Releases: SAML-Toolkits/python3-saml
Releases · SAML-Toolkits/python3-saml
OneLogin's SAML Python3 Toolkit v1.2.2
This version includes improvements oriented to help the developer to debug.
Changelog:
- #37 Add option to raise response validation exceptions
- #42 Optionally raise detailed exceptions vs. returning False. Implement a more specific exception class for handling some validation errors. Improve/Fix tests. Add support for retrieving the last ID of the generated AuthNRequest / LogoutRequest. Add hooks to retrieve last-sent and last-received requests and responses
- Improved inResponse validation on Responses
- Add the ability to extract the specific certificate from IdP metadata when several defined
- Fix Invalid True attribute value in Metadata XML
- #35 Fix typos and json sample code in documentation
OneLogin's SAML Python3 Toolkit v1.2.1
- #30 Fix a bug on signature checks
OneLogin's SAML Python3 Toolkit v1.2.0
This version includes a security patch that contains extra validations that will prevent signature wrapping attacks.
Changelog:
- Several security improvements:
- Conditions element required and unique.
- AuthnStatement element required and unique.
- SPNameQualifier must math the SP EntityID
- Reject saml:Attribute element with same “Name” attribute
- Reject empty nameID
- Require Issuer element. (Must match IdP EntityID).
- Destination value can't be blank (if present must match ACS URL).
- Check that the EncryptedAssertion element only contains 1 Assertion element.
- Improve Signature validation process
- Document the wantAssertionsEncrypted parameter
- Support multiple attributeValues on RequestedAttribute
- Fix AttributeConsumingService
OneLogin's SAML Python3 Toolkit v1.1.4
Changelog:
- Change the decrypt assertion process.
- Add 2 extra validations to prevent Signature wrapping attacks.
OneLogin's SAML Python3 Toolkit v1.1.3
Changelog:
- Fix Metadata XML (RequestedAttribute)
- Fix Windows specific Unix date formatting bug.
- Fix SHA384 Constant URI
- Refactor of settings.py to make it a little more readable.
- Bugfix for ADFS lowercase signatures
- READMEs suggested wrong cert name
OneLogin's SAML Python3 Toolkit v1.1.2
Changelog:
- Allow AuthnRequest with no NameIDPolicy.
- Remove NameId requirement on SAMLResponse, now requirement depends on setting
- Use python-xmlsec 0.6.0
- Make idp settings optional
- Fix Organization element on SP metadata. Minor style code fix
- Add debug parameter to decrypt method
- Support AttributeConsumingService
- Improve AuthNRequest format
- Fix unspecified NameID
- Make deflate process when retrieving built SAML messages optional
- Not compare Assertion InResponseTo if not found
- #15 Passing NameQualifier through to logout request
- Improve documentation
- #12 Add information about getting the demos up and running on Heroku
OneLogin's SAML Python3 Toolkit v1.1.1
Changelog:
- Make AttributeStatements requirement optional