SAML SSO Service Provider
Version 5.1.2
Fixed
- SECURITY PATCH with saml-core/saml2 dependencies. Update REQUIRED! More info can be found here: https://github.com/simplesamlphp/saml2/security/advisories/GHSA-pxm4-r5ph-q2m2#event-375127
Version 5.0.0
Fixed
- Craft 5.0 compatibility
Version 4.1.1
Feature
- Add
samlSpLogoutUrl
for easier logout url generation
Version 4.1.0
Fixed
- Fixing issue with multi-site linking for the external id field
Version 4.0.7
Fixed
- bumping saml-core to use pinned psr/log at 1.1.4
Version 4.0.6.1
Fixed
- revert: issue with logger interface compatibility #197
Version 4.0.6
Fixed
- issue with logger interface compatibility #197
Version 4.0.5
Fixed
- issue with ui https://github.com/flipboxfactory/saml-sp/issues/182
Version 4.0.4
Fixed
- issue with craft version being off compared to the composer version 🤪. fixes #179
Version 4.0.3
Fixed
- issue with custom attributes not being picked up by the validation #177
Version 4.0.2
Fixed
- excluding disabled IdPs in login controller findByEntityId() closing #175
Version 2.7.4
Fixed
- issue with using the default settings for entity id instead of the provider entity id, closing #171
Version 2.7.5
Fixed
- excluding disabled IdPs in login controller findByEntityId() closing #175
Version 2.7.3
Fixed
- updated saml-core: When "This site has it's own base URL" isn't checked but the site is selected. ref: https://github.com/flipboxfactory/saml-sp/issues/139
Version 2.7.2
Fixed
- fixed missing config being passed to the validator for controls on assertions being signed (thanks @lindseydiloreto for catching this and PR). Ref: https://github.com/flipboxfactory/saml-sp/issues/126
Version 2.7.1
Encrypted Assertions are now set to be decrypted before events may interact with them. If you currently decrypt assertions in an custom event, verify the assertion is an instance of
\SAML2\EncryptedAssertion
before decryption.
Added
- Event
\flipbox\saml\sp\events\UserGroupAssign
and\flipbox\saml\sp\services\login\UserGroups::EVENT_BEFORE_USER_GROUP_ASSIGN
manipulate groups to be assigned before assignment #133 - Config (which can be added in
config/saml-sp.php
)mergeExistingGroups
to opt-in to merging groups if desired. Default is true, the groups will be merged. #133
Changed
- Add decrypted assertions to Response after assertions are initially decrypted. See above warning.
Version 2.7.0
Setting have been added to improve security (requireResponseToBeSigned and requireAssertionToBeSigned). It's recommend to update ASAP and leave these enabled. Test login before deploying.
Fixed
- Adding controls to require Response and assertions to be signed. Ref: https://github.com/flipboxfactory/saml-sp/issues/126
Added
\flipbox\saml\sp\validators\Response
\flipbox\saml\sp\validators\Assertion
\flipbox\saml\sp\validators\SignedElement
\flipbox\saml\sp\models\Settings::$requireResponseToBeSigned
\flipbox\saml\sp\models\Settings::$requireAssertionToBeSigned
Version 2.6.10
Fixed
- Fixing validation errors that don't throw exceptions: https://github.com/flipboxfactory/saml-sp/issues/126
Version 2.6.9
Fixed
- Issue with clipboard (using navigator.clipboard with a fallback of the previous method) #113
- Disallow viewing to settings when allowAdminChanges is false #114
Version 2.6.8
Fixed
- Possible issue with SP initiated SSO. Result from 2.6.7 controller changes.
Version 2.6.7
Added
- Ability to be explicit with internal provider when passing a request url.
- docs updates
Version 2.6.5
Fixed
- adding support for when there is not NameID sent and admin is using nameIDOverride.
Version 2.6.4
Fixed
- Fixing migration issue with duplicate metadataOptions error.
Version 2.6.3
Fixed
- Forcing core update for those updating to Craft CMS 3.6 (from a lower version).
Version 2.6.2
Fixed
- Fixing latest login page.
dashboard
isn't a variable, it's the destination (string).
Version 2.6.1
Fixed
- Updated login for Craft version 3.5.18 and greater.
Version 2.6.0
Breaking changes: There are significant endpoint and metadata changes with this release. Please make sure you have a testing site and test this upgrade with your code when you apply this change.
Added
- Better multisite support.
- EntityID is is now editible
Version 2.5.3
Added
- Github Actions CICD! 🚀
Version 2.5.2
Fixed
- Issue where SP and IdP plugin couldn't be installed on the same craft db due to table conflicts.
