Revision history for Perl extension Net::SAML2.
0.75 -- Mon Jan 01 22:54:10 AST 2024
[ Significant Changes since 0.74 ]
- A future release WILL make sha256 the default. If that is a problem for you please check which year it is.
- waterkip has added the ability to expose the AttributeConsumingService in metadata generation
- See the documentation for AttributeConsumingService and RequestedAttribute
[Detailed Change Log]
- 18e4cdb Update Copyright year
- beb32f7 Updates for Release
- 75f86fe Add attribute_consuming_service to SP for metadata creation
- 0cc1a28 Add AttributeConsumingService object to Net::SAML2
- c77250d Add RequestedAttribute object to Net::SAML2
- 42ef7c0 Fix author tests for Net::SAML2::XML::Sig
- 80d0b6d Reflect that the default will be sha256
- 43d1d5c exclusive was an option for XML::CanonicalizeXML
- f3e8e5f Fixes #123 Useless cert_text
- 40da745 v0.74
0.74 -- Sun Aug 27 22:04:34 ADT 2023
[ Significant Changes since 0.73 ]
- Mostly minor cleanup and a few resolved issues
- Officially support DigiD, eHerkenning and eIDAS implementations
[Detailed Change Log]
- 242b8f4 Update repo version for release
- 6e63336 Quiet annoying Perl::Critic warning
- 722d5a6 Add GitHub::CreateRelease to automatically create a GitHub release
- 789365e verify_xml will die is it does not verify
- 45b299c Only URI escape if defined value
- 9154c4d Split Github Actions workflow
- 924b819 Add more supported implementations in POD
- 92fb773 Always return a default assertion service
- 51fde84 Refactor Test::Net::SAML2::Util
- e60202c Fix dependency things in the dist.ini
- e689af5 Add Coveralls to CI
- aeea977 Update pod for Net::SAML2::Binding::POST::handle_response
- c3863e1 Update pod for Net::SAML2::Binding::Redirect::verify
- 6cf57eb v0.73
0.73 -- Sat Jul 08 07:35:12 ADT 2023
- Release of 0.72 as production release
[ Significant Changes since 0.69 ]
- Quite a few changes and improvements including
- Support to obtain information about the AuthnStatement from the Assertion
- Function to obtain key_name added to the SP
- Verification of artifact responses based on an attribute ID ( via XML::Sig 0.64)
- Improve Decryption of EncryptedData nodes for Assertions (via XML::Enc 0.12 and up)
- Bumps the requirements new versions of:
- XML::Enc => "0.12",
- XML::Sig => "0.64",
- XML::Generator => "1.13"
- Miscelaneous:
- testapp bug fixes and improvements
- Github action improvements
- Tested ADFS IdP again
- Fixed issue DAKKAR reported to LWP::UserAgent Environment Variables
[ Change Log ]
- 8115398 Update version for release
- d460fb9 v0.72
- e04cc05 Fix typo for AuthnRequest Assertion namespace
- ebef6bc Increment version for a release
- 2d815e0 Add scoping to Net::SAML2::Protocol::AuthnRequest
- af3b271 Update test for Net::SAML2::Protocol::AuthnRequest
- ed64638 Fix NAME segment of POD for modules.
- c83527e v0.71
- 914aafb Forgot to increment main module version
- 1292296 Increment version and update LICENSE file
- dd2c070 v0.70
- 79f1a38 Bump XML::Enc version
- faecd40 Fix decrypt for encrypted assertions
- 9d389f1 Decrypt an assertion with EncryptedData nodes
- ae3888a Fix YAML syntax for linux workflow
- 4d73198 Add verification for artifact responses on an attribute ID
- 7869a2f Add tests for part encrypted/part decrypted assertions
- 466e870 Add key_name function to SP
- b4c70d8 testapp: option for acs_url_post in authnRequest
- fa6c350 testapp: SingleLogoutService is not indexed
- d2cf58a install Module::Pluggable
- 2dfb0c1 Remove Pari Install from github action
- 8932955 Bump requirement for XML::Generator
- 11ba40d Create AuthnStatement object
- 488a234 ADFS fully tested again and update repo version
- 9dbd114 Fixes #169 tests fail when PERL_LWP_SSL_CA_* or HTTPS_CA_* env vars are set
- a9aca61 Add XML declartion to generate_metadata
- 7cfe56a Configure SP without Single Logout Service
- ef16349 Fix version for release
- accfc66 v0.69
0.72 -- Fri Jul 07 22:33:42 ADT 2023
[ Significant Changes since 0.69 ]
- All changes from 0.71 plus:
- e04cc05 Fix typo for AuthnRequest Assertion namespace
- ebef6bc Increment version for a release
- 2d815e0 Add scoping to Net::SAML2::Protocol::AuthnRequest
- af3b271 Update test for Net::SAML2::Protocol::AuthnRequest
- ed64638 Fix NAME segment of POD for modules.
