3.5.0

• #412 Empty instead of unset the $_SESSION variable
• #433 Fix Incorrect Destination in LogoutResponse when using responseUrl #443
• Update xmlseclibs to 3.1.1
• Add support for SMARTCARD_PKI and RSA_TOKEN Auth Contexts
• Get lib path dinamically
• Check for x509Cert of the IdP when loading settings, even if the security index was not provided
• Support Statements with Attribute elements with the same name enabling the allowRepeatAttributeName setting

OneLogin's SAML PHP Toolkit v2.19.0

• #412 Empty instead of unset the $_SESSION variable
• #433 Fix Incorrect Destination in LogoutResponse when using responseUrl #443
• Add support for SMARTCARD_PKI and RSA_TOKEN Auth Contexts
• Support Statements with Attribute elements with the same name enabling the allowRepeatAttributeName setting
• Get lib path dynamically
• Check for x509Cert of the IdP when loading settings, even if the security index was not provided

OneLogin's SAML PHP Toolkit v3.4.1

• Add setSchemasPath to Auth class and fix backward compatibility

OneLogin's SAML PHP Toolkit v2.18.1

• Add setSchemasPath to Auth class and fix backward compatibility

OneLogin's SAML PHP Toolkit v3.4.0

• Support rejecting unsolicited SAMLResponses.
• Support stric destination matching.
• Reject SAMLResponse if requestID was provided to the validotr but the InResponseTo attributeof the SAMLResponse is missing
• Check destination against the getSelfURLNoQuery as well on LogoutRequest and LogoutResponse as we do on Response
• Improve getSelfRoutedURLNoQuery method
• Only add responseUrl to the settings if ResponseLocation present in the IdPMetadataParser
• Remove use of $_GET on static method validateBinarySign
• Fix error message when Assertion and NameId are both encrypted (not supported)

OneLogin's SAML PHP Toolkit v2.18.0

• Support rejecting unsolicited SAMLResponses.
• Support stric destination matching.
• Reject SAMLResponse if requestID was provided to the validotr but the InResponseTo attributeof the SAMLResponse is missing
• Check destination against the getSelfURLNoQuery as well on LogoutRequest and LogoutResponse as we do on Response
• Improve getSelfRoutedURLNoQuery method
• Only add responseUrl to the settings if ResponseLocation present in the IdPMetadataParser
• Remove use of $_GET on static method validateBinarySign
• Fix error message when Assertion and NameId are both encrypted (not supported)

OneLogin's SAML PHP Toolkit v3.3.1

• Update xmlseclibs to 3.0.4 (CVE-2019-3465)
• Remove Comparison atribute from RequestedAuthnContext when setting has empty value

OneLogin's SAML PHP Toolkit v2.17.1

• Update xmlseclibs to 3.0.4 (CVE-2019-3465)
• Remove Comparison atribute from RequestedAuthnContext when setting has empty value

OneLogin's SAML PHP Toolkit v3.3.0

• Set true as the default value for strict setting
• Relax comparison of false on SignMetadata
• Fix CI

OneLogin's SAML PHP Toolkit v2.17.0

• Set true as the default value for strict setting
• Support 'x509cert' and 'privateKey' on signMetadata security settings
• Relax comparison of false on SignMetadata
• Fix CI