2.4.0

• CIL-2114 - Consume eduPersonOrcid attribute from SAML Identity Providers. Previously, eduPersonOrcid was available only when logging in with the ORCID.org IdP.

2.3.1

• CIL-1968 Don't send remote_user to dbService

2.3.0

• CIL-1963 Use DynamoDB for PHP sessions
• CIL-1967 Fix issues found during WCAG 2.2 accessibility assessment

2.2.1

Update library dependency for pear/log to v1.14.x

2.2.0

• CIL-1812 Allow session variables NOT to be output in logs
• CIL-1879 Set secure options for PHPSESSID cookie
• Update library dependency for thenetworg/oauth2-azure to v2.2.2 (fixes issue with firebase/php-jwt)

2.1.1

Update library dependencies:

• firebase/php-jwt: v6.7.0
• thenetworg/oauth2-azure: v2.2.1

2.1.0

CIL-1806 - If requesting the org.cilogon.userinfo scope, assert the uidNumber claim when the SAML-based IdP has asserted the attribute urn:oid:1.3.6.1.1.1.1.0 (commit).
Note: The Shibboleth SP attribute-map.xml must be configured to map urn:oid:1.3.6.1.1.1.1.0 to uidNumber.

2.0.1

CIL-1800 - Fix broken Microsoft OAuth2 logins by forcing version 6.5.0 of the firebase/php-jwt library. v6.6.0 and above changed the parameters for JWT::decode() which causes the oauth2-azure to fail.

2.0.0

Create a "real" release so composer doesn't have to depend on "dev-main".

Improvements and Bug Fixes:

• CIL-912 - Update AUP links in footer (commit)
• CIL-1738 - Assert eduPersonAssurance claim (commit 1, commit 2)
• CIL-1751 - Allow multiple IdP metadata sources (commit) (to be used by AAF)
• CIL-1765 - Show non-standard scopes (e.g., used with SciTokens) on consent screen (commit)
• CIL-1769 - Enable use of database read-only endpoint if available (commit)
• CIL-1778 - Bug fix - Check if array is not null before accessing array element (commit)