Skip to content

Releases: silverstripe/silverstripe-saml

3.1.0

12 Feb 21:30
@satrun77 satrun77
3.1.0
3f211b5
Compare
Choose a tag to compare
3.1.0 Latest
Latest

What's Changed ❤️

  • NO-ISSUE: Resolve comment typo. by @s-kerdel in #50
  • Fix BackURL redirect with strict or lax session cookie security. by @mateusz in #55
  • Pulls/update hooks extend method by @ishannz in #54
  • Don't use singleton for getForm by @blueo in #56

New Contributors ❤️

Full Changelog: 3.0.0...3.1.0

Contributors

mateusz, blueo, and 2 other contributors
Assets 2
Loading

3.0.0

08 Aug 03:00
@wilr wilr
3.0.0
3689968
This commit was signed with the committer’s verified signature.
wilr Will Rossiter
GPG key ID: 9CD50F87382CDF52
Learn about vigilant mode.
Compare
Choose a tag to compare
3.0.0

What's Changed

New Contributors

Full Changelog: 2.1.2...3.0.0

Contributors

jules0x, DorsetDigital, and MelissaWu-SS
Assets 2
Loading

2.1.2

09 Oct 21:12
@satrun77 satrun77
2.1.2
de6c24e
Compare
Choose a tag to compare
2.1.2

What's Changed

  • Bug: Add configuration to allow nameId to not be validated by @chrispenny in #43

New Contributors

Full Changelog: 2.1.1...2.1.2

Contributors

chrispenny
Assets 2
Loading

2.1.1

27 Sep 05:14
@satrun77 satrun77
2.1.1
010496a
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
2.1.1

What's Changed

New Contributors

Full Changelog: 2.1.0...2.1.1

Contributors

UndefinedOffset
Assets 2
Loading

2.1.0

11 Aug 04:23
@satrun77 satrun77
2.1.0
880b3ea
Compare
Choose a tag to compare
2.1.0

What's Changed

  • Fix incorrect guid validation by @JakubDolba in #22
  • FIX: always validate received guid value by @JakubDolba in #23
  • FIX: creating LoginForm from Authenticator by @JakubDolba in #24
  • Add: GUID Transformation by @JakubDolba in #18
  • FIX: create SAMLHelper instance sooner (undefined Helper usage) by @JakubDolba in #25
  • FIX: developer docs - incorrect description how to disable sending AuthN context by @JakubDolba in #26
  • Documentation corrections by @axllent in #28
  • Support backticked environment variables in saml config by @ishannz in #35
  • Feat(Attribute Mapping): Allow the use of opt in GUID/nameid as attribute. by @LiamKearn in #36
  • Add: possibility to use additional get-query parameters to SAML Request by @JakubDolba in #27

New Contributors

Full Changelog: 2.0.0...2.1.0

Contributors

axllent, ishannz, and 2 other contributors
Assets 2
Loading

v2.0.0

20 May 23:58
@madmatt madmatt
2.0.0
5d1ea13
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v2.0.0

This release adds support for using Azure AD as an identity provider (IdP).

It also resolves medium and minor severity security issues with v1.0, and is a recommended upgrade.

This update makes one small backwards-incompatible change: instead of relying on YML configuration to determine whether or not to keep users logged in (via auto-login cookies), it will never keep users logged in, as this should be transparent when using the middleware, and is not secure if not using it (as we can't guarantee whether the user is still allowed access or not, as only the IdP knows that). This should not affect most sites using the module.

Assets 2
Loading

v1.0.0

05 Nov 23:37
@NightJar NightJar
1.0.0
4077e54
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.0.0

First stable release of the silverstripe/saml module, which partially replaces the silverstripe/activedirectory module for SilverStripe 4.

Breaking API Changes:

  • Split silverstripe/activedirectory module into silverstripe/saml and silverstripe/ldap modules
  • Upgrade modules to support SilverStripe 4
  • Remove SAMLSecurityExtension and replace with configurable SAMLMiddleware to enforce SSO on all website requests
  • Stop SAMLAuthenticator::authenticate() from redirecting users to the IdP. This causes all kinds of issues (e.g. in cases where there are multiple authenticators)
  • Stop SAMLLoginHandler from extending LoginHandler, because it only deals with login
  • Move the SAML redirection from SAMLAuthenticator::authenticate() to SAMLHelper::redirect() so that it can be called by both SAMLLoginHandler and SAMLMiddleware

Non-breaking API Changes:

  • Update module to work as a vendormodule so it's not installed in web-root
  • Update onelogin/php-saml requirement to the latest v3.0.0 stable version which allows support for PHP 7.2 (no longer relies on the deprecated mcrypt PHP extension)

New features (since module split):

  • Add new authn_contexts array to allow developers to specify specific AuthN context classes that can be used for SSO. This helps when dealing with ADFS servers that enforce a specific ordering that places Password authentication ahead of windows, meaning that users are forced to login when reaching ADFS instead of being logged in automatically.

Bug Fixes:

  • Completely re-write the SAMLController::acs() method so that it actually works, and gracefully handles SAML authentication errors
  • Ensure a Member is written to the DB, and use the new IdentityStore API to correctly log users in

Documentation:

  • Update documentation to remove references to AD sync (which is part of the silverstripe/ldap module)
  • Generally tidy up developer documentation
Assets 2
Loading