0.71 -- Tue Jul 04 23:14:07 ADT 2023
[ Significant Changes since 0.69 ]
- Re-release 0.70 to ensure all commits were included
- Quite a few changes and improvements including
- Support to obtain information about the AuthnStatement from the Assertion
- Function to obtain key_name added to the SP
- Verification of artifact responses based on an attribute ID ( via XML::Sig 0.64)
- Improve Decryption of EncryptedData nodes for Assertions (via XML::Enc 0.12 and up)
- Bumps the requirements new versions of:
- XML::Enc => "0.12",
- XML::Sig => "0.64",
- XML::Generator => "1.13"
- Miscelaneous:
- testapp bug fixes and improvements
- Github action improvements
- Tested ADFS IdP again
- Fixed issue DAKKAR reported to LWP::UserAgent Environment Variables
[ Change Log ]
- 914aafb Forgot to increment main module version
- 1292296 Increment version and update LICENSE file
- dd2c070 v0.70
- 79f1a38 Bump XML::Enc version
- faecd40 Fix decrypt for encrypted assertions
- 9d389f1 Decrypt an assertion with EncryptedData nodes
- ae3888a Fix YAML syntax for linux workflow
- 4d73198 Add verification for artifact responses on an attribute ID
- 7869a2f Add tests for part encrypted/part decrypted assertions
- 466e870 Add key_name function to SP
- b4c70d8 testapp: option for acs_url_post in authnRequest
- fa6c350 testapp: SingleLogoutService is not indexed
- d2cf58a install Module::Pluggable
- 2dfb0c1 Remove Pari Install from github action
- 8932955 Bump requirement for XML::Generator
- 11ba40d Create AuthnStatement object
- 488a234 ADFS fully tested again and update repo version
- 9dbd114 Fixes #169 tests fail when PERL_LWP_SSL_CA_* or HTTPS_CA_* env vars are set
- a9aca61 Add XML declartion to generate_metadata
- 7cfe56a Configure SP without Single Logout Service
- ef16349 Fix version for release
- accfc66 (timlegge/master) v0.69
0.70 -- Tue Jul 04 22:12:49 ADT 2023
[ Significant Changes since 0.69 ]
- Quite a few changes and improvements including
- Support to obtain information about the AuthnStatement from the Assertion
- Function to obtain key_name added to the SP
- Verification of artifact responses based on an attribute ID ( via XML::Sig 0.64)
- Improve Decryption of EncryptedData nodes for Assertions (via XML::Enc 0.12 and up)
- Bumps the requirements new versions of:
- XML::Enc => "0.12",
- XML::Sig => "0.64",
- XML::Generator => "1.13"
- Miscelaneous:
- testapp bug fixes and improvements
- Github action improvements
- Tested ADFS IdP again
- Fixed issue DAKKAR reported to LWP::UserAgent Environment Variables
[ Change Log ]
- 9d389f1 Decrypt an assertion with EncryptedData nodes
- ae3888a Fix YAML syntax for linux workflow
- 4d73198 Add verification for artifact responses on an attribute ID
- 7869a2f Add tests for part encrypted/part decrypted assertions
- 466e870 Add key_name function to SP
- b4c70d8 testapp: option for acs_url_post in authnRequest
- fa6c350 testapp: SingleLogoutService is not indexed
- d2cf58a install Module::Pluggable
- 2dfb0c1 Remove Pari Install from github action
- 8932955 Bump requirement for XML::Generator
- 11ba40d Create AuthnStatement object
- 488a234 ADFS fully tested again and update repo version
- 9dbd114 Fixes #169 tests fail when PERL_LWP_SSL_CA_* or HTTPS_CA_* env vars are set
- a9aca61 Add XML declartion to generate_metadata
- 7cfe56a Configure SP without Single Logout Service
- ef16349 Fix version for release
- accfc66 (timlegge/master) v0.69
0.69 -- Tue Apr 04 20:20:22 ADT 2023
[ Significant Changes since 0.67 ]
- Simply 0.67 issued as a production release
- Couple of small by fixes Wesley Schwengle (waterkip)
- 4953468 Increment version for production release
- b44d100 v0.68
- c296c49 Update Changes for release
0.68 -- Mon Apr 03 19:17:59 ADT 2023
[ Significant Changes since 0.67 ]
- Couple of small by fixes Wesley Schwengle (waterkip)
[ Change Log ]
- 4f4d6d4 Increment version for next release
- 8e993b2 Fix artifact response status codes from assertions
- d7dbf62 Refactor key selection for metadata generation
- 4fa07de Fix version after release
- 52870d2 v0.67
0.67 -- Sun Mar 19 10:03:23 ADT 2023
[ Significant Changes since 0.64 ]
This version supports sending request the the IdP as HTTP-POST requests.
SimpleSAMLphp is added as a tested/supported IdP
Numerous improvements to the testapp (see git repo) to improve testing
testapp can now be fully tested against any configured IdPs using Selenium
- 6c9cd5e Increment version for official release
- a0d4001 v0.66
0.66 -- Sat Mar 18 20:49:26 ADT 2023
- 930f4af Increment version for another TRIAL release
- 63db958 v0.65
- 5023eda Update Changes for a TRIAL release
0.65 -- Sun Mar 12 22:41:33 ADT 2023
[ Significant Changes since 0.64 ]
This version supports sending request the the IdP as HTTP-POST requests.
SimpleSAMLphp is added as a tested/supported IdP
Numerous improvements to the testapp (see git repo) to improve testing
testapp can now be fully tested against any configured IdPs using Selenium
- 8b902c4 Add SimpleSAMLphp to the list of tested IdPs
- 5fb1f81 testapp: Add tests to confirm the configuration of the IdPs
- 033d2e9 testapp: add id to links and buttons to help automate testing
- cf0b39b Create Author Tests to validate Schema of Generated XML
- c815c58 testapp: Don't show POST button for login if IdP does not support
- c093420 testapp: move slo to new format and fix wrong acs url
- 946c2fc testapp: Support HTTP-POST logout
- c5b0a2c testapp: Implement AuthnRequest via POST
- 41b7d12 Add Support for sending requests to IDP via HTTP-POST
- 0b378cb Update version in repo for next release
- fac9f54 testapp: move loading of configuration
- 7d4e50c v0.64
0.64 -- Sun Feb 05 18:21:41 AST 2023
Release 0.63-TRIAL as production release
[ Significant Changes since 0.62 ]
Maintenance release that has a number of fixes for small issues. This is
the first release in some time that has been tested for SOAP connections and
SOAP Artifacts. The testapp has been updated to fix SOAP and the Shibboleth
and samltest.id IdPs.
- Minimum Perl version has been bumped to 5.12
- Contributors and authors set automatically
- Add Shibboleth and samltest.id as supported IdPs
- Allow encryption certificate in SP metadata
- LogoutRequest was missing NameQualifier and SPNameQualifier needed by some IdPs
- Fix bug in obtaining Assertion dates and message id and improve id validation
- Fix multiple SOAP issues including support for multiple certs in metadata
- New Net::SAML2::Protocol::Artifact to access parts of the ArtifactResponse
- Allow obtaining assertion substatus and allow assertions without NameID
- testapp:
- allow untrusted TLS SOAP connections
- read key and cert from config.yml
- fix metadata generation issues and make signing optional
- only enable logout bindings supported by IdP
- allow for custom attribute mapping by IdP
- Support for Shibboleth and samltest.id IdPs
[ Change Log ]
- 63edefa Increment Version number for release
- 17674de v0.63
0.63 -- Fri Feb 03 19:18:42 AST 2023
[ Significant Changes since 0.62 ]
Maintenance release that has a number of fixes for small issues. This is
the first release in some time that has been tested for SOAP connections and
SOAP Artifacts. The testapp has been updated to fix SOAP and the Shibboleth
and samltest.id IdPs.
