Skip to content
Snippets Groups Projects
Select Git revision
  • master default protected
  • cesnet_simplesamlphp-1.19.8
  • elixir_simplesamlphp-1.19.8
  • simplesamlphp-1.19.8
  • cesnet_simplesamlphp-1.19.5
  • simplesamlphp-2.0
  • feature/assets
  • feature/rac-source-selector
  • cleanup/remove-base64-attributes
  • simplesamlphp-1.19
  • elixir_simplesamlphp-1.19.5
  • aarc_idp_hinting
  • feature/validate-authstate-before-processing
  • feature/build-two-tarballs
  • dependabot/composer/twig/twig-3.4.3
  • tvdijen-patch-1
  • unchanged-acs-url-no-www-script
  • feature/translation-improvements
  • symfony6
  • move_tests
  • v1.19.9
  • v2.1.3
  • v2.0.10
  • v2.1.2
  • v2.0.9
  • v2.1.1
  • v2.0.8
  • v2.1.0
  • v2.0.7
  • v2.1.0-rc1
  • v2.0.6
  • v2.0.5
  • 2.0.4-alpha.1
  • v2.0.4-alpha.1
  • v2.0.4
  • v2.0.3
  • v2.0.2
  • v2.0.1-alpha.1
  • v2.0.1
  • v1.19.8
40 results
Blame History Permalink
Code owners
Assign users and groups as approvers for specific file changes. Learn more.
simplesamlphp-changelog.md 70.86 KiB

SimpleSAMLphp changelog

This document lists the changes between versions of SimpleSAMLphp. See the upgrade notes for specific information about upgrading.

Version 1.16.0

Released TBD

Changes

  • Renamed class SimpleSAML_Error_BadUserInnput to SimpleSAML_Error_BadUserInput
  • PHP 7.2 compatibility, including removing deprecated use of assert with string.
  • Avoid logging database credentials in backtraces.
  • Updated Spanish translation.
  • Improvements to documentation, testsuite, code quality and coding style.

New features

  • Added support for SAML "Enhanced Client or Proxy" (ECP) protocol, IdP side with HTTP Basic Authentcation as authentication method. See the ECP IdP documentation for details.
  • New option sendmail_from, the from address for email sent by SSP.
  • New option options for PDO database connections, e.g. for TLS setup.
  • New option search.scope for LDAP authsources.
  • Add support for the DiscoHints IPHint metadata property.
  • Add support to specify metadata XML in config with the xml parameter, next to the exising file and url options.
  • Also support CGI/RewriteRule setups that set the REDIRECT_SIMPLESAMLPHP_CONFIG_DIR environment variable next to regular SIMPLESAMLPHP_CONFIG_DIR.
  • Support creating an AuthSource via factory, for example useful in tests.
  • Support preloading of a virtual config file via SimpleSAML_Configuration::setPreLoadedConfig to allow for dynamic population of authsources.php.
  • Fix edge case in getServerPort.
  • Add basic documentation on Nginx configuration.
  • Test authentication: optionally show AuthData array.

adfs

  • Make signature algorithm configurable with signature.algorithm.
  • Use configuration assertion lifetime when available.
  • Use adfs:wreply parameter when available.

authmyspace

  • Module removed because service is no longer available.

cas

  • Respect all LDAP options in LDAP call.

consent

  • Sort attribute values for consent.
  • Fix table layout for MySQL > 5.6.

core

  • StatisticsWithAttribute: add passive- prefix when logging passive requests, set new option skipPassive to skip logging these altogether.
  • Replace deprecated create_function with an anonymous function.
  • New authproc filter Cardinality to enforce attribute cardinality.
  • SQLPermanentStorage: proper expiration of stored values.
  • AttributeLimit: new options regex and ignoreCase.

ldap

  • AttributeAddUsersGroups: if attribute.groupname is set, use the configured attribute as the group name rather than the DN.
  • Also base64encode the ms-ds-consistencyguid attribute.

metarefresh

  • Return XML parser error for better debugging of problems.
  • Only actually parse metadata types that have been enabled.
  • Fix missing translation.

Oauth

  • Make module HTTP proxy-aware.
  • Remove unused demo app.

saml

  • AttributeConsumingService: allow to set isDefault and index options.
  • Encrypted attributes in an assertion are now decrypted correctly.

smartattributes

  • Fix to make the add_authority option work.

sqlauth

  • Changed from default-enabled to default-disabled.

statistics

  • Show decent error message when no data is available.

Version 1.15.4

Released 2018-03-02

  • Resolved a security issue related to signature validation in the SAML2 library. See SSPSA 201803-01.

Version 1.15.3

Released 2018-02-27

  • Resolved a security issue related to signature validation in the SAML2 library. See SSPSA 201802-01.
  • Fixed edge-case scenario where an application uses one of the known LoggingHandlers' name as a defined class
  • Fixed issue #793 in the PHP logging handler.