Version 2.5.1
Fixed
- Issue with EntityID override (added in 2.5.0), fixing https://github.com/flipboxfactory/saml-sp/issues/84
Version 2.5.0
Breaking changes
Changed
- Breaking change: Changed
\flipbox\saml\sp\services\login\User::getByResponse
parameters.
Added
- Added ability to set NameId Override per IdP provider in the backend.
- Added event for before user save,
\flipbox\saml\sp\services\login\User::EVENT_BEFORE_USER_SAVE
.
Version 2.4.1
Fixed
- Missing event
EVENT_AFTER_RESPONSE_TO_USER
. Event was added back in.
Version 2.4.0
Breaking changes: Changed
\flipbox\saml\sp\services\messages\AuthnRequest::EVENT_AFTER_MESSAGE_CREATED
event to use new class\flipbox\saml\sp\events\AuthnRequest
instead of\yii\base\Event
Changed
- Changed the event object used from
\flipbox\saml\sp\services\messages\AuthnRequest::EVENT_AFTER_MESSAGE_CREATED
event to use new class\flipbox\saml\sp\events\AuthnRequest
instead of\yii\base\Event
. AuthnRequest message is now in the$message
property instead of$data
.
Version 2.3.1
Fixed
- Issue with constraint on the Provider Identity table when the user's NameID changes.
Version 2.3.0
autoCreateGroups
functionality has been removed. Automatic creation of user groups, has been removed. This is due to the project >config changes in Craft CMS 3.5. Users are still assigned to a user group when the group >match one existing within Craft. If a user group is not in Craft, the group is logged (as a warning) >and no error is thrown.
responseAttributeMap
functionality has been removed. Please use the admin panel interface.
Added
- Added
nameIdAttributeOverride
setting. This is a system level setting override allowing you to map a username to a different assertion attribute, besides the NameID.
Fixed
- Issue with the
createUser
setting which allowed the user to be created but not login. The user will no longer be created.
Removed / Deprecated
- The following settings have been deprecated while the functionality of the those
settings have been removed:
mergeLocalUsers
autoCreateGroups
responseAttributeMap
Version 2.2.0
Added
- More unit testing!
Changed
- Updated saml-core which upgraded the
simplesamlphp/saml2
library. \flipbox\saml\sp\services\login\UserGroups::assignDefaultGroups
to a protected method\flipbox\saml\sp\services\login\UserGroups::syncByAssertion
to a protected method\flipbox\saml\sp\services\login\UserGroups::getDefaultGroups
to a protected method
Removed
\flipbox\saml\sp\services\Login::login
Version 2.1.12
Fixed
- Issue with diabled provider (My Provider) being picked as own provider when there's an enabled and disable provider with the same EntityId #68
Version 2.1.11
Fixed
- Issue with
autoCreateGroups
plugin setting not doing what it's supposed to do. #65
Version 2.1.10
Fixed
- Issue with saving groups with non-ascii conforming groups.
Version 2.1.9
Added
- Adding Yii events to allow devs to modify RelayState
Version 2.1.8
Added
- Adding setting to turn off base64 encoding of the RelayState:
encodeRelayState
.
Version 2.1.7
Fixed
- Missed a spot with https://github.com/flipboxfactory/saml-sp/issues/57
Version 2.1.6
Fixed
- Issue with missing Assertion Consumer Service URL: Fixing https://github.com/flipboxfactory/saml-sp/issues/58
- Issue CP panel presenting the SLO endpoint, fixing: https://github.com/flipboxfactory/saml-sp/issues/57
Version 2.1.5
Fixed
- Fixed issue with Metadata URL not overwriting the metadata correctly via the control panel and cli.
Added
- CLI command for listing all providers. See
./craft saml-sp/metadata
.
Version 2.1.4
Fixed
- Fixed issue introduced in 2.1.3 Fixes: https://github.com/flipboxfactory/saml-sp/issues/53
- Fixed issue with attributes statements with one attribute (they'd be skipped over). Fixes: https://github.com/flipboxfactory/saml-sp/issues/54
Version 2.1.3
Fixed
- Fixes issue with
GeneralConfig::headlessMode
by explicitly setting response to HTML. Fixes: https://github.com/flipboxfactory/saml-sp/issues/53 - Fixed issue with setting custom fields in Craft 3.4. Now using
setFieldValue
. Fixes: https://github.com/flipboxfactory/saml-sp/issues/53
Version 2.1.2
Fixed
- Fixing issue with migration from 1.x to 2.x. Fixes: https://github.com/flipboxfactory/saml-sp/issues/51
Version 2.1.1.2
Fixed
- Fixing issue with Craft 3.2 twig error within the editableTable
Version 2.1.1.1
Fixed
- Fixing table name for craft installs with prefixes.