- Minimum Perl version has been bumped to 5.12
- Contributors and authors set automatically
- Add Shibboleth and samltest.id as supported IdPs
- Allow encryption certificate in SP metadata
- LogoutRequest was missing NameQualifier and SPNameQualifier needed by some IdPs
- Fix bug in obtaining Assertion dates and message id and improve id validation
- Fix multiple SOAP issues including support for multiple certs in metadata
- New Net::SAML2::Protocol::Artifact to access parts of the ArtifactResponse
- Allow obtaining assertion substatus and allow assertions without NameID
- testapp:
- allow untrusted TLS SOAP connections
- read key and cert from config.yml
- fix metadata generation issues and make signing optional
- only enable logout bindings supported by IdP
- allow for custom attribute mapping by IdP
- Support for Shibboleth and samltest.id IdPs
[ Change Log ]
- 8d0b962 use Moose is equivalent to use strict
- faf3ec7 Update for release 0.63
- 1688e1c Add XsdID as a type for id attribute type checking
- fc6a199 Get the substatus of a failed assertion
- 3c9e4fc Create a Artifact to hold the parts of the Artifact
- 36652dc Fixes perl-net-saml2#152 - Incorrect id set on messages from XML
- 33d9985 Allow assertion without a NameID
- 6a140ca Get the correct dates from the assertions
- 3d291ff testapp: allow attribute mapping by IdP
- 60a3592 testapp: only enable supported IdP logout bindings
- cfc5351 Add Shibboleth and samltest.id as supported IdPs
- c81e384 Fix LogoutRequest's missing NameQualifier and SPNameQualifier for samletest.id
- cf8991a remove eol spaces
- ade3fed testapp: signed metadat messes with testing - make it an option
- 571f7a9 testapp Fix issue in metadata generation missing fully qualified URI
- 01424dd testapp: key and cert should be read from config and missed https options
- 787bd1f Allow encryption key to be specified in the metadata.xml
- f6740e4 testapp: allow SOAP connections to untrusted SSL servers
- eb48fa8 SOAP Some IdPs have issues with newlines in SOAP-ENV
- 83e30e1 SOAP binding should support multiple certs in the IdP Metadata
Use Try::Tiny to handle exceptions
- ef2472d Install Sub::Name without running tests
- dffc8c8 Test::Deep requires perl 5.012 and newer
- e213bae New Year advance Copyright
- 9f8b287 Set sane default values for testing testapp
- bf27ae9 Bump version to .63
- b782aa7 Set authors and contributors
- 013a0c6 Update contributors and reorder alphabetically
- d268c0f Add missing Credit for Gianni in 0.62
0.62 -- Wed Nov 30 21:13:55 AST 2022
Thanks to Gianni Ceccarelli for providing an "insecure" option
to allow a Net::SAML2::Binding::Redirect to be unsigned.
- e59ce1b Increment Version in Git Repo
- 165661e testapp allow the metadata or authnreq to be unsigned
- 9f41ae3 Fix testapp metadata generation
- 303a8a2 Fixes: #128 Support ForceAuthn and IsPassive in AuthnRequest
- 29b45e4 Minor pod updates
- 17772d7 Update version number for release
- 1a5796b Add support to SP for SSO redirect binding without signed auth request
- 736bf78 Merge pull request #119 from dakkar/optional-sp-key
- 2de5268 fix POD typo
- 80658ae Redirect::key still optional, but more explicitly so
- bf7f771 make Redirect::key optional
0.61 -- Tue Oct 04 23:37:21 ADT 2022
[ Significant Changes since 0.59 ]
There are multiple potentially BREAKING CHANGES depending on how you
have written your application. Your application may need updates for
this version.
Same a version 0.60-TRIAL
0.60 -- Mon Sep 19 10:53:23 ADT 2022
[ Significant Changes since 0.59 ]
There are multiple potentially BREAKING CHANGES depending on how you
have written your application. Your application may need updates for
this version.
[BREAKING CHANGES]
- Support multiple signing keys in the metadata. This version attempts
to ensure compatibility but the call to Net::SAML2::IdP->cert will return
an array of certs for each 'use'. It is, however, likely that there will
only be one cert in the array.
- Net::SAML2::Binding::SOAP was improved. The call to
Net::SAML2::Binding::SOAP->handle_request() now returns the XML whereas in
the past it returned the certificate's subject and the xml as an array.
This make it consistent with the Redirect and POST Bindings.
- Net::SAML2::Binding::POST was also improved. Previously the call to
Net::SAML2::Binding::POST->handle_response() returned inconsistent results
depending on whether a cacert was provided. This version returns the XML
of the decoded request.
- The testapp required only changes related to the call to
Net::SAML2::IdP->cert($use) that now returns an ARRAY.
[Changes of note:]
- Support multiple signing keys in the metadata. This version attempts to
ensure compatability but the call to Net::SAML2::IdP->cert will return an
array of certs for each $use. It is, however, likely that there will only
be one cert in the array.
- Redirects now validate the raw URI that is passed to the call. It is
assumed that the URI that your application has sent is unmodified from the
response that the web server received. lighttpd in particular normalizes
the response and will break Redirects from Microsoft Azure
(see lighttpd.conf in xt/testapp for a working configuration)
- Net::SAML2::Binding::SOAP and Net::SAML2::Binding::POST were improved.
- SAML trust anchors were implemented and the verification of the SAML
response was improved. It is possible to validate the response with
subject, issuer or issuer_hash as anchors in addition to the cacert.
Neither cacert nor anchors are required as long as the signature of
the response is valid. The cacert has not been required for the
Redirect or SOAP binding so this treats SOAP the same.
[Required Application Updates]
- There were several changed to the test suite that will likely need to be
made in your application:
- To support metadata.xml containing multiple KeyDescriptors the call to
Net::SAML2::IdP->cert($use) now returns an ARRAY. As this is an helper
function that is meant to allow you to pass the cert to another Net::SAML2
call it was deemed low risk. Your code may be unaffected.
- The call to Net::SAML2::Binding::SOAP->handle_request() needs to be updated
to reflect that it returns only the decoded XML not an array of the
Certificate Subject and XML. Depending how your application uses the
response will determine whether changes are required.
- The call to Net::SAML2::Binding::POST->handle_response() returned
inconsistent results depending on whether a cacert was provided. This
version returns the XML of the decoded request. Previously it returned
either 1 for success or if a cacert was used, either "(verified) and the
certificate Subject" or 0 if the certificate verification failed.
