-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathCHANGELOG
executable file
·101 lines (83 loc) · 4.78 KB
/
CHANGELOG
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
Version 2.1.0
* Plugin
- Add support for the LoA 1.5 uri introduced in Stepup-Gateway 4.0.3 (self-asserted tokens)
- Add support for dynamic LoA based on the authenticating user's group memberships(https://www.pivotaltracker.com/story/show/184488069)
- Improved error feedback to users when the authentication fails based on the SAML status code returned by the Stepup-Gateway. The case where a user does not have a token or does not have a token at a sufficient LoA now has a distinct error message. Requires Stepup-Gateway 4.1.2 or above (https://www.pivotaltracker.com/story/show/184485953)
- Show a specific error when the user's ID for Stepup-Gateway (NameID) cannot be formed and improve logging by the pugin when this happens (#26)
- Update the user facing error messages that are shown by the plugin to make them more consistent (#27)
- Removed support for upgrading from plugin versions before 2.0.3.
- Dependency updates:
- Update Newtonsoft SAML library to 13.0.2
- Update .NET framework to 4.6.2
* Setup
- Remove metadata for the SURFsecureID pilot environment
- Fix setup flow bug where a (default) "yes" was interpreted as a no when changing a SP certificate (https://www.pivotaltracker.com/story/show/176591282)
Version 2.0.4
* Plugin
- Add support for customising the way the NameID is calculated.
Added a NameIdAlgorithm configuration setting to SURFnet.Authentication.ADFS.Plugin.config.xml
that specified the algorithm that is used to. See the included README.md for details.
(https://www.pivotaltracker.com/story/show/172918855)
- Verify the NameID and LOA returned from the SFO gateway as a defense in depth measure
(https://www.pivotaltracker.com/story/show/173368068)
* Setup
- Fix: Error when upgrading from 2.0.2
(https://www.pivotaltracker.com/story/show/173584407)
- Fix: Help texts are not displayed
(https://www.pivotaltracker.com/story/show/173374702)
- Fixed a few situations where "x/y/n/?" did not have the
expected result.
- Update the included metadata of the SURFsecureID test and productions environments.
Removed the old signing certificates.
Version 2.0.3
* Plugin
- Add log messages at INFO level (the default log level) that log authentication related
information (https://www.pivotaltracker.com/story/show/172938062):
- The identity claim of the user that is received from ADFS
- The user's Subject NameID and the ID of SAML AuthnRequest for the SFO server
- The Subject NameID and AuthContextClassRef in the SAML Response from the SFO server
- Require a SAML Response to have 1 Assertion
- Fix: System.NullReferenceException exception after import of a pfx that was created by exporting
a certificate from an unsupported CSP
* Setup
- Make explicit in the Setup output when the UsedSettings.json file is used and when it is
written (https://www.pivotaltracker.com/story/show/173267034)
- In Setup show a notice that no configuration changes were made in install/upgrade mode
when the software is already up to date (https://www.pivotaltracker.com/story/show/173266899)
- Update several Setup messages for clarity
- Show adapter identifier in ADFS in Setup output
Version 2.0.2
* Plugin
- Fix: Missing Dispose() in AD code
* Setup
- Fix: Typing errors in the IdP selection file.
- Fix: Commas and quotes in json registration data.
- Fix: Failing to copy IdP metadata file when using "-r"
- Fix: Outdated metadata files in config directory.
- Fix: Error in dealing with 2.0.0.0
Version 2.0.1
- Fix: Adapter is registered in AD FS with the wrong configuration
- Adapter registration now fails when SURFnet.Authentication.ADFS.Plugin.config.xml is missing
- New bug: does not deal correctly with 2.0.0. Can use "setup -x" of 2.0.0.0 to remove 2.0.0.0
Version 2.0.0
- Replace the powershell based installation script with a CLI based setup.exe
- Support upgrading from version 1.0 and 1.0.1
- Fix: some changes are not applied when the plugin is reconfigured
- Updated Sustainsys to version 2.7.0
- Fix: looking up a user does not work cross domain or cross forest
- Support a second IdP certificate to be configured
- Logging improvements:
- Many improvements to the messages being logged by the plugin
- The current configuration anf version is logged when the plugin is loaded by the AD FS server
- By default debug messages are not logged
- Improved error handling when a user could not be found in AD
Notes:
- Please see README.md for installation and upgrade instructions.
The best way to upgrade from version 1.0(.1) to 2.0 is to use the setup.exe from version 2.x to do the upgrade.
Do NOT uninstall version 1.0(.1) using the uninstall script from version 1.0(.1)
- The format of the configuration files was changed
Version 1.0.1
- Add LoA identifiers for the SURFsecureID public test environment
Version 1.0
- First public release
- Fix issues that were found during security audit