Version 7.1.0
7.1.0 (2021-11-16)
The following breaking changes are not reflected in the version by mistake:
- the method
saml2.mdstore.Metadata::certsused to return a list of certificate data -List[str].
This method has now changed to return a list of tuples -List[Tuple[str, str]]- where the first item in the tuple holds the key name, and the second the certificate data.
Changes:
- Fix signature verification for the redirect binding for AuthnRequest and
LogoutRequest. - Include encryption KeyName in encrypted assertions.
- Add "reason" field in invalid signature errors due to invalid document format.
- New SP configuration option requested_authn_context to set the preferred
RequestedAuthnContext class reference. - Add support for metadata refresh by adding a metadata_reload method into saml2.Entity.
This method is to be externally invoked, and to receive the same metadata
configuration as what was passed under the metadata key to saml2.Config. The method
loads a new metadata configuration and swaps it in (replacing the references across
several objects that hold a metadata reference). - Fix SessionIndex resolution during logout.
- Fix AuthnResponse::get_subject to be able to decrypt a NameID with the given keys.
- Refactor AuthnResponse::authn_info to consider DeclRef equivalent to ClassRef.
- Ensure creation of multiple ePTIDs is handled correctly.
- Improve signature checks by ensuring the Object element is absent, enforcing allowed
transform aglorithms, enforcing allowed canonicalization methods and requiring the
enveloped-signature transform to be present. - mdstore: Make unknown metadata extensions available through the internal metadata.
- mdstore: Fix the exception handler of the InMemoryMetaData object.
- mdstore: Fix the serialization of the MetadataStore object.
- examples: Fix code to catter changes in interfaces.
- examples: Update certificates to avoid SSL KEY TO SMALL errors.
- docs: Significant improvement on the configuration options documentation.
- docs: Fix typos.