From 892df8eb9aa70fead24a4ec60742b489368e0f85 Mon Sep 17 00:00:00 2001
From: Thijs Kinkhorst <thijs@kinkhorst.com>
Date: Tue, 13 Nov 2018 19:45:50 +0000
Subject: [PATCH] Document that 1.15 broke EPTI 'string' format in a hard way

---
 docs/simplesamlphp-changelog.md          | 3 +++
 docs/simplesamlphp-upgrade-notes-1.15.md | 4 ++++
 2 files changed, 7 insertions(+)

diff --git a/docs/simplesamlphp-changelog.md b/docs/simplesamlphp-changelog.md
index 8e1c96b0d..a89fe7870 100644
--- a/docs/simplesamlphp-changelog.md
+++ b/docs/simplesamlphp-changelog.md
@@ -311,6 +311,9 @@ Released 2017-11-20
   * Make sure we log the user out before reauthenticating.
   * More robust handling of IDPList support in proxy mode.
   * Increased `_authSource` field length in Logout Store.
+  * We now send the eduPersonTargetedID attribute in the correct
+    NameID XML form, instead of the incorrect simple string. We will also
+    refuse to parse an assertion with an eduPersonTargetedID in 'string' format.
 
 ### `smartattributes`
   * Fix SmartName authproc that failed to load.
diff --git a/docs/simplesamlphp-upgrade-notes-1.15.md b/docs/simplesamlphp-upgrade-notes-1.15.md
index a4ffd2483..f540193fb 100644
--- a/docs/simplesamlphp-upgrade-notes-1.15.md
+++ b/docs/simplesamlphp-upgrade-notes-1.15.md
@@ -26,3 +26,7 @@ full certificate in `certData` instead.
 
 The `core:AttributeRealm` authproc filter has been deprecated.
 Please use `core:ScopeFromAttribute`, which is a generalised version of this.
+
+simpleSAMLphp will now send the eduPersonTargetedID attribute in the correct
+NameID XML form, instead of the incorrect simple string. It will also refuse
+to parse an assertion with an eduPersonTargetedID in 'string' format.
-- 
GitLab