NB-Public/user_saml
14
0
Fork 0
mirror of https://github.com/netzbegruenung/user_saml.git synced 2024-05-04 18:13:41 +02:00
Code Issues Projects Releases Wiki Activity
user_saml/3rdparty/vendor/onelogin/php-saml/CHANGELOG
Björn Schiessle a9fbc8703e
update to php-saml 3.0.0 without mcrypt dependecy 
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-10-09 22:08:33 +02:00

212 lines
10 KiB
Plaintext
Raw Blame History

CHANGELOG
=========
v.3.0.0 (pending)
* Remove mcrypt dependency. Compatible with PHP 7.2
* xmlseclibs now is not part of the toolkit and need to be installed from original source
v.2.12.0
* Improve Time management. Use DateTime/DateTimeZone classes.
* Escape error messages in debug mode
* Improve phpdoc
* Add an extra filter to the url to be used on redirection
* [#242](https://github.com/onelogin/php-saml/pull/242) Document that SHA-1 must not be used
* [#250](https://github.com/onelogin/php-saml/pull/250) Fixed issue with IdPMetadataParser only keeping 1 certificate when multiple certificates of a single type were provided.
* [#263](https://github.com/onelogin/php-saml/issues/263) Fix incompatibility with ADFS on SLO. When on php saml settings NameID Format is set as unspecified but the SAMLResponse has no NameID Format, no NameID Format should be specified on LogoutRequest.
v.2.11.0
* [#236](https://github.com/onelogin/php-saml/pull/236) Exclude unnecesary files from Composer production downloads
* [#226](https://github.com/onelogin/php-saml/pull/226) Add possibility to handle nameId NameQualifier attribute in SLO Request
* Improve logout documentation on Readme.
* Improve multi-certificate support
v.2.10.7
* Fix IdPMetadataParser. The SingleLogoutService retrieved method was wrong
* [#201](https://github.com/onelogin/php-saml/issues/201) Fix issues with SP entity_id, acs url and sls url that contains &
v.2.10.6
* [#206](https://github.com/onelogin/php-saml/pull/206)Be able to register future SP x509cert on the settings and publish it on SP metadata
* [#206](https://github.com/onelogin/php-saml/pull/206) Be able to register more than 1 Identity Provider x509cert, linked with an specific use (signing or encryption)
* [#206](https://github.com/onelogin/php-saml/pull/206) Support the ability to parse IdP XML metadata (remote url or file) and be able to inject the data obtained on the settings.
v.2.10.5
* Be able to get at the auth object the last processed ID
* Improve NameID Format support
* Reset errorReason attribute of the auth object after each Process method
* Validate serial number as string to work around libxml2 limitation
* Make the Issuer on the Response Optional
v.2.10.4
* [+](https://github.com/onelogin/php-saml/commit/949359f5cad5e1d085c4e5447d9aa8f49a6e82a1) Security update for signature validation on LogoutRequest/LogoutResponse
* [#192](https://github.com/onelogin/php-saml/pull/192) Added ability to configure DigestAlgorithm in settings
* [#183](https://github.com/onelogin/php-saml/pull/183) Fix strpos bug when decrypting assertions
* [#186](https://github.com/onelogin/php-saml/pull/186) Improve info on entityId validation Exception
* [#188](https://github.com/onelogin/php-saml/pull/188) Fixed issue with undefined constant of UNEXPECTED_SIGNED_ELEMENT
* Read ACS binding on AuthNRequest builder from settings
* Be able to relax Destination validation on SAMLResponses and let this
attribute to be empty with the 'relaxDestinationValidation' setting
v.2.10.3
* Implement a more specific exception class for handling some validation errors
* Minor changes on time validation/exceptions
* Add hooks to retrieve last-sent and last-received requests and responses
* Improve/Fix tests
* Add DigestAlgorithm support on addSign
* [#177](https://github.com/onelogin/php-saml/pull/177) Add error message for bad OneLogin_Saml2_Settings argument
v.2.10.2
* [#175](https://github.com/onelogin/php-saml/pull/175) Allow overriding of host, port, protocol and url path for URL building
* [#173](https://github.com/onelogin/php-saml/pull/173) Provide better support to NameIdFormat
* Fix another issue on Assertion Signature validation when the assertion contains no namespace, container has saml2 namespace and it was encrypted
v.2.10.1
* Fix error message on SignMetadata process
* Fix issue on Assertion Signature validation when the assertion contains no namespace and it was encrypted
v.2.10.0
* Several security improvements:
* Conditions element required and unique.
* AuthnStatement element required and unique.
* SPNameQualifier must math the SP EntityID
* Reject saml:Attribute element with same “Name” attribute
* Reject empty nameID
* Require Issuer element. (Must match IdP EntityID).
* Destination value can't be blank (if present must match ACS URL).
* Check that the EncryptedAssertion element only contains 1 Assertion element.
* Improve Signature validation process
* AttributeConsumingService support
* Support lowercase Urlencoding (ADFS compatibility).
* [#154](https://github.com/onelogin/php-saml/pull/154) getSelfHost no longer returns a port number
* [#156](https://github.com/onelogin/php-saml/pull/156) Use correct host on response destination fallback check
* [#158](https://github.com/onelogin/php-saml/pull/158) NEW Control usage of X-Forwarded-* headers
* Fix issue with buildRequestSignature. Added RelayState to the SignQuery only if is not null.
* Add Signature Wrapping prevention Test
* Improve _decryptAssertion in order to take care of Assertions with problems with namespaces
* Improve documentation
v.2.9.1
.......