- The lighttpd.conf for the testapp did require a change to prevent it from
"normalizing" a SAML Logout Redirect. There are contradictory RFCs
concerning SAML and the "normalising" URIs. If you use lighttpd in a SAML
application with AZURE as your SAML IdP see
[lighttpd.conf](https://github.com/perl-net-saml2/perl-Net-SAML2/commit/3855393eb454097e1e326a516a573f37ce3456a3#diff-8fd15aaa870fd2b9cda596bf3bb870ce2723ae412e55f0b653124b45d87e1bea)
[Possible Impacts]
- It is worth noting that the testapp (that implements a rudimentary Service
Provider) included in the git repo did not require any changes to the
application for this version.
- While my setup tests against multiple IdPs I do not have a working SOAP
IdP at present.
[ Full Change Log ]
- e95e7c2 Fix bug where two keys with different usage fails
- 33092f1 Add isDefault when isDefault is missing in assertion_consumer_service
- 66a4146 Bump version to .60
- 812ea36 0.59 updates
- f589dd0 v0.59
- c1b25f9 Sync changes with the wiki page and clean up indents
- 2c432f2 Remove unnecessary parameters
- 3855393 Allow URIs that do not include scheme and host in redirect
- e1774b6 Update docs for Net::SAML2::Protocol::LogoutRequest
- fdcfbeb Fix docs for Net::SAML2::Binding::Redirect
- 8d24c89 Update docs for Net::SAML2::Protocol::ArtifactResolve
- 27f6508 Update docs for Net::SAML::SP
- 4a89679 Fix docs for Net::SAML2::Binding::SOAP
- f43727d Verify the SAMLResponse based on the raw query string
- 50f5c8a Fixes #12 - multiple signing keys in metadata
- 4902c89 Make SAML trust anchors work on verification of the SAML request
- af68b68 SOAP binding does not require a cacert anymore
- 1854e35 Implement verify_xml() call which only verifies the XML
0.59 -- Wed Aug 24 22:23:53 ADT 2022
There were no changes other than incrementing the version number
from 0.58-TRIAL.
- 564fa93 (tag: 0.59) Update Changes for .58 release
- 2a43f4e v0.58
0.58 -- Fri Aug 12 16:25:59 ADT 2022
[ Significant Changes since 0.57 ]
You will want to test this release. There are numerous changes and
improvements but nothing that obviously breaks functionality.
- Fix bug where NameID Format was an empty string and broke the
constructor for the LogoutRequest in Net::SAML::SP logout_request.
- Add tests for lowercase URL encoded data
A potential change is upcoming, so we want to have tests to ack/nack
the claims of that new change.
- Enclose SOAP action in double quotes
- Allow error URI to be a full fledged URI in Net::SAML::SP
- The generated id is now 32 bytes of randomness instead of 16 bytes
previously
- SAML2 constants moved to URN::OASIS::SAML2
- Make cacert optional in Net::SAML2::SP as it is only needed for the
SOAP request call
- Add Indexes to the assertion_consumer_service in Net::SAML::SP
This allows you to later on ask for the default assertion service by
using get_default_assertion_service().
- Allow injecting own LWP::UserAgent to IdP new_from_url
- When reading metadata we previously always provided a default NameID
Format. We no longer do this, we only return the NameID format if it
was provided by the metadata.
- Make provider optional in Protocol::ArtifactResolve
Previous versions supplied a default when as_xml was called, this
default has been removed.
- Optional parameters in Binding::Redirect
You now need to supply less parameters when verifying the redirect
request (SAMLResponse).
- Optional attributes for NameID in LogoutRequest
In order to respect the SAML specifications the NameQualifier and
SPNameQualifier are omitted from the LogoutRequest. In case you need
the NameQualifier and the SPNameQualifier you'll now need
include_name_qualifier to be set in the constructor. When the NameID
Format is urn:oasis:names:tc:SAML:2.0:nameidformat:persistent, both
become mandatory. For those who need to set the SPNameQualifier to
be the Affiliation Group ID we have affiliation_group_id for you in
the constructor.
[ Change Log ]
- a245b94 Add test for lowercase url escaping
- ba0a803 Fix author tests with dzil
- 97898a2 fix pod for Assertion->nameid_format
- 523ba92 Add missing POD for nameid, nameid_format in Protocol::Assertion
- fb3085d Update Changes for 0.57
- 6c63ed1 Make attributes in NameID optional
- d69b7dd Install sub::name first to prevent pipeline failures
- 7310b6c Bump version string post .57 release
- 8b83b3e Make params optional in Binding::Redirect for SAMLResponse
- 3b2b96b Use cpm instead of cpanminus
- bc7eb07 nameid_format cannot be a zero length string
- 1c5af31 Be able to inject own LWP::UserAgent to IdP new_from_url
- 2abeb49 Add license to distro
- 3f7c673 Install deps manually
- 7f400a0 Install deps manually
- 14c075c Fix documentation and general code cleanup
- ca9fce1 Small refactor on Protocol::AuthnRequest
- 14fb479 Add builder to Binding::SOAP for LWP::UA
- 70ac5d0 Refactor Binding::SOAP::request
- 830275f Add nameid as a node so we can get the value and/or the format
- 066100f Really make provider optional in Protocol::ArtifactResolve
- 5673bb5 v0.56
- 3c7f390 Set version in main module for downstream developers
- 22dbf06 Remove Dockerfile, we have github actions now
- 18fa0ed Add defaults to Net::SAML2::Binding::Redirect
- 6fe4bdc Fix contributers automaticly from git
- 1348af5 Add the index in the assertion_consumer_service
- 02ab7be Make cacert optional in Net::SAML2::SP
