djangosaml2

What's Changed

• Better logging for _get_attribute_value to debug wrong configurations by @bthorben in https://github.com/IdentityPython/djangosaml2/pull/345

New Contributors

• @bthorben made their first contribution in https://github.com/IdentityPython/djangosaml2/pull/345

Full Changelog: https://github.com/IdentityPython/djangosaml2/compare/v1.5.2...v1.5.3

What's Changed

• bumped pyupgrade python target version to 3.7 by @g-as in https://github.com/IdentityPython/djangosaml2/pull/330
• chore: some CI improvements by @peppelinux in https://github.com/IdentityPython/djangosaml2/pull/331
• Django 4.1 compat by @g-as in https://github.com/IdentityPython/djangosaml2/pull/337:
  • default_app_config was removed.
  • next_page on LOGOUT removed

Full Changelog: https://github.com/IdentityPython/djangosaml2/compare/v1.5.0...v1.5.1

• fix: idp hinting invalid import

• Read the docs
• Information exposure mitigation on SSO login view

• feature: Idp Hinting
• params: SAML_DEFAULT_BINDING for SSO
• code cleanup in SSO

• typo error in Exception message
• fix(discovery_service): add missing imports and replace non existing variable came_from with next_path (#258)

• Fix default relay state bug (#253)
• Add backend.user_can_authenticate() to allow for additional checks (#254)
• ACS custom_validation method for additional checks

• code linting, cleanup. Not enough but better than before
• Documentation: Replace signal with hooks (#251)
• Better saml_attribute handling in backend - more resilient
• Add session_info to user auth failed template (#248)
• Fix SAML_ACS_FAILURE_RESPONSE_FUNCTION override
• Update Custom Error Handler docs

• logger.debug('Login process started') cleaned up
• fixed echo_Attributes template and null lenght of saml_attributes

• logout improved
• wayf improved

• RequestVersionTooLow exception handled in ACS
• Better exception handling for Malformed SAML Response
• pySAML2 dep up to v6.5.1

v1.0.1 (2020-01-20)

• PySAML2 dependency, security update
  https://github.com/IdentityPython/pysaml2/commit/12ec4a70c5aaf4c144f6b30a158193ca99bc76cd

• General code refactor based on Django ClassViews
• Better Code Coverage
• Discovery Service support
• HTTP-Redirect with optional signed authn requests

Discovery Service support

Minor release with two bugfixes. The first regards the missing signature in http-redirect sso binding, the second came with the latter changes introduced by SameSite cookie, now fixed.

• Allow a SSO request without any attributes besides the NameID info. Backwards-incompatible changes to allow easier behaviour differentiation, two methods now receive the idp identifier (+ **kwargs were added to introduce possible similar changes in the future with less breaking effect):
  • Method signature changed on Saml2Backend.clean_attributes: from clean_attributes(self, attributes: dict) to clean_attributes(self, attributes: dict, idp_entityid: str, **kwargs)
  • Methodignature changed on Saml2Backend.is_authorized: from is_authorized(self, attributes: dict, attribute_mapping: dict) to is_authorized(self, attributes: dict, attribute_mapping: dict, idp_entityid: str, **kwargs)
• SAML session refactor and minor changes in README file
• local Logout - indipendent by IdP SLO Response

SameSite workaround with a specialized cookie decoupled from django default one

• Bugfix: Always save newly created users when ATTRIBUTE_MAPPING is missing in the config
• pySAML2 v5.3.0

• Fixed creating new user with iexact lookup

• Support several required fields during User creation
• Don't pass sigalg parameter when not signing login request
• ALLOW_SAML_HOSTNAMES validation for redirect
• Custom attribute mapping for Django user model (example)
• Slo absence workaround
• Metadata EntityID exception handling
• Fix unsigned authentication request to POST endpoint
• py38 Test fixes
• CI with Github actions
• Backend restructuring for easier subclassing
• Assertion consumer service now more extensible as a class-based view
  with hooks that can be overridden by subclass implementations.