Version 1.15.2

Released 2018-01-31

  • Resolved a Denial of Service security issue when validating timestamps in the SAML2 library. See SSPSA 201801-01.
  • Resolved a security issue with the open redirect protection mechanism. See SSPSA 201801-02.
  • Fix undefined method error when using memcacheD.

authfacebook

  • Fix compatibility with Facebook strict URI match.

consent

  • Fix statistics not being gathered.

sqlauth

  • Prevented a security issue with the connection charset used for MySQL backends. See SSPSA 201801-03.

Version 1.15.1

Released 2018-01-12

Bug fixes

  • AuthX509 error messages were broken.
  • Properly calculate supported protocols based on config.
  • NameIDAttribute filter: update to use SAML2\XML\saml\NameID.
  • Replace remaining uses of SimpleSAML_Logger with namespace version.
  • Statistics: prevent mixed content errors.
  • Add 'no-store' to the cache-control header to avoid Chrome caching redirects.

Version 1.15.0

Released 2017-11-20

New features

  • Added support for authenticated web proxies with the proxy.auth setting.
  • Added new AttributeValueMap authproc filter.
  • Added attributemaps for OIDs from SIS (Swedish Standards Institute) and for eduPersonUniqueId, eduPersonOrcid and sshPublicKey.
  • Added an option to specify metadata signing and digest algorithm metadata.sign.algorithm.
  • Added an option for regular expression matching of trusted.url.domains via new trusted.url.regex setting.
  • The debug option is more finegrained and allows one to specify whether to log full SAML messages, backtraces or schema validations separately.
  • Added a check for the latest SimpleSAMLphp version on the front page. It can be disabled via the new setting admin.checkforupdates.
  • Added a warning when there's a probable misconfiguration of PHP sessions.
  • Added ability to define additional attributes on ContactPerson elements in metatada, e.g. for use in Sirtfi contacts.
  • Added option to set a secure flag also on the language cookie.
  • Added option to specify the base URL for the application protected.
  • Added support for PHP Memcached extension next to Memcache extension.
  • Added Redis as possible session storage mechanism.
  • Added support to specify custom metadata storage handlers.
  • Invalidate opcache after writing a file, so simpleSAMLphp works when opcache.validate_timestamps is disabled.
  • Metadata converter will deal properly with XML with leading whitespace.
  • Update ldapwhoami() call for PHP 7.3.
  • Made response POST page compatible with strict Content Security Policy on calling webpage.
  • Updated Greek, Polish, Traditional Chinese and Spanish translations and added Afrikaans.

Bug fixes

  • The deprecated OpenIdP has been removed from the metadata template.
  • Trailing slash is no longer required in baseurlpath.
  • Make redirections more resilient.
  • Fixed empty protocolSupportEnumeration in AttributeAuthorityDescriptor.
  • Other bug fixes and numerous documentation enhancements.
  • Fixed a bug in the Redis store that could lead to incorrect duplicate assertion errors.

API and user interface

  • Updated to Xmlseclibs 3.0. Minimum PHP version is now 5.4, mcrypt requirement dropped.
  • Added a PSR-4 autoloader for modules. Now modules can declare their classes under the SimpleSAML\Module namespace.
  • Added new hook for module loader exception handling exception_handler.
  • Expose RegistrationInfo in parsed SAML metadata.
  • The AuthnInstant is now available in the state array.
  • Introduced Twig templating for user interface.
  • Lots of refactoring, code cleanup and added many unit tests.

adfs

  • Fixed POST response form parameter encoding.

authYubiKey

  • Fixed PHP 7 support.

authfacebook

  • Updated to work with latest Facebook API.

authlinkedin

  • Added setting attributes to specify which attributes to request from LinkedIn.

authtwitter

  • Added support for fetching the user's email address as attribute.

consent

  • Added support for regular expressions in consent.disable.

core

  • Added logging of REMOTE_ADDR on successful login.
  • AttributeMap: allow fetching mapping files from modules.
  • ScopeAttribute: added option onlyIfEmpty to add a scope only if none was present.
  • AttributeCopy: added option to copy to multiple destination attributes.

cron

  • Allow invocation via PHP command line interface.

discopower

  • Added South Africa tab.

ldap

  • Added search.filter setting to limit LDAP queries to a custom search filter.
  • Added OpenLDAP support in AttributeAddUsersGroups.
  • Fixed for using non standard LDAP port numbers.
  • Fixed configuration option of whether to follow LDAP referrals.

memcacheMonitor

  • Fixed several missing strings.

metarefresh

  • Fixed several spurious PHP notices.

multiauth

  • Fixed selected source timeout.

negotiate

  • Fixed authentication failure on empty attributes-array.
  • Fixed PHP notices concerning missing arguments.

oauth

  • Updated library to improve support for OAuth 1.0 Revision A.

radius