on AuthNReqest) at advanced_settings_example.php
  • Update xmlseclibs lib
  • Improve formatPrivateKey method
  • Fix bug when signing metadata, the SignatureMethod was not provided
  • Fix getter for lastRequestID parameter in OneLogin_Saml2_Auth class
  • Add $wantEncrypted parameter on addX509KeyDescriptors method that will allow to set KeyDescriptor[use='encryption'] if wantNameIdEncrypted or wantAssertionsEncrypted enabled
  • Add $stay parameter on redirectTo method. (login/logout supports $stay but I forgot add this on previous 2.7.0 version)
  • Improve code style

@pitbulk pitbulk released this Feb 15, 2016 · 284 commits to master since this release

Assets 2

This 2.7.0 version:

  • Trim acs, slo and issuer urls.
  • Fix PHP 7 error (used continue outside a loop/switch).
  • Fix bug on organization element of the SP metadata builder.
  • Fix typos on documentation. Fix ALOWED Misspell.
  • Be able to extract RequestID. Add RequestID validation on demo1.
  • Add $stay parameter to login, logout and processSLO method.

@pitbulk pitbulk released this Sep 9, 2015 · 310 commits to master since this release

Assets 2

This 2.6.1 version:

  • Fix bug on cacheDuration of the Metadata XML generated.
  • Make SPNameQualifier optional on the generateNameId method. Avoid the use of SPNameQualifier when generating the NameID on the LogoutRequest builder.
  • Allows the authn comparsion attribute to be set via config.
  • Retrieve Session Timeout after processResponse with getSessionExpiration()
  • Improve readme readability
  • Allow single log out to work for applications not leveraging php session_start. Added a callback parameter in order to close the session at processSLO.

@pitbulk pitbulk released this Jul 17, 2015 · 327 commits to master since this release

Assets 2

This 2.6.0 version:

  • Set NAMEID_UNSPECIFIED as default NameIDFormat to prevent conflicts with IdPs that don't support NAMEID_PERSISTENT.
  • Now the SP is able to select the algorithm to be used on signatures (DSA_SHA1, RSA_SHA1, RSA_SHA256, RSA_SHA384, RSA_SHA512).
  • Change visibility of _decryptAssertion to protected.
  • Update xmlseclibs library.
  • Handle valid but uncommon dsig block with no URI in the reference.
  • login, logout and processSLO now return ->redirectTo instead of just call it.
  • Split the setting check methods. Now 1 method for IdP settings and other for SP settings.
  • Let the setting object to avoid the IdP setting check. required if we want to publish SP SAML Metadata when the IdP data is still not provided.

@pitbulk pitbulk released this Jun 5, 2015 · 343 commits to master since this release

Assets 2

This 2.5.0 version:

  • Do accesible the ID of the object Logout Request (id attribute)
  • Add note about the fact that PHP 5.3 is unssuported
  • Add fingerprint algorithm support.
  • Add dependences to composer.

@pitbulk pitbulk released this Mar 3, 2015 · 354 commits to master since this release

Assets 2

This 2.4.0 version:

  • Fix wrong element order in generated metadata
  • Added SLO with nameID and SessionIndex in demo1
  • Improve isHTTPS method in order to support HTTP_X_FORWARDED_PORT
  • Set optional the XMLvalidation (enable/disable it with wantXMLValidation security setting)

@pitbulk pitbulk released this Jan 13, 2015 · 368 commits to master since this release

Assets 2

This 2.3.0 version:

  • Resolve namespace problem. Some IdPs uses saml2p:Response and saml2:Assertion instead of samlp:Response saml:Assertion.
  • Improve test and documentation.
  • Improve ADFS compatibility.
  • Remove unnecessary XSDs files.
  • Make available the reason for the saml message invalidation.
  • Adding ability to set idp cert once the Setting object initialized.
  • Fix status info issue.
  • Reject SAML Response if not signed and strict = false.
  • Support NameId and SessionIndex in LogoutRequest.
  • Add ForceAuh and IsPassive support.

@pitbulk pitbulk released this Oct 2, 2014 · 395 commits to master since this release

Assets 2

This 2.2.0 version:

  • Fix bug with Encrypted nameID on LogoutRequest
  • Fixed usability bug. SP will inform about AuthFail status after process a Response.
  • Added SessionIndex support on LogoutRequest, and know is accesible from the Auth class.
  • LogoutRequest and LogoutResponse classes now accept non deflated xml
  • Improved the XML metadata/ Decrypted Assertion output. (prettyprint)
  • Fix bug in formatPrivateKey method, the key could be not RSA
  • Explicit warning message for signed element problem
  • Decrypt method improved
  • Support more algorithm at the SigAlg in the Signed LogoutRequests and LogoutResponses
  • AuthNRequest now stores ID (it can be retrieved later)
  • Fixed a typo on the 'NameIdPolicy' attribute that appeared at the README and settings_example file.