v2.4.0-rc4

Why skip v2.4.0-rc3

It's because there are missing xsd schema files when I publish it to npm, however, npm doesn't allow me to force publish the same version. Therefore, I bump the version to v2.4.0-rc4 and republish it again.

Release note

• Huge code refactor for the extractor and genericParser function
• Separate implementation and test suite for the extractor
• Detect potential wrapping signature attack
• Modify schema file to get rid of libxml2 limitation #198 (Thanks @rastko-florencehc)
• PR: Specify schema directory instead of changing process directory (#195) (@lselden)

Changes

The changes in this release might break your implementation of response extraction. For example, the extract.nameid would become extract.nameID.

const { samlContent, extract } = await sp.parseLoginResponse(idp, 'post', { body: { SAMLResponse } });

// all the extracted properties are now in camel case instead of lowercase

// extract.nameID
// extract.response.id
// extract.response.inResponseTo

Remarks: For the detection of potential wrapping signature attack, we will release an announcement with Hackerone by the next week to disclose the detail story. The announcement will also include the roadmap of v2.4 release.