All Versions
20
Latest Version
Avg Release Cycle
53 days
Latest Release
386 days ago

Changelog History
Page 1

  • v1.0.0

    March 12, 2019
    • target_url query parameter for the sign-in/sign-out requests must be x-www-form-urlencoded.

    • Redirect URLs are properly encoded.

    • 🔒 Switched to report-to in content security policy.

    • ⚡️ cache-control header value updated.

    • 🔒 Issue: #33 - Content Security Policy Enabled Content-Security-Policy in the HTTP response.

    • 👍 PR: #41 - Config support for nameid format Samly uses the nameid format from the IdP metadata XML file. It is possible now to override this using nameid_fomat config setting. If this format information is not present in the IdP metadata XML and not specified in the config setting, it defaults to :transient. Thanks to calvinb for the PR.

    • 👍 Uptake esaml 4.2 bringing in support for encrypted assertions. Check Assertion Encryption for supported encryption algorithms. Use this information to enable assertion encryption on IdP. Thanks to tcrossland for the esaml PR.

  • v1.0.0-rc.1

    February 28, 2019
  • v1.0.0-rc.0

    February 13, 2019
  • v0.10.1

    January 08, 2019
    • Issues: #39, #40 - Downcase response header names (PR from calvinb)
  • v0.10.0

    December 31, 2018
    • 👍 Issue: #31 - Support for Cowboy 2.x Uptake esaml v4.0.0 which includes support for Cowboy 2.x. If support for Cowboy 1.x is needed, you need an override with esaml v3.6.x in your application mix.exs file.

    • 👍 Issue: #32 - Support for custom State Storage Includes support for ETS and Plug Sessions based authenticated SAML assertion storage. It is possible to create custom stores by implementing Samly.State.Store.

    • Issue: #34 - Included filename in error messages Include metadata/cert/key filenames when there is an error relevant to those files.

  • v0.9.3

    September 19, 2018
    • 🛠 Uptake esaml v3.6.0 that includes fixes for schema validation errors.
  • v0.9.2

    • 🔀 PR merged fixing reopened Issue #16 (from @peterox)
  • v0.9.1

    March 08, 2018
    • 🚚 Remove the need for supplying certicate and key files if the requests are not signed (Issue #16). Useful during development when the corresponding Identity Provider is setup for unsigned requests/responses. Use signing for production deployments. The defaults expect signed requests/responses.
  • v0.9.0

    February 26, 2018
    • 👍 Issue: #12. Support for IDP initiated SSO flow.

    • Original auth request ID when returned in auth response is made available in the assertion subject (SP initiated SSO flows). For IDP initiated SSO flows, this will be an empty string.

    • 🚚 Issue: #14. Remove built-in referer check. Not specific to Samly. It is better handled by the consuming application.

  • v0.8.4

    December 01, 2017
    • Shibboleth Single Logout session match related fix. Uptake esaml v3.3.0.