Omniauth Saml Versions Save

v2.1.0 (2022-03-01)

Refactor

• Rename usage of deprecated SAML options (74ed8df)

Chores

• bump ruby-saml to 1.12 (15c156a)

v2.0.0 (2021-01-13)

Chores

• Allow OmniAuth 2.0.0 (f7ec7ee)

v1.7.0 (2016-10-19)

Features

• Support for Single Logout (cd3fc43)
• Add issuer information to the metadata endpoint, to allow IdPs to properly configure themselves. (7bbbb67)
• Added the response object to the extra['response_object'], so we can use the raw response object if we want to. (76ed3d6)

Chores

• Update ruby-saml to 1.4.0 to address security fixes. (638212)

1.6.0 (2016-06-27)

• Ensure that subclasses of OmniAuth::Stategies::SAML are registered with OmniAuth as strategies (https://github.com/omniauth/omniauth-saml/pull/95)
• Update ruby-saml to 1.3 to address CVE-2016-5697 (Signature wrapping attacks)

1.5.0 (2016-02-25)

• Initialize OneLogin::RubySaml::Response instance with settings
• Adding "settings" to Response Class at initialization to handle signing verification
• Support custom attributes
• change URL from PracticallyGreen to omniauth
• Add specs for ACS fallback URL behavior
• Call validation earlier to get real error instead of 'response missing name_id'
• Avoid mutation of the options hash during requests and callbacks

With this release ruby-saml was updated to 1.1.1, which most notably brings support for a SAMLResponse without a ds:x509certificate. It is now possible to define the certificate within the settings and use that certificate to validate the responses.