samly v1.0.0 Release Notes

Release Date: 2019-03-12 // about 1 year ago
    • target_url query parameter for the sign-in/sign-out requests must be x-www-form-urlencoded.

    • Redirect URLs are properly encoded.

    • 🔒 Switched to report-to in content security policy.

    • ⚡️ cache-control header value updated.

    • 🔒 Issue: #33 - Content Security Policy Enabled Content-Security-Policy in the HTTP response.

    • 👍 PR: #41 - Config support for nameid format Samly uses the nameid format from the IdP metadata XML file. It is possible now to override this using nameid_fomat config setting. If this format information is not present in the IdP metadata XML and not specified in the config setting, it defaults to :transient. Thanks to calvinb for the PR.

    • 👍 Uptake esaml 4.2 bringing in support for encrypted assertions. Check Assertion Encryption for supported encryption algorithms. Use this information to enable assertion encryption on IdP. Thanks to tcrossland for the esaml PR.


Previous changes from v1.0.0-rc.1