Changelog History
Page 1
-
v1.0.0 Changes
March 12, 2019target_url
query parameter for the sign-in/sign-out requests must bex-www-form-urlencoded
.Redirect URLs are properly encoded.
๐ Switched to
report-to
in content security policy.โก๏ธ
cache-control
header value updated.๐ Issue: #33 - Content Security Policy Enabled
Content-Security-Policy
in the HTTP response.๐ PR: #41 - Config support for nameid format
Samly
uses the nameid format from the IdP metadata XML file. It is possible now to override this usingnameid_fomat
config setting. If this format information is not present in the IdP metadata XML and not specified in the config setting, it defaults to:transient
. Thanks to calvinb for the PR.๐ Uptake
esaml 4.2
bringing in support for encrypted assertions. Check Assertion Encryption for supported encryption algorithms. Use this information to enable assertion encryption on IdP. Thanks to tcrossland for theesaml
PR.
-
v1.0.0-rc.1
February 28, 2019 -
v1.0.0-rc.0
February 13, 2019 -
v0.10.1 Changes
January 08, 2019- Issues: #39, #40 - Downcase response header names (PR from calvinb)
-
v0.10.0 Changes
December 31, 2018๐ Issue: #31 - Support for Cowboy 2.x Uptake
esaml
v4.0.0 which includes support for Cowboy 2.x. If support for Cowboy 1.x is needed, you need an override withesaml
v3.6.x in your applicationmix.exs
file.๐ Issue: #32 - Support for custom State Storage Includes support for ETS and Plug Sessions based authenticated SAML assertion storage. It is possible to create custom stores by implementing
Samly.State.Store
.Issue: #34 - Included filename in error messages Include metadata/cert/key filenames when there is an error relevant to those files.
-
v0.9.3 Changes
September 19, 2018- ๐ Uptake
esaml
v3.6.0 that includes fixes for schema validation errors.
- ๐ Uptake
-
v0.9.2 Changes
- ๐ PR merged fixing reopened Issue #16 (from @peterox)
-
v0.9.1 Changes
March 08, 2018- ๐ Remove the need for supplying certicate and key files if the requests are not signed (Issue #16). Useful during development when the corresponding Identity Provider is setup for unsigned requests/responses. Use signing for production deployments. The defaults expect signed requests/responses.
-
v0.9.0 Changes
February 26, 2018๐ Issue: #12. Support for IDP initiated SSO flow.
Original auth request ID when returned in auth response is made available in the assertion subject (SP initiated SSO flows). For IDP initiated SSO flows, this will be an empty string.
๐ Issue: #14. Remove built-in referer check. Not specific to
Samly
. It is better handled by the consuming application.
-
v0.8.4 Changes
December 01, 2017- Shibboleth Single Logout session match related fix. Uptake
esaml v3.3.0
.
- Shibboleth Single Logout session match related fix. Uptake