All changes are in the main branch (master remains unchanged).
- Erlang 21.x compatibility fix - PR #15 from zwilias
- Nonce in auto form submission script - Issue #16
- Support for Encrypted Assertions - PR #13 from tcrossland
Includes support for
aes128-gcm,aes128-cbcandaes256-cbcdata encryption algorithms andrsa-oaep-mgf1pkey encryption algorithm.
- Fixed issue: #11 - Support for Cowboy 2
- Fixed issue: #9 - HTTP-REDIRECT wrong case
Corrected SP metadata XML generated by
esaml-HTTP-Redirectinstead of the full uppercase form. Reported by mikegazdag.
- Fixed issued: #8 - LogoutRequest Validation Error
Removed
ProtocolBindingattribute fromLogoutRequestandLogoutResponse. Made sure thesaml:Issuerelement is in proper sequence in the requests. Schema validation was failing forLogoutRequestandLogoutResponsewithout these fixes. Thanks to mjcloutier for reporting this issue.
- Erlang/OTP 21.0 support Removed tuple calls. Thanks to PR from zwilias.
- Fixed issue: #4 - InResponseTo - make this available
In case of SP initiated SSO, the auth response includes the original
request ID. Make this available in the assertion subject esaml record.
(as
in_response_to). The IDP initiated requestes don't include this. Thein_response_tofield is set to an empty string in that case.
-
NameIDformat can be passed as a parameter toesaml_sp:generate_authn_request/3. Deprecatedesaml_sp:generate_authn_request/2. Pass inundefinedas NameID format if you do not want to pass inNameIDPolicyin the authn request. -
Passing
#esaml_subject{}with the values returned in the authn response assertion subject. This is essential for sending appropriateNameQualifier,SPNameQualifierandFormatvalues in the SLO logout request. Without these values, Shibboleth fails to match the SP session on the IdP side. Deprecatedesaml_sp:generate_logout_request/3. It will be removed in a future relase.
- Generate SP Metadata XML that passes schema validation
- Support for customizable SP entity_id