Releases: node-saml/passport-saml
Releases · node-saml/passport-saml
v0.5.0
- Change interface of 'InResponseTo' custom caches to allow for ansynchronous serialization & deserialization.
- Note that this is a breaking change for any custom caches (but it's a new feature, so probably not a big issue yet)
- Export SAML module from passport-saml for anyone who wants to call individual SAML functions (no guarantees about interface stability, though) - #50
- Add 'attributeConsumingServiceIndex' option -- #44
- Support certificates that already have '---BEGIN CERTIFICATE' (or END) in them - #48
- Support NameIDs without format attributes -- #45
- Support 'Id' in addition to 'ID' as an attribute name in signatures - #47, #49
v0.4.0
v0.3.0
Significant changes, primarily around preventing replay attacks:
- Check validity of
NotBeforeandNotOnOrAfterelements in assertions -- #35, #38- Note that this is on by default, so is a potentially breaking change.
- Optionally, check
inResponseToids to make sure each response matches a request, and that there is only one response to any request -- #37 - Require latest xml-crypto, and stop monkey-patching xml-crypto
- Documentation fix #39
v0.2.1
v0.2.0
v0.1.0
Many changes since last published:
- Xpath fixes
- Most changes from passport-saml-too fork (redirect changes not included since they don't have authentication)
- Tolerate empty attribute sets (seen with OneLogin)
- Tolerate alternate namespace prefixes (seen with Okta)
- Add some tests
- Use xmlbuilder library to construct xml
- Upgrade library versions
- Fixed security issues in signature parsing (see issue #19)
Since the test case suite is brand new, it seems likely that there are enough changes here to break some scenarios -- bug reports for scenarios that break welcomed.