Upgrade notes for simpleSAMLphp 1.14
====================================
The `mcrypt` extension is no longer required by SimpleSAMLphp, so if no signatures or encryption are being used, it
can be skipped. It is still a requirement for `xmlseclibs` though, so for those verifying or creating signed
documents, or using encryption, is is still needed.
PHP session cookies are now set to HTTP-only by default. This relates to the `session.phpsession.httponly`
configuration option.
The jQuery version in use has been bumped to the latest 1.8.X version.
The following deprecated files, directories and endpoints have been removed:
* `bin/pack.php`
* `docs/pack.txt`
* `docs/simplesamlphp-features.txt`
* `docs/simplesamlphp-reference-sp-hosted.txt`
* `docs/simplesamlphp-subversion.txt`
* `lib/SimpleSAML/Auth/BWC.php` (`SimpleSAML_Auth_BWC`)
* `lib/SimpleSAML/MemcacheStore.php` (`SimpleSAML_MemcacheStore`)
* `lib/SimpleSAML/Metadata/MetaDataStorageHandlerDynamicXML.php` (`SimpleSAML_Metadata_MetaDataStorageHandlerDynamicXML`)
* `modules/aselect/www/linkback.php`
* `modules/core/lib/ModuleDefinition.php` (`sspmod_core_ModuleDefinition`)
* `modules/core/lib/ModuleInstaller.php` (`sspmod_core_ModuleInstaller`)
* `modules/core/www/bwc_resumeauth.php`
* `modules/core/www/idp/resumeauth.php`
* `modules/oauth/lib/OauthSignatureMethodRSASHA1.php` (`sspmod_oauth_OauthSignatureMethodRSASHA1`)
* `modules/oauth/www/accessToken.php`
* `modules/oauth/www/authorize.php`
* `modules/oauth/www/requestToken.php`
* `modules/smartnameattribute/`
* `www/resources/jquery.js`
* `www/resources/jquery-ui.js`
* `www/resources/uitheme/`
* `www/shib13/sp/`
* `www/saml2/idp/idpInitSingleLogoutServiceiFrame.php`
* `www/saml2/idp/SingleLogoutServiceiFrame.php`
* `www/saml2/idp/SingleLogoutServiceiFrameResponse.php`
* `www/saml2/sp/`
* `www/wsfed/`
* `www/example-simple/`
* `www/auth/`
The following deprecated methods and constants have been removed:
* `SimpleSAML_AuthMemCookie::getLoginMethod()`
* `SimpleSAML_Session::DATA_TIMEOUT_LOGOUT`
* `SimpleSAML_Session::expireDataLogout()`
* `SimpleSAML_Session::get_sp_list()`
* `SimpleSAML_Session::getAttribute()`
* `SimpleSAML_Session::getAttributes()`
* `SimpleSAML_Session::getAuthnInstant()`
* `SimpleSAML_Session::getAuthnRequest()`
* `SimpleSAML_Session::getAuthority()`
* `SimpleSAML_Session::getIdP()`
* `SimpleSAML_Session::getInstance()`
* `SimpleSAML_Session::getLogoutState()`
* `SimpleSAML_Session::getNameID()`
* `SimpleSAML_Session::getSessionIndex()`
* `SimpleSAML_Session::getSize()`
* `SimpleSAML_Session::isAuthenticated()`
* `SimpleSAML_Session::remainingTime()`
* `SimpleSAML_Session::setAttribute()`
* `SimpleSAML_Session::setAttributes()`
* `SimpleSAML_Session::setAuthnRequest()`
* `SimpleSAML_Session::setIdP()`
* `SimpleSAML_Session::setLogoutState()`
* `SimpleSAML_Session::setNameID()`
* `SimpleSAML_Session::setSessionDuration()`
* `SimpleSAML_Session::setSessionIndex()`
* `SimpleSAML_Utilities::generateRandomBytesMTrand()`
The following methods have changed their signature. Refer to the code for the updated signatures:
* `SimpleSAML_Auth_Default::initLogin()`
* `SimpleSAML_Metadata_MetaDataStorageHandler::getGenerated()`
* `SimpleSAML_Metadata_MetaDataStorageHandler::getMetaData()`
* `SimpleSAML_Metadata_MetaDataStorageHandler::getMetaDataCurrent()`
* `SimpleSAML_Metadata_MetaDataStorageHandler::getMetaDataCurrentEntityID()`
* `SimpleSAML_Session::doLogout()`
* `SimpleSAML_Session::getAuthState()`
* `SimpleSAML_Session::registerLogoutHandler()`
* `SimpleSAML_Utilities::generateRandomBytes()`
* `SimpleSAML_XML_Shib13_AuthnRequest::createRedirect()`
The following methods and classes have been deprecated. Refer to the code for alternatives:
* `SimpleSAML_Auth_Default`, together with all the `SimpleSAML_Auth_Default.*` keys in the state array.
