Releases: SAML-Toolkits/php-saml
Releases · SAML-Toolkits/php-saml
OneLogin's SAML PHP Toolkit v2.11.0
OneLogin's SAML PHP Toolkit v2.10.7
- Fix IdPMetadataParser. The SingleLogoutService retrieved method was wrong
- #201 Fix issues with SP entity_id, acs url and sls url that contains &
OneLogin's SAML PHP Toolkit v2.10.6
Changelog v.2.10.6:
- Be able to register future SP x509cert on the settings and publish it on SP metadata
- Be able to register more than 1 Identity Provider x509cert, linked with an specific use (signing or encryption)
- Support the ability to parse IdP XML metadata (remote url or file) and be able to inject the data obtained on the settings.
OneLogin's SAML PHP Toolkit v2.10.5
Changelog v.2.10.5:
- Be able to get at the auth object the last processed ID
- Improve NameID Format support
- Reset errorReason attribute of the auth object after each Process method
- Validate serial number as string to work around libxml2 limitation
- Make the Issuer on the Response Optional
OneLogin's SAML PHP Toolkit v2.10.4
Changelog v.2.10.4:
- Security update for signature validation on LogoutRequest/LogoutResponse (read more)
- #192 Added ability to configure DigestAlgorithm in settings
- #183 Fix strpos bug when decrypting assertions
- #186 Improve info on entityId validation Exception
- #188 Fixed issue with undefined constant of UNEXPECTED_SIGNED_ELEMENT
- Read ACS binding on AuthNRequest builder from settings
- Be able to relax Destination validation on SAMLResponses and let this
attribute to be empty with the 'relaxDestinationValidation' setting
OneLogin's SAML PHP Toolkit v2.10.3
Changelog v.2.10.3:
- Implement a more specific exception class for handling some validation errors
- Minor changes on time validation/exceptions
- Add hooks to retrieve last-sent and last-received requests and responses
- Improve/Fix tests
- Add DigestAlgorithm support on addSign
- #177 Add error message for bad OneLogin_Saml2_Settings argument
OneLogin's SAML PHP Toolkit v2.10.2
OneLogin's SAML PHP Toolkit v2.10.1
Changelog v.2.10.1:
- Fix error message on SignMetadata process
- Fix issue on Assertion Signature validation when the assertion contains no namespace and it was encrypted
OneLogin's SAML PHP Toolkit v2.10.0
This version includes a security patch that contains extra validations that will prevent signature wrapping attacks and other security improvements.
Changelog v.2.10.0:
- Several security improvements:
- Conditions element required and unique.
- AuthnStatement element required and unique.
- SPNameQualifier must match the SP EntityID
- Reject saml:Attribute element with same “Name” attribute
- Reject empty nameID
- Require Issuer element. (Must match IdP EntityID).
- Destination value can't be blank (if present must match ACS URL).
- Check that the EncryptedAssertion element only contains 1 Assertion element.
- Improve Signature validation process
- AttributeConsumingService support
- Support lowercase Urlencoding (ADFS compatibility).
- #154 getSelfHost no longer returns a port number
- #156 Use correct host on response destination fallback check
- #158 NEW Control usage of X-Forwarded-* headers
- Fix issue with buildRequestSignature. Added RelayState to the SignQuery only if is not null.
- Add Signature Wrapping prevention Test
- Improve _decryptAssertion in order to take care of Assertions with problems with namespaces
- Improve documentation: