forked from IdentityPython/djangosaml2
-
Notifications
You must be signed in to change notification settings - Fork 0
/
CHANGES
417 lines (321 loc) · 13.2 KB
/
CHANGES
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
Changes
=======
v1.2.2 (2021-05-27)
-------------------
- Fix #245: Don't update user_main_attribute @jaap3 (#283)
- Fix #278: Allow ACS_DEFAULT_REDIRECT_URL to override LOGIN_REDIRECT_URL in more places @jaap3 (#285)
- Add release notes for previous and upcoming releases @jaap3 (#284)
- Add default_auto_field setting, strongly recommended in Django 3.2 @jaap3 (#282)
- SPConfig loader instead of global django settings @peppelinux (#281)
- Fix #277: Resolve LOGIN_REDIRECT_URL @jaap3 (#279)
- Resolve LOGIN_REDIRECT_URL @jaap3 (#277)
v1.2.1 (2021-05-23)
-------------------
- Documentation improved
- unit tests and coverage improved
- better handling of unknown idps
v1.2.0 (2021-05-14)
-------------------
- Implement IdP Scoping parameter for SPs suggesting an entityID to a proxy @pauldekkers (#272)
v1.1.5 (2021-04-29)
-------------------
- Cast major/minor django VERSION number into float before comparing @lgarvey (#269)
- Add note to SameSite cookie docs section recommending upgrade to Django >= 3.1 @m6312 (#267)
v1.1.4 (2021-04-28)
-------------------
- fix: samesite cookie configuration fix for django version <3.1
v1.1.3 (2021-04-28)
--------------------
- Add assertion param to backed.authenticate and backend.is_authorized @lucyeun-alation (#128)
- feat: CI - added django 3.1 and 3.2
- fix: Samesite cookie value - fixed #266
- fix: Docs small changes in setup - pysaml2 example conf improved
v.1.1.2 (2021-04-11)
--------------------
- fix: idp hinting invalid import
v.1.1.1 (2021-04-05)
--------------------
- Read the docs
- Information exposure mitigation on SSO login view
v.1.1.0 (2021-04-01)
--------------------
- feature: Idp Hinting
- params: SAML_DEFAULT_BINDING for SSO
- code cleanup in SSO
v.1.0.5 (2021-03-05)
--------------------
- code linting, cleanup. Not enough but better than before
- Documentation: Replace signal with hooks (#251)
- Better saml_attribute handling in backend - more resilient
- Add session_info to user auth failed template (#248)
- Fix SAML_ACS_FAILURE_RESPONSE_FUNCTION override
- Update Custom Error Handler docs
v.1.0.4 (2021-02-16)
--------------------
- fixed saml_attributes of zero length
- removed unused code
v1.0.3 (2020-02-04)
-------------------
- Django Logout behaviour improved
v1.0.2 (2020-01-24)
-------------------
- RequestVersionTooLow exception handled in ACS
- Better exception handling for Malformed SAML Response
- pySAML2 dep up to v6.5.1
v1.0.1 (2020-01-20)
-------------------
- PySAML2 dependency, security update
https://github.com/IdentityPython/pysaml2/commit/12ec4a70c5aaf4c144f6b30a158193ca99bc76cd
v1.0.0 (2020-10-15)
-------------------
- General refactor with Django ClassViews
0.50.0 (2020-10-15)
-------------------
- Discovery Service support
0.40.1 (2020-09-08)
-------------------
- [BugFix] HTTP-REDIRECT Authn Requests with optional signature now works.
- [BugFix] SameSite - SuspiciousOperation issue in middleware (Issue #220)
0.40.0 (2020-08-07)
-------------------
- Allow a SSO request without any attributes besides the NameID info. Backwards-incompatible changes to allow easier behaviour differentiation, two methods now receive the idp identifier (+ **kwargs were added to introduce possible similar changes in the future with less breaking effect):
- Method signature changed on Saml2Backend.clean_attributes: from `clean_attributes(self, attributes: dict)` to `clean_attributes(self, attributes: dict, idp_entityid: str, **kwargs)`
- Methodignature changed on Saml2Backend.is_authorized: from `is_authorized(self, attributes: dict, attribute_mapping: dict)` to `is_authorized(self, attributes: dict, attribute_mapping: dict, idp_entityid: str, **kwargs)`
- SAML session refactor and minor changes in README file
- local Logout - independent by IdP SLO Response
0.30.0 (2020-07-30)
-------------------
- SameSite workaround with a specialized cookie, decoupled from django default
0.20.0 (2020-06-29)
-------------------
- Bugfix: Always save newly created users when ATTRIBUTE_MAPPING is missing in the config
- pySAML2 v5.3.0
0.19.1 (2020-06-15)
------------------
- Fixes creating new user with iexact lookup
0.19.0 (2020-06-03)
------------------
- Support several required fields during User creation
- Don't pass sigalg parameter when not signing login request
- ALLOW_SAML_HOSTNAMES validation for redirect
- Custom attribute mapping for Django user model (example)
- Slo absence workaround
- Metadata EntityID exception handling
- Fix unsigned authentication request to POST endpoint
- py38 Test fixes
- CI with Github actions
- Backend restructuring for easier subclassing
- Assertion consumer service now more extensible as a class-based view
with hooks that can be overridden by subclass implementations.