* `SimpleSAML_Auth_Default::extractPersistentAuthState()`
* `SimpleSAML_Auth_Default::handleUnsolicitedAuth()`
* `SimpleSAML_Auth_Default::initLogin()`
* `SimpleSAML_Auth_Default::initLogout()`
* `SimpleSAML_Auth_Default::initLogoutReturn()`
* `SimpleSAML_Auth_Default::loginCompleted()`
* `SimpleSAML_Auth_Default::logoutCallback()`
* `SimpleSAML_Auth_Default::logoutCompleted()`
* `SimpleSAML_Utilities`
* `SimpleSAML_Utilities::addURLParameter()`
* `SimpleSAML_Utilities::aesDecrypt()`
* `SimpleSAML_Utilities::aesEncrypt()`
* `SimpleSAML_Utilities::arrayize()`
* `SimpleSAML_Utilities::checkCookie()`
* `SimpleSAML_Utilities::checkDateConditions()`
* `SimpleSAML_Utilities::checkURLAllowed()`
* `SimpleSAML_Utilities::createHttpPostRedirectLink()`
* `SimpleSAML_Utilities::createPostRedirectLink()`
* `SimpleSAML_Utilities::debugMessage()`
* `SimpleSAML_Utilities::doRedirect()`
* `SimpleSAML_Utilities::fatalError()`
* `SimpleSAML_Utilities::fetch()`
* `SimpleSAML_Utilities::formatDOMElement()`
* `SimpleSAML_Utilities::formatXMLString()`
* `SimpleSAML_Utilities::generateID()`
* `SimpleSAML_Utilities::generateRandomBytes()`
* `SimpleSAML_Utilities::generateTimestamp()`
* `SimpleSAML_Utilities::getAcceptLanguage()`
* `SimpleSAML_Utilities::getAdminLogoutURL()`
* `SimpleSAML_Utilities::getBaseURL()`
* `SimpleSAML_Utilities::getDefaultEndpoint()`
* `SimpleSAML_Utilities::getDOMChildren()`
* `SimpleSAML_Utilities::getDOMText()`
* `SimpleSAML_Utilities::getFirstPathElement()`
* `SimpleSAML_Utilities::getLastError()`
* `SimpleSAML_Utilities::getSecretSalt()`
* `SimpleSAML_Utilities::getSelfHost()`
* `SimpleSAML_Utilities::getSelfHostWithPath()`
* `SimpleSAML_Utilities::getTempDir()`
* `SimpleSAML_Utilities::initTimezone()`
* `SimpleSAML_Utilities::ipCIDRcheck()`
* `SimpleSAML_Utilities::isAdmin()`
* `SimpleSAML_Utilities::isDOMElementOfType()`
* `SimpleSAML_Utilities::isHTTPS()`
* `SimpleSAML_Utilities::isWindowsOS()`
* `SimpleSAML_Utilities::loadPrivateKey()`
* `SimpleSAML_Utilities::loadPublicKey()`
* `SimpleSAML_Utilities::maskErrors()`
* `SimpleSAML_Utilities::normalizeURL()`
* `SimpleSAML_Utilities::parseAttributes()`
* `SimpleSAML_Utilities::parseDuration()`
* `SimpleSAML_Utilities::parseQueryString()`
* `SimpleSAML_Utilities::parseStateID()`
* `SimpleSAML_Utilities::popErrorMask()`
* `SimpleSAML_Utilities::postRedirect()`
* `SimpleSAML_Utilities::redirect()`
* `SimpleSAML_Utilities::redirectTrustedURL()`
* `SimpleSAML_Utilities::redirectUntrustedURL()`
* `SimpleSAML_Utilities::requireAdmin()`
* `SimpleSAML_Utilities::resolveCert()`
* `SimpleSAML_Utilities::resolvePath()`
* `SimpleSAML_Utilities::resolveURL()`
* `SimpleSAML_Utilities::selfURL()`
* `SimpleSAML_Utilities::selfURLHost()`
* `SimpleSAML_Utilities::selfURLNoQuery()`
* `SimpleSAML_Utilities::setCookie()`
* `SimpleSAML_Utilities::stringToHex()`
* `SimpleSAML_Utilities::transposeArray()`
* `SimpleSAML_Utilities::validateCA()`
* `SimpleSAML_Utilities::validateXML()`
* `SimpleSAML_Utilities::validateXMLDocument()`
* `SimpleSAML_Utilities::writeFile()`
The following modules will no longer be shipped with the next version of SimpleSAMLphp:
* `aggregator`
* `aggregator2`
* `aselect`
* `autotest`
* `casserver`
* `consentSimpleAdmin`
* `discojuice`
* `InfoCard`
* `logpeek`
* `metaedit`
* `modinfo`
* `papi`
* `oauth`
* `openid`
* `openidProvider`
* `saml2debug`
* `themefeidernd`
The default value for trusted.url.domains in the config template has been changed from NULL to an empty array(), this sets a higher grade of default security. Resetting to NULL will re-allow untrusted routing.