| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Version 0.2.7
---------------------------------------------------------------------------
* Optionaly ave the remote IdP entityId in the environment
* Shibboleth 2 interoperability
Version 0.2.6
---------------------------------------------------------------------------
* Fix XSS/DOS vulnerability in repost handler.
|
|
|
|
into the include path. Mark as only for Apache 2.2.
|
|
|
|
They are automatically handled automatically by pkgsrc with more
sufficient variables.
|
|
|
|
|
|
* Replay POST requests after been sent to the IdP
* Fix HTTP response splitting vulnerability.
|
|
|
|
* Fix for downloads of files with Internet Explorer with SSL enabled.
* Mark session as disabled as soon as logout starts, in case the IdP
doesn't respond.
* Bugfix for session lifetime. Take the session lifetime from the
SessionNotOnOrAfter attribute if it is present.
|
|
* Improve metadata autogeneration: cleanup certificate, allow Organizarion
element data to be supplied from Apache configuration
|
|
* Make SAML authentication assertion and Lasso session available in the
environement.
* Autogeneration of SP metadata. (Requires Lasso 2.2.2 or newer.)
* Multiple IdP support, with discovery service.
* Built in discovery service which tests the availability of each IdP,
and uses the first available IdP.
* Fix a mutex leak.
* MellonSecureCookie option, which enables Secure + HttpOnly flags on
session cookies.
* Better handling of logout request when the user is already logged out.
|
|
|
|
the user against a SAML 2.0 IdP, and and grants access to directories
depending on attributes received from the IdP.
|