Version 2.1.1
Fixed
- Fixing issue with postgres uid - https://github.com/flipboxfactory/saml-sp/issues/49
Version 2.1.0
Fixed
- Fixing issue with requiring admin when project config when
allowAdminChanges
general config is set. - Duplicate
metadata
html attribute id on the edit page - Fixed issue with large Metadata too big for the db metadata column (requires migration) https://github.com/flipboxfactory/saml-sp/issues/48
Added
- Support for Saving Metadata via url (requires migration) https://github.com/flipboxfactory/saml-sp/issues/47
- Support for 3.4 login page
Version 2.0.15
Fixed
- RelayState when going directly to
/admin/login
. If the siteUrl matches the returnUrl, the user will now be redirected to the dashboard (cpUrl('dashboard')
).
Version 2.0.14
Added
- Fixed admin login
Via <IdP>
button relay state, redirecting properly now.
Version 2.0.13
Added
- Added support for HTTP-Redirect https://github.com/flipboxfactory/saml-sp/issues/41
Version 2.0.12
Fixed
- Fixed issue with too many redirects when the site is set to offline. https://github.com/flipboxfactory/saml-sp/issues/42
Version 2.0.11
Added
- Added support for parsing multiple assertions. Possibly related to https://github.com/flipboxfactory/saml-sp/issues/40
Version 2.0.9
Removed
- Removed flipboxfactory/craft-ember package for easier updates with dependancies.
Version 2.0.7
Fixed
- Fixed issue with decrypting assertions
Version 2.0.6
Fixed
- Fixing more xsd schema compatibility. Changed message ids to be compatible.
- Fixed exception when the user tries to logout (SLO) when they are already logged out.
Version 2.0.5
THE 2.0 UPGRADE HAS BREAKING CHANGES. All existing events have changed. Please reference: https://saml-sp.flipboxfactory.com/installation.html#upgrading-to-2-0
Fixed
- Added protocolSupportEnumeration in the metadata. That is required by SAML and stricter IdPs will complain.
Version 2.0.4
THE 2.0 UPGRADE HAS BREAKING CHANGES. All existing events have changed. Please reference: https://saml-sp.flipboxfactory.com/installation.html#upgrading-to-2-0
Fixed
- Fixed AssertionConsumerServiceIndex type. Made it an int like it's intended to be.
Added
- More friendly exceptions when there are configuration issues with IdP or SP, therefore not being found.
Version 2.0.3
THE 2.0 UPGRADE HAS BREAKING CHANGES. All existing events have changed. Please reference: https://saml-sp.flipboxfactory.com/installation.html#upgrading-to-2-0
Fixed
- Issue with the
Via
buttons on the login page pointing to the incorrect endpoint. https://github.com/flipboxfactory/saml-sp/issues/31
Version 2.0.2
THE 2.0 UPGRADE HAS BREAKING CHANGES. All existing events have changed. Please reference: https://saml-sp.flipboxfactory.com/installation.html#upgrading-to-2-0
Version 2.0.1
THE 2.0 UPGRADE HAS BREAKING CHANGES. All existing events have changed. Please reference: https://saml-sp.flipboxfactory.com/installation.html#upgrading-to-2-0
Version 2.0.0
THE 2.0 UPGRADE HAS BREAKING CHANGES. All existing events have changed. If you have hooked or have a custom
attributeMap
(withinconfig/saml-sp.php
), please test the upgrade and sso login completely. Changes will most likely be needed.
Any references to the LightSaml php package need to be changed. LightSAML has been swapped out for the simplesamlphp core package simplesamlphp
Removed
- Remove static method and associated (deprecated) constants:
\flipbox\saml\sp\services\messages\Metadata::getLoginLocation
. Get this from the settings model now. - Remove static method and associated (deprecated) constants:
\flipbox\saml\sp\services\messages\Metadata::getLogoutRequestLocation
. Get this from the settings model now. - Remove static method and associated (deprecated) constants:
\flipbox\saml\sp\services\messages\Metadata::getLogoutResponseLocation
. Get this from the settings model now. - Removed the LightSaml package
Changed
- Switched from the php LightSaml package to the simplesamlphp core lib
Fixed
- Typo in attribute map in the provider table (requires migration)
Added
- Support for environmental variables in the plugin settings. Works better with the project config.
Version 1.0.6
Fixed
- Fixed issues with
\flipbox\saml\sp\services\login\UserGroups::syncByAssertion
deleting existing user groups
Version 1.0.4
Added
- Added config
defaultGroupAssignments
to give the ability to add users by default to certain groups.
Version 1.0.3.1
Fixed
- issue with ACS within the auth and request presented in 1.0.3
Version 1.0.3
Changed
- Broke/cleaned up the Login service
Version 1.0.0
Added
- New Docs! and Tests!