0.18.1 (2020-02-15)
----------
- Fixed regression from 0.18.0. Thanks to OskarPersson
0.18.0 (2020-02-14)
----------
- Django 3.0 support. Thanks to OskarPersson
- forceauthn and allowcreate support. Thanks to peppelinux
- Dropped support for Python 3.4
- Also thanks to WebSpider, mhindery, DylannCordel, habi3000 for various fixes and improvements
Thanks to plumdog
0.17.2 (2018-08-29)
----------
- Upgraded pysaml2 dependency to version 4.6.0 which fixes security issue.
Thanks to plumdog
UNRELEASED
----------
- Allowed creating Users with multiple required fields.
0.17.1 (2018-07-16)
----------
- A 403 (permission denied) is now raised if a SAMLResponse is replayed, instead of 500.
- Dropped support for Python 3.3
- Upgraded pysaml2 dependency to version 4.5.0
Thanks to francoisfreitag, mhindery, vkurup, peppelinux
0.16.11 (2017-12-25)
----------
- Dropped compatibility for Python < 2.7 and Django < 1.8.
- Added a clean_attributes hook allowing backends to restructure attributes extracted from SAML response.
- Log when fields are missing in a SAML response.
- Log when attribute_mapping maps to nonexistent User fields.
- Multiple compatibility fixes and other minor improvements and code cleanups
Thanks to francoisfreitag, mhindery, charn, jdufresne
0.16.10 (2017-10-02)
-------------------
- Bugfixes and internal refactorings.
- Added support for custom USERNAME_FIELD on custom User models. Many thanks to francoisfreitag.
0.16.9 (2017-09-19)
-------------------
- Bugfixes and minor improvements. Thanks to goetzk and AmbientLighter.
- Added option SAML_LOGOUT_REQUEST_PREFERRED_BINDING
- Added Django 1.11 to tox.
0.16.4 (2017-09-11)
-------------------
- Added support for SHA-256 signing. Thanks to WebSpider.
- Bugfixes. Thanks to justinsg and charn.
- Error handling made more extensible. This will be further improved in next versions.
0.16.1 (2017-07-15)
-------------------
- Bugfixes. Thanks to canni, AmbientLighter, cranti and logston.
- request is now passed to authentication backend (introduced in Django 1.11). Thanks to terite.
0.16.0 (2017-04-14)
-------------------
- Upgrade pysaml2 dependency to version 4.4.0 which fixes some serialization issues. Thanks to nakato for the report.
- Added support for HTTP Redirect binding with signed authentication requests. Many thanks to liquidpele for this feature and other related refactorings.
- The custom permission_denied.html template was removed in favor of standard PermissionDenied exception. Thanks to mhindery.
0.15.0 (2016-12-18)
-------------------
- Python 3.5 support. Thanks to timheap.
- Added support for callable user attributes. Thanks to andy-miracl and joetsoi.
- Security improvement: "next" URL is now checked. thanks to flupzor.
- Improved testability. Thanks to flupzor.
- Other bugfixes and minor improvements. Thanks to jamaalscarlett, ws0w, jaywink and liquidpele.
0.14.5 (2016-09-19)
-------------------
- Django 1.10 support. Thanks to inducer.
- Various fixes and minor improvements. Thanks to ajsmilutin, ganiserb, inducer, grunichev, liquidpele and darbula
0.14.4 (2016-03-29)
-------------------
- Fix compatibility issue with pysaml2-4.0.3+. Thanks to jimr and astoltz.
- Fix Django 1.9 compatibility issue in templates. Thanks to nikoskal.
0.14.3 (2016-03-18)
-------------------
- Upgraded to pysaml2-4.0.5.
- Added 'ACS_DEFAULT_REDIRECT_URL' setting for default redirection after successful authentication. Thanks to ganiserb.
0.14.2 (2016-03-11)
-------------------
- Released under the original 'djangosaml2' package name; abandoning the djangosaml2-knaperek fork.
0.14.1 (2016-03-09)
-------------------
- Upgraded to pysaml2-4.0.4.
0.14.0 (2016-01-28)
-------------------
- Upgrade to pysaml2-4.0.2. Thanks to kviktor
- Django 1.9 support. Thanks to Jordi Gutiérrez Hermoso
0.13.2 (2015-06-24)
-------------------
- Improved usage of standard Python logging.