- 858dc57 Remove setting default format when not present in metadata
- 9e7c88a Introduce URN_XXX constants in NET::SAML2::SP
- b2e3020 Change from 16 to 32 bytes of randomness
- 42159bc Allow error URI to be a full fledged URI
0.57 -- Fri Aug 05 23:34:05 ADT 2022
[ Release 0.56-TRIAL as 0.57 ]
[ Significant Changes since 0.55 ]
- Numerous fixes and cleanups thanks to Wesley Schwengle (waterkip)
- Functionality changes mostly limited to Net::SAML2::SP
- metadata signing has been improved
- updates to github actions
- new API for ACS/SLO data in metadata
0.56 -- Sun Jul 24 23:52:56 ADT 2022
[ Significant Changes since 0.55 ]
- Numerous fixes and cleanups thanks to Wesley Schwengle (waterkip)
- Functionality changes mostly limited to Net::SAML2::SP
- metadata signing has been improved
- updates to github actions
- new API for ACS/SLO data in metadata
[ Change Log ]
- signing metadata is now optional
- 8ee4f57 Merge pull request #69 from waterkip/GH-46_acs_and_slo_injections
- 027d300 fixup! Implement new API for ACS/SLO data in metadata
- d81549a Implement new API for ACS/SLO data in metadata
- 01d5fb7 Merge pull request #67 from waterkip/testsuite-defaults
- 7c51e1b Merge pull request #68 from waterkip/GH-actions
- 10b9ab0 Only use defaults/required attrs in net_saml2_sp() test method
- 55d6e5e Install Moose in a seperate action
- f4d0718 Run Github actions on pull requests
- 7eb44fe Make Math::Pari installable
- 1fe7b8b cpanm is provided by the perl images
- 7f0c885 Update perl images in the matrix
- 915adaa Merge pull request #65 from waterkip/GH-cleanup-dist.ini
- f754ad7 Merge pull request #66 from waterkip/GH-46-optional_URIs
- b25642f Make some URI's optional in the constructor
- f01ef30 Remove dependencies from dist.ini
- 57142a1 Merge pull request #64 from waterkip/bug-61
- 5e6c0f0 Add ds:KeyName to md:KeyDescriptor/ds:Keyinfo
- c6b9dfb Fix SAML metadata signing
- b18d316 Add missing pod from PR #62
- 9f8cd26 Merge pull request #62 from waterkip/sign-metadata_optional
- 7e637b7 Make signing metadata optional
- beba53f Merge pull request #63 from waterkip/cert-text_builder
- 493af8c Merge pull request #60 from waterkip/sp-defaults
- 29503c9 Use builder for _cert_text
- 5e94d9c Add defaults to authnreq_signed and want_assertions_signed
- c2e49e4 v0.55
- 159332d (tag: 0.55) Bump version for 0.55 release
0.55 -- Fri Apr 15 21:06:36 ADT 2022
[ Significant Changes since 0.53 ]
Support for EncryptedAssertions is automatic if one is received but the
call to Net::SAML2::Protocol::Assertion must provide a key and cacert to
decrypt the EncryptedAssertion and Verify the Signature on the decrypted
Assertion if it is Signed. No changes are required for existing applications
that do not use EncryptedAssertions.
[ Commits ]
- 159332d Bump version for 0.55 release
- 92a1eb5 Support Unsigned encrypted Assertions
- 39016c6 v0.54
0.54 -- Sat Apr 09 18:13:04 ADT 2022
[ Significant Changes since 0.53 ]
Support for EncryptedAssertion
[ Commits ]
- b166c3e Updates for new Version
- ab8c986 Move to OurPkgVersion and remove VERSION from repo
- 6d1b058 Merge pull request #57 from timlegge/encrypted-assertions
- bff02f7 Minor lighttpd config update for testapp
- 94e42b0 Support EncryptedAssertions
- 34a432c v0.53
0.53 -- Thu Feb 03 21:02:47 AST 2022
[Significant Changes since 0.52]
- Fix bug with Saml LogoutResponse on HTTP-Redirect Binding introduced in 0.52
- testapp: simplify testing by allowing easier testing against multiple IdPs
- 22d2b2a (HEAD -> master) Update version information
- 13c18ee Merge pull request #56 from timlegge/testapp-multiple-idp-support
- a2ff662 Allow custom config.yml file per Identity Provider
- 4bf230a Add support for multiple IdPs to the SamlTest testapp Makes
testing against Multiple IdPs much simpler to setup and configure
- 905f78a SP initiated SAMLLogout has SAMLResponse on redirect
- 378ea9b v0.52
0.52 -- Sun Jan 30 23:17:19 AST 2022
[Significant Changes since 0.49]
- Document IdP and SP initiated LogoutRequest handling
- Fix issue if multiple X509Certificate tags are found in metadata
- 5d70bac Update for official release
- b753644 Update Makefile.PL and README
0.51 -- Sun Jan 30 14:15:43 AST 2022
- d4153b5 v0.51
- a9f5ca5 Fix the Commit ids - forgot to rebase before push
0.50 -- Sun Jan 30 13:59:48 AST 2022
- 8cc6d8e v0.50
- af1deee Add additional deveeloper files to .gitignore
- 8223e85 Remove eol spaces
- 3eb54d3 Create a pid file for lighttpd
- 89393ab Merge pull request #55 from timlegge/master
- 237ef74 NameId Format is optional in the LogoutRequest
- a8ee006 Fix an un reported issue validating URL with extra parameters
- b096862 Fixes issue in Discusion #54 when there are multiple
X509Certificate tags in the metadata
- 11ba7f4 Add information related to the LogoutRequest and
LogoutResponse that can be either SP of IdP initiated
- 5780c6c Move from File::Slurp to File::Slurper
0.49 -- Tue Dec 07 21:22:58 AST 2021
[Significant Changes since 0.46]
- Net::SAML2::XML::Sig is now a subclass of XML::Sig
- XML::Sig 0.52 is now a dependency
- 064f718 v0.49
- 6e76482 Simplify dist.ini and add SignReleaseNotes
- e96982c Bump Version
- 3fc63f5 v0.48
0.48 -- Mon Dec 06 16:53:49 AST 2021
- 8589b4a Update Version
- 9c73463 Missing VERSION and Abstract
- 586fd5b v0.47
0.47 -- Sun Dec 05 15:07:51 AST 2021
- e580299 Update version number
