SAML Python Toolkit v2.13.0

• Improve get_metadata method from Parser, allowing to set timeouts and headers
• Fix expired payloads used on tests
• Updated content from docs folder
• Remove references of OneLogin as maintainer

SAML Python Toolkit v2.12.0

• Remove version restriction on lxml dependency
• Update Demo Bottle
• Updated Travis file. Forced lxml to be installed using no-validate_binary

OneLogin's SAML Python Toolkit v2.11.1

• lxml fixed to be lower than 4.7.1 since it seems to have issues validating the signature of encrypted elements See SAML-Toolkits/python3-saml#292
• Downgraded again dm.xmlsec.binding to 1.3.7

OneLogin's SAML Python Toolkit v2.11.0

• #292 Add rejectDeprecatedAlgorithm settings in order to be able reject messages signed with deprecated algorithms.
• Upgrade dm.xmlsec.binding to 2.1
• Set sha256 and rsa-sha256 as default algorithms
• Added warning about Open Redirect and Reply attacks

OneLogin's SAML Python Toolkit v2.10.0

• Removed CC-BY-SA 3.0 non compliant implementation of dict_deep_merge
• Update expired dates from test responses
• Add warning about the use of OneLogin_Saml2_IdPMetadataParser class about SSRF attacks
• Migrate from Travis to Github Actions

OneLogin's SAML Python Toolkit v2.9.0

• Destination URL Comparison is now case-insensitive for netloc
• Support single-label-domains as valid. New security parameter allowSingleLabelDomains
• Added get_idp_sso_url, get_idp_slo_url and get_idp_slo_response_url methods to the Settings class and use it in the toolkit
• #267 Custom lxml parser based on the one defined at xmldefused. Parser will ignore comments and processing instructions and by default have deactivated huge_tree, DTD and access to external documents
• Add get_friendlyname_attributes support
• Remove external lib method get_ext_lib_path. Add set_cert_path in order to allow set the cert path in a different folder than the toolkit
• Add python2 deprecation info
• #269 Add sha256 instead sha1 algorithm for sign/digest as recommended value on documentation and settings

OneLogin's SAML Python Toolkit v2.8.0

• #258 Fix failOnAuthnContextMismatch feature
• #250 Allow any number of decimal places for seconds on SAML datetimes
• Update demo versions. Improve them and add Tornado demo.

OneLogin's SAML Python Toolkit v2.7.0

• Set true as the default value for strict setting

OneLogin's SAML Python Toolkit v2.6.0

• Adjusted acs endpoint to extract NameQualifier and SPNameQualifier from SAMLResponse. Adjusted single logout service to provide NameQualifier and SPNameQualifier to logout method. Add getNameIdNameQualifier to Auth and SamlResponse. Extend logout method from Auth and LogoutRequest constructor to support SPNameQualifier parameter. Align LogoutRequest constructor with SAML specs
• Added get_in_response_to method to Response and LogoutResponse classes
• Add get_last_authn_contexts method
• Fix bug on friendlyName/nameFormat parameters on RequestedAttribute elements. Wrong variable name caused FriendlyName to overwrite NameFormat
• Add support for Subjects on AuthNRequests by the new name_id_value_req parameeter.Fix testshib test. Improve README: Added inline markup to important references
• Update defusedxml
• Fix path in flask demo

OneLogin's SAML Python Toolkit v2.5.0

• Security improvements. Use of tagid to prevent XPath injection. Disable DTD on fromstring defusedxml method
• #239 Check that the response has all of the AuthnContexts that we provided
• Fixed a ValidationError misspelling
• Don't require compression on LogoutResponse messages by relaxing the decode_base64_and_inflate method
• Add expected/received in WRONG_ISSUER error
• If debug enable, print reason for the SAMLResponse invalidation
• #238 Fix DSA constant
• Start using flake8 for code quality