6.3.6

After some testing, @tvdijen opened issue #920, identifying several issues with the 3.6.x releases. Those issues
have been addressed in this release.

Bugfixes

• Allow responses without NameID #919
• Add c14n method to the reference transforms in XML metadata. #921
• Prevent undefined access in Assembler #923

Chore

• Remove the remaining eduGAIN metada fields #922

6.3.0.1

This is an intermediate release between 6.3.0 and the rest of the 6.3 release tier.

This release is created in order to move forward with the 6.3.0 release without adding all the other fixes and features that where later added to the 6.3 release branch.

Bugfixes

• Whether MFA AuthnContext must be added should be based on original SP #893 #894

6.3.5

Bugfix

• Clean up unused usage of AuthnRequest destination #898

6.3.4

Bugfix

• Whether MFA AuthnContext must be added should be based on

6.3.3

Bugfixes:

• Move NoPassive response processing up in the ACS proces #890
• Print the key-id in the SSO locations of the IdP metadata #891

Security

• Upgrade jpeg-js to v0.4.0 #892

6.3.2

Bugfix:

• Store entityId of issuer, not the value object #889

Features:

• Migrate existing JavaScript tests to Cypress #887

6.3.1

As of this release the old non conforming Schac Home Organization synonym: urn:oid:1.3.6.1.4.1.1466.115.121.1.15 is no longer released as an attribute. This was achieved by removing it from the attributes.json. If you need it, please place it back in ./application/configs/attributes.json. See UPGRADING.md for details.

This release also includes the introduction of the Cypress test framework for JavaScript testing. The test framework does not yet run correctly on the GitHub Actions CI integration. This is corrected in the next release.

Features:

• Remove non conforming SHO oid from config #877
• Send NoPassive status response back to issuing SP #885

Improvements:

• Upgrade SAML2 library to version v4.1.9 #881
• Show proxied SP and proxy in feedback info #875
• Move metadata organization business rules away from metadata assembler #878
• Add trusted proxy signing verification #879
• Migrated a JavaScript test to Cypress (POC) #884

Chores:

• Repair acceptance tests #880
• Upgrade dot-prop to version 5.2.0 #886
• Change Symfony cache path to reflect deploy path #857

6.3.0

This release is the finalization of the AuthnContextClassRef changes that where started in 6.2.1 (and rolled back in 6.2.2).

6.2.4

This release is the finalization of the AuthnContextClassRef changes that where started in 6.2.1 (and rolled back in 6.2.2).

Features

• Add AuthnContextClassRef config option for transparent RequestedAuthnContext #873

Other chores

• Final tweaks to Github Actions (termination of Travis) #867
• Enable skipped API tests #874

6.2.3

This change will add the possibility to configure authn contexts for IdP/SP combinations which will be verified when returning from the IdP

see: documentation

Features

• Add custom MFA error page #866
• Add MFA authncontext response validator #864
• Test unsolicited presence of authcontextclassref #863
• Add authncontextclassref to SP if configured in IdP #861
• Add authncontextclassref documentation #862
• Assemble authcontextclassref combinations #859
• Add dockerized actions testing #818

Improvements

• Pt translation fix #870 thanks @domgon!