Version 4.0.0

4.0.0 (2019-07-09)

• Remove the warning filter; users must set the filter themselves
• Refactor internal data representation
  • Deprecate satosa.internal_data module
  • Use satosa.internal module
  • Store the NameID value as satosa.internal.InternalData.subject_id
  • Store the NameID nameid-format as satosa.internal.InternalData.subject_type
• Deprecate hash configuration option set in internal attributes
• Deprecate USER_ID_HASH_SALT configuration option
• Remove attribute hashing
• Deprecate UserIdHasher classes
• Deprecate UserIdHashType enum
• Support SAML NameID nameid-format emailAddress and unspecified
• Accept authn response with no NameID element
• Reset state after cookie decryption failure
• Add API to load data in Context object
  • KEY_BACKEND_METADATA_STORE
  • KEY_TARGET_ENTITYID
  • KEY_FORCE_AUTHN
  • KEY_MEMORIZED_IDP
• Add initial eIDAS support
• Support memoization of IdP selection when using MDQ
• plugins: Warn when AssertionConsumerService binding is HTTP-Redirect in the saml2 backend
• plugins: Add SAMLUnsolicitedFrontend frontend
• plugins: Add SAMLVirtualCoFrontend frontend
• plugins: Add extra_scopes configuration to support multiple scopes
• plugins: Use the latest pyop version
• plugins: Add primary identifier micro-service
• plugins: Misc fixes and improvents for LDAP attribute store micro-service
• plugins: Add verify_ssl option to OIDC backend
• plugins: Add hasher micro-service
• plugins: Add support in frontend for common domain cookie
• plugins: Add Ping frontend
• plugins: Fixes for the account linking micro-service
• tests: Misc improvements
• tests: Use latest pytest
• build: Set supported python versions to py35 py36 py37 and pypy3
  • Dropped support for py34
• build: Set minimum supported pysaml2 version
• docs: Instructions to use with Apache and mod_wsgi
• docs: Add satosa-users mailing list information
• docs: Add ui_info in example configs
• docs: Add GÉANT contribution notice
• docs: Misc typos and improvements

v3.4.8

Allow CMService to show additional information (#128)
Added scope extractor processor (#131)
Added scope remover processor (#132)
Fix userid handling for Github backend (#133)
Allow scope processor to handle multi-valued attributes (#134)
Allow AL internal UniqueID to be used as attribute (#135)
Idp blacklisting (#141)
Fix SAML Frontend always return NameID with format persistent (#143)
Thanks to @jkakavas

Improve logging and exception handling (#138)
Dockerfile improvements (#139)
Documented how to set default accepted time diff (#145)
Thanks to @rhoerbe

Fix failing docker build on travis (#147)

v3.4.7

Explicitly enable signature checking in example config as a sane default (#129)
Thanks to @jkakavas

Documentation for new configuration options (#127)
Feature refactor saml modules (#125)
Fix default values for acr (#124)
Refactor attribute profile initialization (#123)
Allow testers to run specific tests (#122)
Add requested authn context for backend requests (#121)
Select preferred binding on the configuration (#120)
Fix codeblocks in Custom attribute release section (#119)
Update documentation link for eIDAS Message Format from v1.0 to v1.1-2 (#118)
Thanks to @c00kiemon5ter

v3.4.6

Support ORCID OAuth2.0 backend (#115)
Support github OAuth 2.0 backend (#116)
Add support for a LinkedIn backend (#117)

Thanks to @saxtouri

v3.4.5

Upgraded pyop to v2.0.5 (#106)
Actually make sign_assertion and sign_response configurable (#105)

Enhanced the logic to take identifiers asserted by the IdP to use when querying the LDAP (#104)

Thanks to @skoranda

Fix for bad config check on sensitive keys (#108)

Thanks to @leifj

Add custom logging microservice (#109)

Thanks to @mrvanes

Expose metadata endpoint via configuration option (#111)
Store outstanding queries to disallow unsolicited responses (#112)
Add attribute processor microservice (#113)

Thanks to @c00kiemon5ter

Correctly handle error responses (#114)

Thanks to @jkakavas

v3.4.4

2017-06-08

Support for attribute-based authorization (#89)
Carry the proxy through as authentication authority (#97)
Make sign_assertion and sign_response configurable (#98)
Enable defaults for custom attribute release using '' or 'default' key (#99)
Attribute generation (#100)

-- Thank to @leifj

SAMLInternalResponse for saml backend (#95)
Fix for no Format in NameIDPolicy for SAML2 frontend (#102)
NameID input from attributes for LDAP attribute store (#103)

-- Thanks to @skoranda

v3.4.3

Always wrap metadata in single element (#82)
Fix handling of Content-Type header (#83)
Fix unavailable attribute causes 'Unknown error' (#88)
Thanks to @jkakavas

Signing signature and digest algorithm configuration (#87)
Thanks to @skoranda

v3.4.2

Add clear_input_attributes configuration option for LdapAttributeStore (#71)
Thanks to @skoranda

Updated pysaml version from 4.2.0 to 4.4.0.

v3.4.1

Updated for latest ldap3 package (#64)
Per-SP configuration for LDAP attribute store microservice (#60)
Added __repr__ method to class State to aid debugging (#59)
Added __repr__ method to class Context to aid debugging (#58)
Thanks to @skoranda.

Fix facebook backend metadata bug (#63)
Thanks to @saxtouri

Remove explicit pyoidc dependency to avoid collision with pyop (#57)
Thanks to @zamzterz

v3.4.0

News

• LDAP microservice, thanks to @skoranda. See LdapAttributeStore

Fix

• Handle encrypted assertions from SAML IdPs, thanks to @skoranda.