Skip to content

Latest commit

 

History

History
155 lines (96 loc) · 4.02 KB

CHANGELOG.md

File metadata and controls

155 lines (96 loc) · 4.02 KB
Raw

v1.10.2 (2018-05-23)

Features

  • saml
    • inherits allows response options from ruby-saml instead of whitelist (a0eedd6)

v1.10.1 (2018-06-07)

Features

  • saml-response
    • whitelist more response options (575198d)

v1.10.0 (2018-02-19)

Bug Fixes

  • ambiguous path match in other phase (1b465b9)
  • Update ruby-saml gem to 1.7 or later to fix CVE-2017-11430 (6bc28ad)

v1.9.0 (2018-01-29)

Bug Fixes

  • Update omniauth gem to 1.3.2 or later 1.3.x (b6bb425)

v1.8.1 (2017-06-22)

Bug Fixes

  • default assertion_consumer_service_url not set during callback (4a2a5ef)

v1.8.0 (2017-06-07)

Features

  • include SessionIndex in logout requests (fb6ad86)
  • Support for configurable IdP SLO session destruction (586bf89)
  • Add uid_attribute option to control the attribute used for the user id. (eacc536)

v1.7.0 (2016-10-19)

Features

  • Support for Single Logout (cd3fc43)
  • Add issuer information to the metadata endpoint, to allow IdPs to properly configure themselves. (7bbbb67)
  • Added the response object to the extra['response_object'], so we can use the raw response object if we want to. (76ed3d6)

Chores

  • Update ruby-saml to 1.4.0 to address security fixes. (638212)

v1.6.0 (2016-06-27)

  • Ensure that subclasses of OmniAuth::Stategies::SAML are registered with OmniAuth as strategies (omniauth#95)
  • Update ruby-saml to 1.3 to address CVE-2016-5697 (Signature wrapping attacks)

v1.5.0 (2016-02-25)

  • Initialize OneLogin::RubySaml::Response instance with settings
  • Adding "settings" to Response Class at initialization to handle signing verification
  • Support custom attributes
  • change URL from PracticallyGreen to omniauth
  • Add specs for ACS fallback URL behavior
  • Call validation earlier to get real error instead of 'response missing name_id'
  • Avoid mutation of the options hash during requests and callbacks

v1.4.2 (2016-02-09)

  • update ruby-saml to 1.1

v1.4.1 (2015-08-09)

  • Configurable attribute_consuming_service

v1.4.0 (2015-07-23)

  • update ruby-saml to 1.0.0

v1.3.1 (2015-02-26)

  • Added missing fingerprint key check
  • Expose fingerprint on the auth_hash

v1.3.0 (2015-01-23)

  • add idp_cert_fingerprint_validator option

v1.2.0 (2014-03-19)

  • provide SP metadata at /auth/saml/metadata

v1.1.0 (2013-11-07)

  • no longer set a default name_identifier_format
  • pass strategy options to the underlying ruby-saml library
  • fallback to omniauth callback url if assertion_consumer_service_url is not set
  • add idp_sso_target_url_runtime_params option

v1.0.0 (2012-11-12)

  • remove SAML code and port to ruby-saml gem
  • fix incompatibility with OmniAuth 1.1

v0.9.2 (2012-03-30)

  • validate the SAML response
  • 100% test coverage
  • now requires ruby 1.9.2+

v0.9.1 (2012-02-23)

  • return first and last name in the info hash
  • no longer use LDAP OIDs for name and email selection
  • return SAML attributes as the omniauth raw_info hash

v0.9.0 (2012-02-14)

  • initial release
  • extracts commits from omniauth 0-3-stable branch
  • port to omniauth 1.0 strategy format
  • update README with more documentation and license
  • package as the omniauth-saml gem