- 837aa20 add strict and warnings to quiet author critic
- 2ff8aeb Merge pull request #51 from timlegge/move-to-xml-sig
- 3634910 test of properly handling comments in nameid and email
- 4c20821 Moving to XML::Sig - keeping them in sync is a pain
0.46 -- Thu Nov 25 21:53:52 AST 2021
- dd9776e Merge pull request #50 from timlegge/issue-38
- 54cf599 Testapp should display unicode
- ac74ac4 Fixes Issue #49 - Issue verifying XML that includes wide characters
- 5afc7dd Add strict and warnings to tests
- c20ed8c Add strict and warnings and move existing to the stop
- 26c53c1 v0.45
- 5397713 (tag: 0.45) Update for new version
0.45 -- Wed Nov 17 17:33:34 AST 2021
- 594d135 add missing use statement (ziali088)
0.44 -- Sun Oct 31 14:33:03 ADT 2021
- Packaging issue reissuing 0.43 without changes
0.43 -- Sat Oct 30 23:09:24 ADT 2021
[Release Version of 0.42]
- No changes
[Significant Changes since 0.40]
- COMPATABILITY WARNING: version 0.44 will likely make sha256 the default
- HTTP-Redirect now supports signing and verifying with more than rsa-sha1
- include HTTP-Post for SingleLogoutService in generated metadata
- Destination missing in LogoutRequest
- Added PingIdentity to the tested IdPs
- Most other changes related to the testapp Saml2Test (in git repo)
- Fix issue with LogoutResponse on HTTP-Redirect for some IdP (Azure, Ping)
- Make SP metadata.xml more configuable and sign
0.42 -- Fri Oct 29 22:35:53 ADT 2021
[Significant Changes since 0.40]
- COMPATABILITY WARNING: version 0.44 will likely make sha256 the default
- HTTP-Redirect now supports signing and verifying with more than rsa-sha1
- include HTTP-Post for SingleLogoutService in generated metadata
- Destination missing in LogoutRequest
- Added PingIdentity to the tested IdPs
- Most other changes related to the testapp Saml2Test (in git repo)
- Fix issue with LogoutResponse on HTTP-Redirect for some IdP (Azure, Ping)
- Make SP metadata.xml more configuable and sign
[Change Log]
- b9d4786 Merge pull request #44 from timlegge/azure-lowercase
- 4f2a40c Update for latest build
- ffd4188 Add issuer to make testing between multiple IdPs clearer
- 1049084 Fix issues with LogoutResponse
- 378c815 Merge pull request #43 from timlegge/metadata
- bfe0966 Sign Metadata
- 1cd0003 Net::SAML2::SP configurable values for metadata
0.41 -- Thu Oct 21 17:59:37 ADT 2021
[Significant Changes since 0.40]
- COMPATABILITY WARNING: version 0.44 will likely make sha256 the default
- HTTP-Redirect now supports signing and verifying with more than rsa-sha1
- include HTTP-Post for SingleLogoutService in generated metadata
- Destination missing in LogoutRequest
- Added PingIdentity to the tested IdPs
- Most other changes related to the testapp Saml2Test (in git repo)
[Change Log]
- 07b68dd v0.41
- c4ec6e2 Merge pull request #38 from timlegge/dist-changes
- 54e612e Improve packaging and update changes
- 1d894a9 testapp: prevent app error if the are no slo_urls
- d6e2ab9 testapp: Change to decoding in sls-redirect-response
- 23240d8 Fixes #30 - Modules withou version and cleanup missing Abstract
- 9c5585b Merge pull request #37 from timlegge/testapp
- c51ba51 Tested compatiblity against PingIdentity
- b4d3fe9 Remove end of line spaces
- 41ef582 testapp: provide documentation on how to use the Saml2Test application
- 5a8ebb7 Fixes #36 testapp: metadata is rendered as text by the browser
- f1e2eca testapp: add .gitignore file testapp
- ca4b8bd Fixes #35: Metadata does not include HTTP-Post for SingleLogoutService
- 64008da testapp: Better org_name
- 22073bb Update certificates with 10 year expiration
- f215c40 testapp: add lightttpd.conf to proxy https traffic to testapp on port 3000
- f92ba77 testapp: provide lighttpd config to deliver a metatdata.xml file
- 2d671a4 Fixes #32: HTTP-Redirect should support more than sha1
- 5e2425a testapp: Make required settings configurable
- f70b0a5 Fixes #34: testapp: Dancer request_uri is not decoded
- 8c0d048 testapp: Fixes #33 Destination is not properly assigned
- 6e0a685 Fixes #31 Destination missing in LogoutRequest
- 652c763 testapp: support post for LogoutResponse
0.40 - 2021-07-26
[Significant Changes since 0.38]
- Add support for Auth0 SAML (bug fix)
- Add options to allow https for metadata urls
[Change Log]
- TDD Update Changes and Increment version
- 314df85 Remove Test::TrailingSpace keeps failing on automatic License file
- 9bc0901 Mention TUTORIAL.md in synopsis and README
- 343ae20 Rename Tutorial
- b5591cc Update documentation for ssl_opts for Idp new_from_url
0.39-TRIAL - 2021-07-25
[Change Log]
- b34f4f8 Update Changes and Increment version
- 5921d12 Fixes #28 support https urls for metadata
- 95a2311 Fixes #29 which also supports Auth0 SAML
- 09591b6 Test InResponseTo on Assertions
0.38 - 2021-07-23
[Change Log]
- 88abdeb Update Changes and Increment version
0.37-TRIAL - 2021-07-21
[Change Log]
- cc4e029 Update Changes and Increment version
- f6227a4 Replace remaining XML::XPath with XML::libXML
0.36-TRIAL - 2021-07-15
[Change Log]
- 7bddf72 Update Changes and Increment version
- be1a42f Remove no_comments call from IdP
0.35-TRIAL - 2021-07-14
[Significant Changes]
Replaces XML::XPath with XML::libXML which is better maintained and more
powerful. XML::libXML options are set to disable loading external documents
and expanding entities as well as disabling network access.