* [134](https://github.com/onelogin/php-saml/pull/134) PHP7 production settings compiles out assert(), throw an exception explicitly
* [132](https://github.com/onelogin/php-saml/pull/132) Add note for "wantAssertionsEncrypted"
* Update copyright on LICENSE
v.2.9.0
-------
* Change the decrypt assertion process.
* Add 2 extra validations to prevent Signature wrapping attacks.
* Remove reference to wrong NameIDFormat: urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified should be urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
* [128](https://github.com/onelogin/php-saml/pull/128) Test php7 and upgrade phpunit
* Update Readme with more descriptive requestedAuthnContext description and Security Guidelines
v.2.8.0
-------
* Make NameIDPolicy of AuthNRequest optional
* Make nameID requirement on SAMLResponse optional
* Fix empty URI support
* Symmetric encryption key support
* Add more Auth Context options to the constant class
* Fix DSA_SHA1 constant on xmlseclibs
* Set none requestedAuthnContext as default behaviour
* Update xmlseclibs lib
* Improve formatPrivateKey method
* Fix bug when signing metadata, the SignatureMethod was not provided
* Fix getter for lastRequestID parameter in OneLogin_Saml2_Auth class
* Add $wantEncrypted parameter on addX509KeyDescriptors method that will allow to set KeyDescriptor[use='encryption'] if wantNameIdEncrypted or wantAssertionsEncrypted enabled
* Add $stay parameter on redirectTo method. (login/logout supports $stay but I forgot add this on previous 2.7.0 version)
* Improve code style
v.2.7.0
-------
* Trim acs, slo and issuer urls.
* Fix PHP 7 error (used continue outside a loop/switch).
* Fix bug on organization element of the SP metadata builder.
* Fix typos on documentation. Fix ALOWED Misspell.
* Be able to extract RequestID. Add RequestID validation on demo1.
* Add $stay parameter to login, logout and processSLO method.
v.2.6.1
-------
* Fix bug on cacheDuration of the Metadata XML generated.
* Make SPNameQualifier optional on the generateNameId method. Avoid the use of SPNameQualifier when generating the NameID on the LogoutRequest builder.
* Allows the authn comparsion attribute to be set via config.
* Retrieve Session Timeout after processResponse with getSessionExpiration().
* Improve readme readability.
* Allow single log out to work for applications not leveraging php session_start. Added a callback parameter in order to close the session at processSLO.
v.2.6.0
-------
* Set NAMEID_UNSPECIFIED as default NameIDFormat to prevent conflicts with IdPs that don't support NAMEID_PERSISTENT.
* Now the SP is able to select the algorithm to be used on signatures (DSA_SHA1, RSA_SHA1, RSA_SHA256, RSA_SHA384, RSA_SHA512).
* Change visibility of _decryptAssertion to protected.
* Update xmlseclibs library.
* Handle valid but uncommon dsig block with no URI in the reference.
* login, logout and processSLO now return ->redirectTo instead of just call it.
* Split the setting check methods. Now 1 method for IdP settings and other for SP settings.
* Let the setting object to avoid the IdP setting check. required if we want to publish SP SAML Metadata when the IdP data is still not provided.
v.2.5.0
-------
* Do accesible the ID of the object Logout Request (id attribute).
* Add note about the fact that PHP 5.3 is unssuported.
* Add fingerprint algorithm support.
* Add dependences to composer.
v.2.4.0
-------
* Fix wrong element order in generated metadata.
* Added SLO with nameID and SessionIndex in demo1.
* Improve isHTTPS method in order to support HTTP_X_FORWARDED_PORT.
* Set optional the XMLvalidation (enable/disable it with wantXMLValidation security setting).
v.2.3.0
-------
* Resolve namespace problem. Some IdPs uses saml2p:Response and saml2:Assertion instead of samlp:Response saml:Assertion.
* Improve test and documentation.
* Improve ADFS compatibility.
* Remove unnecessary XSDs files.
* Make available the reason for the saml message invalidation.
* Adding ability to set idp cert once the Setting object initialized.
* Fix status info issue.
* Reject SAML Response if not signed and strict = false.
* Support NameId and SessionIndex in LogoutRequest.
* Add ForceAuh and IsPassive support.
v.2.2.0
-------
* Fix bug with Encrypted nameID on LogoutRequest.
* Fixed usability bug. SP will inform about AuthFail status after process a Response.
* Added SessionIndex support on LogoutRequest, and know is accesible from the Auth class.
* LogoutRequest and LogoutResponse classes now accept non deflated xml.
* Improved the XML metadata/ Decrypted Assertion output. (prettyprint).
* Fix bug in formatPrivateKey method, the key could be not RSA.
* Explicit warning message for signed element problem.
* Decrypt method improved.
* Support more algorithm at the SigAlg in the Signed LogoutRequests and LogoutResponses
* AuthNRequest now stores ID (it can be retrieved later).
* Fixed a typo on the 'NameIdPolicy' attribute that appeared at the README and settings_example file.
v.2.1.0
-------
* The isValid method of the Logout Request is now non-static. (affects processSLO method of Auth.php).
* Logout Request constructor now accepts encoded logout requests.
* Now after validate a message, if fails a method getError of the object will return the cause.
* Fix typos.
* Added extra parameters option to login and logout methods.
* Improve Test (new test, use the new getError method for testing).
* Bugfix namespace problem when getting Attributes.
v.2.0.0
-------
* New PHP SAML Toolkit (SLO, Sign, Encryptation).
v.1.0.0
-------
* Old PHP SAML Toolkit.
Reference in a new issue View git blame Copy permalink