File: CHANGELOG.md

package info (click to toggle)
ruby-omniauth-saml 2.1.0-2
  • links: PTS, VCS
  • area: main
  • in suites: bookworm
  • size: 220 kB
  • sloc: ruby: 634; xml: 133; makefile: 3
file content (185 lines) | stat: -rw-r--r-- 4,610 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
 
<a name="v2.1.0"></a>
### v2.1.0 (2022-03-01)


#### Refactor

* Rename usage of deprecated SAML options  ([74ed8df](/../../commit/74ed8df))

#### Chores

* bump ruby-saml to 1.12  ([15c156a](/../../commit/15c156a))

<a name="v2.0.0"></a>
### v2.0.0 (2021-01-13)


#### Chores

* Allow OmniAuth 2.0.0	 ([f7ec7ee](/../../commit/f7ec7ee))


<a name="v1.10.3"></a>
### v1.10.3 (2020-10-06)


#### Bug Fixes

* add options to logout_request initialization	 ([c271a37](/../../commit/c271a37))


<a name="v1.10.2"></a>
### v1.10.2 (2018-05-23)


#### Features

* **saml**
  * inherits allows response options from ruby-saml instead of whitelist	 ([a0eedd6](/../../commit/a0eedd6))


<a name="v1.10.1"></a>
### v1.10.1 (2018-06-07)


#### Features

* **saml-response**
  * whitelist more response options	 ([575198d](/../../commit/575198d))


<a name="v1.10.0"></a>
### v1.10.0 (2018-02-19)


#### Bug Fixes

* ambiguous path match in other phase	 ([1b465b9](/../../commit/1b465b9))
* Update ruby-saml gem to 1.7 or later to fix CVE-2017-11430 ([6bc28ad](/../../commit/6bc28ad))


<a name="v1.9.0"></a>
### v1.9.0 (2018-01-29)


#### Bug Fixes

* Update omniauth gem to 1.3.2 or later 1.3.x	 ([b6bb425](/../../commit/b6bb425))


<a name="v1.8.1"></a>
### v1.8.1 (2017-06-22)


#### Bug Fixes

* default assertion_consumer_service_url not set during callback	 ([4a2a5ef](/../../commit/4a2a5ef))


<a name="v1.8.0"></a>
### v1.8.0 (2017-06-07)


#### Features

* include SessionIndex in logout requests	 ([fb6ad86](/../../commit/fb6ad86))
* Support for configurable IdP SLO session destruction	 ([586bf89](/../../commit/586bf89))
* Add `uid_attribute` option to control the attribute used for the user id.	 ([eacc536](/../../commit/eacc536))


<a name="v1.7.0"></a>
### v1.7.0 (2016-10-19)

#### Features

* Support for Single Logout	 ([cd3fc43](/../../commit/cd3fc43))
* Add issuer information to the metadata endpoint, to allow IdPs to properly configure themselves.	 ([7bbbb67](/../../commit/7bbbb67))
* Added the response object to the extra['response_object'], so we can use the raw response object if we want to.	 ([76ed3d6](/../../commit/76ed3d6))

#### Chores

* Update `ruby-saml` to 1.4.0 to address security fixes. ([638212](/../../commit/638212))

<a name="v1.6.0"></a>
### v1.6.0 (2016-06-27)
* Ensure that subclasses of `OmniAuth::Stategies::SAML` are registered with OmniAuth as strategies (https://github.com/omniauth/omniauth-saml/pull/95)
* Update ruby-saml to 1.3 to address [CVE-2016-5697](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5697) (Signature wrapping attacks)

<a name="v1.5.0"></a>
### v1.5.0 (2016-02-25)

* Initialize OneLogin::RubySaml::Response instance with settings
* Adding "settings" to Response Class at initialization to handle signing verification
* Support custom attributes
* change URL from PracticallyGreen to omniauth
* Add specs for ACS fallback URL behavior
* Call validation earlier to get real error instead of 'response missing name_id'
* Avoid mutation of the options hash during requests and callbacks

<a name="v1.4.2"></a>
### v1.4.2 (2016-02-09)

* update ruby-saml to 1.1

<a name="v1.4.1"></a>
### v1.4.1 (2015-08-09)

* Configurable attribute_consuming_service

<a name="v1.4.0"></a>
### v1.4.0 (2015-07-23)

* update ruby-saml to 1.0.0

<a name="v1.3.1"></a>
### v1.3.1 (2015-02-26)

* Added missing fingerprint key check
* Expose fingerprint on the auth_hash

<a name="v1.3.0"></a>
### v1.3.0 (2015-01-23)

* add `idp_cert_fingerprint_validator` option

<a name="v1.2.0"></a>
### v1.2.0 (2014-03-19)

* provide SP metadata at `/auth/saml/metadata`

<a name="v1.1.0"></a>
### v1.1.0 (2013-11-07)

* no longer set a default `name_identifier_format`
* pass strategy options to the underlying ruby-saml library
* fallback to omniauth callback url if `assertion_consumer_service_url` is not set
* add `idp_sso_target_url_runtime_params` option

<a name="v1.0.0"></a>
### v1.0.0 (2012-11-12)

* remove SAML code and port to ruby-saml gem
* fix incompatibility with OmniAuth 1.1

<a name="v0.9.2"></a>
### v0.9.2 (2012-03-30)

* validate the SAML response
* 100% test coverage
* now requires ruby 1.9.2+

<a name="v0.9.1"></a>
### v0.9.1 (2012-02-23)

* return first and last name in the info hash
* no longer use LDAP OIDs for name and email selection
* return SAML attributes as the omniauth raw_info hash

<a name="v0.9.0"></a>
### v0.9.0 (2012-02-14)

* initial release
* extracts commits from omniauth 0-3-stable branch
* port to omniauth 1.0 strategy format
* update README with more documentation and license
* package as the `omniauth-saml` gem