v1.4.0

Dependencies

• Upgrade xml-crypto to 2.0.0. HMAC-SHA1 is no longer enabled by default for security
  (But it doesn't appear that we were using it, so the major version is not being bumped)
• Drop support for Node 8

Bug Fixes

• Only make an attribute an object if it has child elements
• add catch block to NameID decryption (#461)

Internals

• Add GitHub Actions as Continuos Integration provider (#463)
• try to use curl when wget is not available (#468)
• support typescript compilation

v1.3.5

• New feature: Return object for XML-valued AttributeValues (#447)

• deps: bump acorn to 7.4, lodasah to 4.17.20, xml-encryption to 1.2.1

• News! Project has moved to "node-saml" Github Organization and has multiple
  committers and maintainers.

v1.3.4

• Fix multi saml strategy race conditions (#426)

v1.3.3

• Add single line private cert support

v1.3.2

Breaking Changes

• Revert new one-line private key feature introduced in 1.3.0 due to regression. The feature will return if the regression can be addressed.

v1.3.1

Dependencies

• bump xml-encyrption to 1.0.0

v1.3.0

New Features

• Add inResponseTo to profile (#400)
• Support signing AuthnRequests with HTTP-POST Binding
• Add support for encrypted nameIDs in SLO request handling
• Allow privateCert to be a single line with no headers (#390)

Bug Fixes

• Bump xml-crypto to 1.4.0
• Quit deleting "name" option passed in.
• Fix case where attributeConsumingServiceIndex can be zero

Breaking Changes

• Drop support for Node 6

Internals

• Add more logout testse
• Add .editorconfig
• Switch from jshint to eslint
• refactor to use more arrow functions
• Document Node version support policy (We support the oldest LTS release)

v1.2.0

Bug Fixes

• Update signature validation for Azure compatibility

Internals

• Update algorithm matching to use exact-match check

v1.1.0

New Features

• Add option to disable SAML spec AuthnRequest optional value AssertionConsumerServiceURL. (Steven Marusa)
• Add SamlResponseXML method to profile object (@josecolella)
• Support InResponseTo validations in MultiSaml (@stavros-wb)
• Create a way to get provider metadata when using MultiSamlStrategy (@mlunoe)
• Add Requested Authn Context Comparison Type parameter: RACComparison (@osan15, @markstos)

Bug Fixes

• Fix error handling bug with MultiSaml code (@cjbarth)

Internals

• Set explicitChar to true when parsing xml. Now character content of an
  element should be accessed only through ._ (@andkrist)
• Add yarn.lock (@markstos)
• Drop support for Node.js 4. It is EOL'ed
• Upgrade xml-crypto
• Fix Node buffer deprecation warning

v1.0.0

Dependencies

• Upgrade xml-crypto to 1.0.2. Thanks to @elahti

Node Release support

• Node 4 is no longer supported due to EOL status. BREAKING CHANGE.

Validation improvements

• Fixes #180: Signature validation will error if empty signature is provided. BREAKING CHANGE. Thanks to @andrsnn
• Validate issuer on logout requests/responses if configured. Thanks to @stavros-wb
• Handle case of missing InResponseTo when validation is on. Thanks to @cjbarth

Features

• Improve Microsoft Outlook compatibility by handling null as well as undefined Thanks to @sibelius
• Support redirect for Logout flows. Thanks to @stavros-wb
• Adding signing key in the metadata service provider generation BREAKING CHANGE. Thanks to @tmoiron.
• Extend and document the profile opbject. Thanks to @cjbarth
• #298 Thanks to @cjbarth
• Support dynamic SAML configuration lookup Thanks to @stavros-wb

Docs

• Fix typo in README.