Release Notes - SX Spring Security Extension - Version saml-1.0.0.RC1 - HTML format

Bug

  • [SES-3] - Error in validation of user session in WebSSOProfileConsumerImpl
  • [SES-14] - Key alias 'apollo' hard-coded in org.springframework.security.saml.metadata.MetadataGenerator
  • [SES-16] - OpenSAML exception on request to example webapp
  • [SES-17] - Error in subject validation in WebSSOProfileConsumerImpl
  • [SES-33] - SAMLLogoutProcessingFilter logout success URL not working
  • [SES-37] - EntitiesDescriptor not supported
  • [SES-38] - WebSSOProfileConsumerImpl fails if there is more than one AudienceRestriction
  • [SES-39] - Metadata displays incorrect URL for proxied requests
  • [SES-42] - Proxied requests for metadata do not reflect host header requested
  • [SES-45] - Problematic logic regarding whether requests are signed
  • [SES-46] - Encrypted assertions ignored in SAML reply
  • [SES-48] - JKSKeyManger not closing InputStream
  • [SES-49] - Sample pages do not display correctly in some browsers
  • [SES-51] - Invalid signature does not result in failure
  • [SES-52] - does not compile using java 5 due to throwing IOException, passing a throwable
  • [SES-58] - SAMLLogoutProcessingFilter not retreiving incoming messages consistently
  • [SES-67] - Http-Post binding request message error
  • [SES-69] - Data returned from SAMLUserDetailsService and UserDetailsService put into different fields of the Authentication object
  • [SES-72] - Signature on SAML metadata cannot be verified
  • [SES-73] - Major security issue - Invalid signatures on SAML assertions not detected
  • [SES-74] - Availability of hosted SP name depends on request sequence
  • [SES-86] - Typo in java property, singingKey (me me me! laaaaaaaaaaaaaaaa!) should be signingKey
  • [SES-93] - Possible bug in SAMLAuthenticationProvider
  • [SES-101] - Success handler not redirecting to RelayState URI
  • [SES-103] - WebSSO with artifact binding fails
  • [SES-104] - SAML client doesn't take into account clock skew when processing NotBefore
  • [SES-105] - Client requires the presence of "NotOnOrAfter" optional element within "SubjectConfirmationData" in SAML Response
  • [SES-106] - HTTPMetadataProvider does not handle tlsKeys correctly
  • [SES-108] - some "getContextPath" call hide reverse proxy config

Improvement

  • [SES-5] - Make velocity log to SLF4J (or other logging library) instead of the file velocity.log
  • [SES-8] - Make attributes sent in response from IDP available in the security context
  • [SES-40] - Add catched exceptions to any exceptions that are thrown
  • [SES-41] - Fix misspellings in the current code base
  • [SES-44] - Make scoping optional
  • [SES-47] - More descriptive error message would be useful
  • [SES-50] - Support SAML RelayState containing Target URI when processing IdP-Initiated SSO
  • [SES-53] - change pom to create attached -sources jar
  • [SES-56] - Allow customization of responseSkew, maxAssertionTime and maxAuthenticationDelay
  • [SES-57] - Enable customization of supported bindings
  • [SES-59] - Add a second constructor to SAMLLogoutFilter
  • [SES-61] - Support for AuthNContext in WebSSO profile
  • [SES-62] - Support for NameIDPolicy in WebSSO profile
  • [SES-66] - Verification of Address in SubjectLocality in the AuthnStatement should be optional
  • [SES-68] - Overriding of addMetadataProvider / removeMetadataProvider in MetadataManager
  • [SES-70] - IDP cannot validate metadata signature
  • [SES-75] - Add support for metadata reloading
  • [SES-76] - Metadata values should be cached for better performance
  • [SES-81] - Enable WebSSO consumer to verify received AuthnContext
  • [SES-89] - Enable customization of AssertionConsumerService
  • [SES-99] - Upgrade to OpenSAML 2.5.1
  • [SES-122] - Support for RelayState in sent requests

New Feature

  • [SES-4] - Make sessions expire according to the session notOnOrAfter in the SAML response message
  • [SES-7] - Single Logout
  • [SES-18] - add support for SAML SOAP binding
  • [SES-28] - SAMLAuthenticationProvider should optionally create the AuthenticationToken with the principal containing the UserDetails
  • [SES-43] - Implement artifact resolution
  • [SES-60] - Custom logging of SAML events
  • [SES-65] - Configuration possibility for the variable futureSkew used in AbstractProfileBase.isDateTimeSkewValid()
  • [SES-77] - Support for extended metadata
  • [SES-78] - User interface should enable users to generate custom metadata
  • [SES-80] - IDP Discovery feature
  • [SES-82] - Add support for SAML 2.0 ECP profile
  • [SES-84] - Support publication of metadata at a Well-known location
  • [SES-85] - Support for metadata XML Signature Profile
  • [SES-88] - Support MetaIOP profile and PKIX validation

Refactoring

  • [SES-79] - Allow autowiring of SAML beans

Task

  • [SES-26] - Upgrade SAML to Spring Security 3 and Spring 3
  • [SES-109] - Create Spring Security 3.1 integration branch
  • [SES-110] - Update to Spring Security 3.1.x

Edit/Copy Release Notes

The text area below allows the project release notes to be edited and copied to another document.