Releases: SAML-Toolkits/python3-saml
Releases · SAML-Toolkits/python3-saml
OneLogin's SAML Python3 Toolkit v1.7.0
- Adjusted acs endpoint to extract NameQualifier and SPNameQualifier from SAMLResponse. Adjusted single logout service to provide NameQualifier and SPNameQualifier to logout method. Add getNameIdNameQualifier to Auth and SamlResponse. Extend logout method from Auth and LogoutRequest constructor to support. SPNameQualifier parameter. Align LogoutRequest constructor with SAML specs.
- Added get_in_response_to method to Response and LogoutResponse classes
- Update defusexml dependency
OneLogin's SAML Python3 Toolkit v1.6.0
OneLogin's SAML Python3 Toolkit v1.5.0
- Security improvements. Use of tagid to prevent XPath injection. Disable DTD on fromstring defusedxml method
- #97 Check that the response has all of the AuthnContexts that we provided
- Adapt renders from Django demo for Django 1.11 version
- Update pylint dependency to 1.9.1
- If debug enable, print reason for the SAMLResponse invalidation
- Fix DSA constant
- #106 Support NameID children inside of AttributeValue elements
- Start using flake8 for code quality
OneLogin's SAML Python3 Toolkit v1.4.1
Changelog:
- Add ID to EntityDescriptor before sign it on add_sign method.
- Update defusedxml, coveralls and coverage dependencies
- Update copyright and license reference
OneLogin's SAML Python3 Toolkit v1.4.0
Changelog:
- Fix vulnerability CVE-2017-11427. Process text of nodes properly, ignoring comments
- Improve how fingerprint is calcultated
- Fix issue with LogoutRequest rejected by ADFS due NameID with unspecified format instead no format attribute
- Fix signature position in the SP metadata
- #80 Preserve xmlns:xs namespace when signing and serializing responses
- Redefine NSMAP constant
- Updated Django demo (Django 1.11).
OneLogin's SAML Python3 Toolkit v1.3.0
- Improve decrypt method, Add an option to decrypt an element in place or copy it before decryption.
- #63 Be able to get at the auth object the last processed ID (response/assertion) and the last generated ID, as well as the NotOnOrAfter value of the valid SubjectConfirmationData in the processed SAMLResponse
- On a LogoutRequest if the NameIdFormat is entity, NameQualifier and SPNameQualifier will be ommited. If the NameIdFormat is not entity and a NameQualifier is provided, then the SPNameQualifier will be also added.
- Reset errorReason attribute of the auth object before each Process method
- #65 Fix issue on getting multiple certs when only sign or encryption certs
OneLogin's SAML Python3 Toolkit v1.2.6
- Use defusedxml that will prevent XEE and other attacks based on the abuse on XMLs. (CVE-2017-9672)
OneLogin's SAML Python3 Toolkit v1.2.5
Changelog:
- Fix issue related with multicers (multicerts were not used on response validation)
OneLogin's SAML Python3 Toolkit v1.2.4
Changelog:
- Publish KeyDescriptor[use=encryption] only when required
- #57 Be able to register future SP x509cert on the settings and publish it on SP metadata
- #57 Be able to register more than 1 Identity Provider x509cert, linked with an specific use (signing or encryption
- #57 Allow metadata to be retrieved from source containing data of multiple entities
- #57 Adapt IdP XML metadata parser to take care of multiple IdP certtificates and be able to inject the data obtained on the settings.
- Be able to relax SSL Certificate verification when retrieving idp metadata
- Checking the status of response before assertion count
- Allows underscores in URL hosts
- Add a Pyramid demo
- Be able to provide a NameIDFormat to LogoutRequest
- Add DigestMethod support. Add sign_algorithm and digest_algorithm par
ameters to sign_metadata and add_sign. - Validate serial number as string to work around libxml2 limitation
- Make the Issuer on the Response Optional
- Fixed bug with formated cert fingerprints
OneLogin's SAML Python3 Toolkit v1.2.3
- Fix p3 compatibility.