0.13.1 (2015-06-05)
-------------------
- Added support for djangosaml2 specific user model defined by SAML_USER_MODEL setting
0.13.0 (2015-02-12)
-------------------
- Django 1.7 support. Thanks to Kamei Toshimitsu
0.12.0 (2014-11-18)
-------------------
- Pysaml2 2.2.0 support. Thanks to Erick Tryzelaar
0.11.0 (2014-06-15)
-------------------
- Django 1.5 custom user model support. Thanks to Jos van Velzen
- Django 1.5 compatibility url template tag. Thanks to bula
- Support Django 1.5 and 1.6. Thanks to David Evans and Justin Quick
0.10.0 (2013-05-05)
-------------------
- Check that RelayState is not empty before redirecting into a loop. Thanks
to Sam Bull for reporting this issue.
- In the global logout process, when the session is lost, report an error
message to the user and perform a local logout.
0.9.2 (2013-04-19)
------------------
- Upgrade to pysaml2-0.4.3.
0.9.1 (2013-01-29)
------------------
- Add a method to the authentication backend so it is possible
to customize the authorization based on SAML attributes.
0.9.0 (2012-10-30)
------------------
- Add a signal for modifying the user just before saving it on
the update_user method of the authentication backend.
0.8.1 (2012-10-29)
------------------
- Trim the SAML attributes before setting them to the Django objects
if they are too long. This fixes a crash with MySQL.
0.8.0 (2012-10-25)
------------------
- Allow to use different attributes besides 'username' to look for
existing users.
0.7.0 (2012-10-19)
------------------
- Add a setting to decide if the user should be redirected to the
next view or shown an authorization error when the user tries to
login twice.
0.6.1 (2012-09-03)
------------------
- Remove Django from our dependencies
- Restore support for Django 1.3
0.6.0 (2012-08-29)
------------------
- Add tox support configured to run the tests with Python 2.6 and 2.7
- Fix some dependencies and sdist generation. Lorenzo Gil
- Allow defining a logout redirect url in the settings. Lorenzo Gil
- Add some logging calls to improve debugging. Lorenzo Gil
- Add support for custom conf loading function. Sam Bull.
- Make the tests more robust and easier to run when djangosaml2 is
included in a Django project. Sam Bull.
- Make sure the profile is not None before saving it. Bug reported by
Leif Johansson
0.5.0 (2012-05-22)
------------------
- Allow defining custom config loaders. They can be dynamic depending on
the request.
- Do not automatically add the authentication backend. This way
we allow other people to add their own backends.
- Support for additional attributes other than the ones that get mapped
into the User model. Those attributes get stored in the UserProfile model.
0.4.2 (2012-03-23)
------------------
- Fix a crash in the idplist templatetag about using an old pysaml2 function
- Added a test for the previous crash
0.4.1 (2012-03-19)
------------------
- Upgrade pysaml2 dependency to version 0.4.1
0.4.0 (2012-03-18)
------------------
- Upgrade pysaml2 dependency to version 0.4.0 (update our tests as a result
of this)
- Add logging calls to make debugging easier
- Use the Django configured logger in pysaml2
0.3.3 (2012-02-14)
------------------
- Freeze the version of pysaml2 since we are not (yet!) compatible with
version 0.4.0
0.3.2 (2011-12-13)
------------------
- Avoid a crash when reading the SAML attribute that maps to the Django
username
0.3.1 (2011-12-01)
------------------
- Load the config in the render method of the idplist templatetag to
make it more flexible and reentrant.
0.3.0 (2011-11-30)
------------------
- Templatetag to get the list of available idps.
- Allow to map the same SAML attribute into several Django field.
0.2.4 (2011-11-29)
------------------
- Fix restructured text bugs that made pypi page looks bad.
0.2.3 (2011-06-14)
------------------
- Set a unusable password when the user is created for the first time
0.2.2 (2011-06-07)
------------------
- Prevent infinite loop when going to the /saml2/login/ endpoint and the user
is already logged in and the settings.LOGIN_REDIRECT_URL is (badly) pointing
to /saml2/login.
0.2.1 (2011-05-09)
------------------
- If no next parameter is supplied to the login view, use the
settings.LOGIN_REDIRECT_URL as default
0.2.0 (2011-04-26)
------------------
- Python 2.4 compatible if the elementtree library is installed
- Allow post processing after the authentication phase by using
Django signals.
0.1.1 (2011-04-18)
------------------
- Simple view to echo SAML attributes
- Improve documentation
- Change default behaviour when a new user is created. Now their attributes
are filled this first time
- Allow to set a next page after the logout
0.1.0 (2011-03-16)
------------------
- Emancipation from the pysaml package