[Change Log]
- a071834 Update Changes and Increment version
- 3741d2a Replace XML::XPath with XML::libXML
- f3887f5 Fixup Contributors and cleanup README
- 9d8c3bd Automatically generate README for repo
- 4a1f2ef Update dist.ini to use Pod2Readme
0.34 - 2021-03-30
[Significant Changes since 0.32]
- Mostly an improvement in documentation
- Implement "full client" test that follows TUTORIAL.md
- TUTORIAL.md documents how to add Net::SAML2 to your web application
- Numerous small bug fixes/enhancements
- Improvements in SP Metadata support
- Add response_status to Assertion object
- XML::Sig version 0.47 (improvements in ECDSA and DSA and other fixes)
[Change Log]
- 1ef0848 Update Changes and Increment version
0.33-TRIAL - 2021-03-28
[Significant Changes]
- Mostly an improvement in documentation
- Implement "full client" test that follows TUTORIAL.md
- TUTORIAL.md documents how to add Net::SAML2 to your web application
- Numerous small bug fixes/enhancements
- Improvements in SP Metadata support
- Add response_status to Assertion object
- XML::Sig version 0.47 (improvements in ECDSA and DSA and other fixes)
[Change Log]
- 844d0be Update Changes and Increment version
- 7fabe59 Merge XML::Sig version 0.47
- d62059f Add Keycloak as a tested SAML provider
- f626fc5 Sign releases
- 86eabae Remove space at eol
- 64c8862 Test requires URI::URL
- 664a0da Merge pull request #27 from timlegge/full-client
- ab7e344 Add missing files
- 971a951 Add missing metadat file
- 171fd63 Merge pull request #26 from timlegge/full-client
- cdfe47e Initial full client test
- 1b07070 Add response_status to Assertion object
- bcee1ea Clarify Net::SAML2::Binding::Redirect cert parameter
- fb126f2 Merge pull request #25 from timlegge/tutorial
- db801af Update pod information
- 1887f90 Fix invalid newlines inserted
- 840585a Update TUTORIAL.MD
- 2987c08 TUTORIAL missing closing tag
- c34dead Merge pull request #23 from timlegge/tutorial
- cf1ac4b Fixes #22 New tutorial for integrating Net::SAML2 in your application
- 67b9ab1 Merge pull request #21 from timlegge/issue19
- 5377ecd Merge pull request #20 from timlegge/issue18
- 339d5f9 Fixes #19: SP Metadata AuthnRequestsSigned and WantAssertionsSigned should be configurable
- 9944c41 Fixes #18 - SP metatdata org_url
- 305c587 Fixes #13 - ProviderName should be a variable
- 68629bd Fixes #14 Improve clarity of documentaion for Redirect
- 8c14615 Fixes #15 Documentation IdP Cert
0.32 16-Jan-2022
Version 0.31-TRIAL with version incremented
Significant Changes since 0.29
1. Replace Crypt::OpenSSL::Verify509
2. Merge latest XML::Sig
780de03 Update Changes and Increment version
0.31-TRIAL 15-Jan-2021
78fe988 Update Changes and Increment version
71d67e5 Merge pull request #11 from timlegge/xml-writer
2c6780a Fixes #10: XML::Writer requires newer version
0.30-TRIAL 13-Jan-2021
Significant Changes
1. Replace Crypt::OpenSSL::Verify509
2. Merge latest XML::Sig
Warning: This release require the installation of Crypt::OpenSSL::Verify.
0d07622 Merge pull request #9 from timlegge/crypt-openssl-verify
929894c Update Changes and Increment version
ccaa892 Remove the installation of Crypt::OpenSSL::VerifyX509 from action
36d0a5c Move to Crypt-OpenSSL-Verify as Crypt-OpenSSL-Verify is not supported
af050d5 Merge pull request #8 from timlegge/merge-xml-sig
91208a2 Update dependencies for Net::SAML2::XML::Sig
359a0bd Merge XML::Sig version 0.39
200c0ae Update some documentation details
ed3c265 Merge XML::Sig version 0.38
dfefef6 Remove XML::Lib added XML Declaration from Signed XML
a39774f Copy updated XML::Sig and update name and version
0.29 12-Jan-2021
Small release to update issues location to be github
6a03758 Update Changes and Increment version
08e1a17 Fixes #7 - Move issues to github
0.28 04-Jul-2020
Increment Version for official release
3cffcc7 Merge pull request #6 from perl-net-saml2/v0.27-prep
9630745 (tag: 0.28, upstream/v0.27-prep) Release Version 0.28
0.27-TRIAL 03-Jul-2020
Some overhaul of the Moose code and a couple of XML::Sig fixes
as well as a fix to work with Perl 5.10 (Upgrade please upgrade)
As a point of interest the external XML::Sig module has been updated
and is now capable of replacing Net::SAML2::XML::Sig
9afd005 Increment version to 0.27
ccba8d8 Update Changes for v0.27
82ed211 Update Changes
5fe44e3 Add contributing info
e9c3fa8 Improve GitHub Action and reduce time required
2ecbc2b Use default Moose types instead of MooseX::Types::Moose
ecee8bf Add predicates to Net::SAML2::Protocol::AuthnRequest
7562ff1 Make use of builders instead of using BUILDARGS
d46073c Specify Canonical exclusive mode for XML::Sig
597d346 RSA|DSAKeyValue have KeyValue element
00f6276 Reverse order of Changes file
6f1ee32 Merge pull request #1 from waterkip/perl-510
ca48803 Fix perl 5.10 issue with `//=` syntax
a31840e Fix github action for newer versions of perl Checkout
patched Crypt::OpenSSL::VerifyX509
6c67af9 Fix perl 5.10 issue with `//=` syntax
739673c Release does not need Docker file
7c346f7 Update README.md
ce250ee Update Makefile Version
3d65d76 Try to fix hard coded directory
13ceb8c Update changes for version 0.26
0.26-TRIAL TBD
Some major changes in the test suite but overall minor changes to
the rest of the module
Thanks to https://github.com/waterkip Wesley Schwengle for the
overhaul of the test suite
15596bb Increment Version
82a8b54 Add pod documentation
62817ca Update changes
c4c7db6 Remove unneeded manual dependency from github workflow
56051db Update testsuite
8c62593 Move testapp to author tests
f4cec75 Remove Data::Dumper
0d1ccd8 Small setup in which Net::SAML2 is build in Docker
4746957 Make it easier to inspect makefile.pl and cpanfile
bae12de Really need to fix this
e399dd2 Missed a hard coded version
09ee6f3 Hard coded directory not ideal
ab5418d (tag: 0.25) Update Changes and increment the version
0.25 Tue, 19 May 2020 23:40:26 GMT
What happened to version v0.21 to v0.24?
The version of the embeded XML::Sig was higher that that of Net::SAML2
which causes some issues in packaging so this release simply skipped the
versions 0.21 to 0.24. Not much else to say
Minor changes for the most part but a requested release based on the
removal of XML::Cannonical. In fact that could be the only functionality
change present.
