v3.4.8

Allow CMService to show additional information (#128)
Added scope extractor processor (#131)
Added scope remover processor (#132)
Fix userid handling for Github backend (#133)
Allow scope processor to handle multi-valued attributes (#134)
Allow AL internal UniqueID to be used as attribute (#135)
Idp blacklisting (#141)
Fix SAML Frontend always return NameID with format persistent (#143)
Thanks to @jkakavas

Improve logging and exception handling (#138)
Dockerfile improvements (#139)
Documented how to set default accepted time diff (#145)
Thanks to @rhoerbe

Fix failing docker build on travis (#147)

v3.4.7

Explicitly enable signature checking in example config as a sane default (#129)
Thanks to @jkakavas

Documentation for new configuration options (#127)
Feature refactor saml modules (#125)
Fix default values for acr (#124)
Refactor attribute profile initialization (#123)
Allow testers to run specific tests (#122)
Add requested authn context for backend requests (#121)
Select preferred binding on the configuration (#120)
Fix codeblocks in Custom attribute release section (#119)
Update documentation link for eIDAS Message Format from v1.0 to v1.1-2 (#118)
Thanks to @c00kiemon5ter

v3.4.6

Support ORCID OAuth2.0 backend (#115)
Support github OAuth 2.0 backend (#116)
Add support for a LinkedIn backend (#117)

Thanks to @saxtouri

v3.4.5

Upgraded pyop to v2.0.5 (#106)
Actually make sign_assertion and sign_response configurable (#105)

Enhanced the logic to take identifiers asserted by the IdP to use when querying the LDAP (#104)

Thanks to @skoranda

Fix for bad config check on sensitive keys (#108)

Thanks to @leifj

Add custom logging microservice (#109)

Thanks to @mrvanes

Expose metadata endpoint via configuration option (#111)
Store outstanding queries to disallow unsolicited responses (#112)
Add attribute processor microservice (#113)

Thanks to @c00kiemon5ter

Correctly handle error responses (#114)

Thanks to @jkakavas

3.4.4

Support for attribute-based authorization (#89)
Carry the proxy through as authentication authority (#97)
Make sign_assertion and sign_response configurable (#98)
Enable defaults for custom attribute release using '' or 'default' key (#99)
Attribute generation (#100)

Thank to @leifj

SAMLInternalResponse for saml backend (#95)
Fix for no Format in NameIDPolicy for SAML2 frontend (#102)
NameID input from attributes for LDAP attribute store (#103)

Thanks to @skoranda

v3.4.3

Always wrap metadata in single element (#82)
Fix handling of Content-Type header (#83)
Fix unavailable attribute causes 'Unknown error' (#88)
Thanks to @jkakavas

Signing signature and digest algorithm configuration (#87)
Thanks to @skoranda

v3.4.2

Add clear_input_attributes configuration option for LdapAttributeStore (#71)
Thanks to @skoranda

Updated pysaml version from 4.2.0 to 4.4.0.

v3.4.1

Updated for latest ldap3 package (#64)
Per-SP configuration for LDAP attribute store microservice (#60)
Added __repr__ method to class State to aid debugging (#59)
Added __repr__ method to class Context to aid debugging (#58)
Thanks to @skoranda.

Fix facebook backend metadata bug (#63)
Thanks to @saxtouri

Remove explicit pyoidc dependency to avoid collision with pyop (#57)
Thanks to @zamzterz

v3.4.0

News

• LDAP microservice, thanks to @skoranda. See LdapAttributeStore

Fix

• Handle encrypted assertions from SAML IdPs, thanks to @skoranda.

v3.3.2

Improvements of the OIDC frontend:

• pyop upgrade to support mapping for 'sub' defined in the 'openid' profile of internal_attributes.yaml
• let error messages from the frontend be sent as HTTP responses