80db64d Add provides section of META
8b39923 Add github action to test build
38b05fd Make t/author/podcoverage.t a developer only test
7473f54 XML::Canonical was removed as an option due to its age
50d4314 t/09-authn-request.t: update tests for signed requests
bf07c83 Generate META.json via dist.ini
cac4ad7 Add missing pod info for Protocol/ArtifactResolve.pm
b260946 Update README.md
0.20 Mon 13 Apr 2020 22:25 UTC
First official release since 0.17
See Changes for updates includes in prior unofficial releases
b2af5f7 Ignore Build directories and Build archives
4293ece Delete file added by mistake and increment version number
bcfcc21 Embedded tabs to Space
f792089 Protocol/Assertion.pm: improve documentation and test for in_response_to
f7e3965 Improve Redirect dobumentation
474f1b7 Fix lib/Net/SAML2/IdP.pm docs
3087931 Fix up AuthnRequest docs and improve test
4caff6b Add Contributors to dist.ini
bd665c4 (additional-tests) Improve AuthnReq documentation
a492107 Add link to github repo
6fb076c Create README.md
963d871 (tag: 0.20.03-TRIAL) Add dist.ini
f4232c2 Update changes for 0.20.03 TRIAL
0.20.03 TRIAL
The following people have contributed code and fixed issues since
the last official version 0.17 by Chris Andrews
Alessandro Ranellucci <aar@cpan.org>
dmborque@gmail.com
Jeff Fearn <jfearn@redhat.com>
Mike Wisener <mwisener@secureworks.com>
Mike Wisener <xmikew@cpan.org>
Peter Marschall <peter@adpm.de>
Timothy Legge <timlegge@gmail.com>
xmikew <github@32ths.com>
Based on Github repo https://github.com/timlegge/perl-Net-SAML2
6657a95 Delete dynamic packaging files and update version
225a3b4 Missed a trailing space
12230c8 Fix the end of lines
f353d18 Update changes since 0.17 add repo ref
2b6f908 Update changes since 0.17
34b7ce3 Fix #12 Some tests are always passing
6be1c12 Fix Issue #6 - cert required in Binding/Redirect
772f26f Fix Issue #4 - Missing paramaters in SYNOPSIS
17e5aa4 Add additional pod coverage
7d3a69f Fix pod syntax
0.19.05 Sat 4 May 2019
Unreleased
Github release only https://github.com/timlegge/perl-Net-SAML2/releases
b37bb43 Cleanup whitespace issues
a0d3754 (origin/dev) Cleanup whitespace issues
4cb8313 Bump Version
6177d15 XML::Tidy is now a dependancy
b034e7f Remove comments from XML before processing it
8167478 Initial support to remove comments from XML
894e6f3 Testing changes to remove comments
6ecf28e nameid_format is not required
aae8f3b NameIDFormat is optional in metadata
a606e20 Update ProtocolMessage.pm
xsd:ID cannot start with a numberĀ·
Github fork from https://github.com/alranel/perl-Net-SAML2
9d2bcb5 Added parsing of substatus
3d40cd9 Add validation of InResponseTo and fix a bug in assertion
parsing
8bfc7c2 Have issuer and destination be populated for all messages
9818895 Bugfix: due to an upstream bug, attributes parsing did
not work when using custom namespace aliases
4fea809 Make CA validation optional; add assertion_index and
attribute_index
038d418 One more fix for namespace declarations
dd06637 Fix namespace declarations for AuthnRequest
cc77b85 Allow empty AuthnContextClassRef and AuthnContextDeclRef
91509f5 Quotes
29f74d9 Added RequestedAuthnContext to AuthnRequest
7f459c3 Added nameidpolicy_format to AuthnRequest
6ba6096 Added issuer_namequalifier and issuer_format to AuthnRequest
6cc8de3 Bugfix: X509Certificate was not read when input XML didn't use
the 'ds:' alias
1489051 Make the AuthnRequest attributes writeable
f37bdbd Make IdP certificate verification emit a warning instead of
croaking
0.17_06 Tue 2 May 2017
Unreleased
Github Only fork https://github.com/xmikew/perl-Net-SAML2
e6efb23 (tag: v0.17_06) Bump version
211ee5c Bump version
b6abed4 Fix XML::Sig.pm verify function to properly handle nodeset
returns from ->find. ->find always returns something according
to the documentation. Check ->size to determine proper verify
method (cert, rsa, dsa).
f7d26b9 Merge branch 'jfearn-devel'
e5f3140 Clean up add in_response_to to Assertation
5d3256a Added support to Sig.pm for sha's > sha1 Fix Sig.pm to only grap
the root signature, assertating sigs where breaking it Add some
strictures and warnings
b0adf09 Set proper case on XML::XPath attribute
3184145 expose xpath object on the assertion
6f46088 - merge post_with_cert branch > Accept cert_text in POST
constructor and pass along to XML::Sig allows verification
using IDP metadata of POST data.
45ef539 Add XML::Writer
4e3ff81 - AuthnRequest XML generation moved to XML::Writer - Allow
Subject, AssertionConsumerServiceURL and protocol-binding -
Remove requirement of Destination attribute.
a9a7492 (origin/idp_params) Allow slo_urls and art_urls to be undef
- not required by SAMLv2 spec
e3ccd0d Merge branch 'multiple_sig_support'
2596d6a Sig.pm: use Digest::SHA instead of Digest:SHA1
a3e3deb add additional attribute 'key' to Net::SAML2::SP
ebd4c76 IdP.pm: simplify $idp->format() a bit
13bc56d documentation updates
48fc1cb Sig.pm: improve compatibility with simplesamlphp
710d85d tell encode_base64 to not add newlines to returned digest
0.17 Fri 13 Jan 2012 13:41:23 GMT
Handle the InclusiveNamespaces element in XML Signature
Handle embedded certificate data presented without newlines.
0.16 Tue 01 Mar 2011 09:40:13 GMT
Use the IdP's advertised NameID formats.
0.15 Wed 09 Feb 2011 14:55:28 GMT
Handle unwrapped base64 certificate data in IdP metadata.
0.14 Thu 13 Jan 2011 19:26:46 GMT
Add SingleLogout with Redirect binding to SP metadata
Rename local copy of XML::Sig.
0.12 Thu 13 Jan 2011 12:59:02 GMT
PAUSE-hide the local XML::Sig
0.11 Wed 12 Jan 2011 21:07:42 GMT
Test Updates
0.10 Tue 11 Jan 2011 15:11:38 GMT
First usable version.
POD, tests, Moose, etc.
Embeds a local copy of XML::Sig
0.01_01 Mon 4 Oct 2010 12:47:56 BST
Initial version.
This version will correctly perform Web Browser SSO, but
with caveats. See the embedded documentation for details.