Back to releases


Main changes since 1.0.0:

  • Service Provider portal interface
  • Support SOAP based SAML single logout
  • Fixes for CVE-2015-5215, CVE-2015-5216 and CVE-2015-5217.
  • Database schema upgrade and management*
  • Database indexes*
  • Automatic database cleanup
  • A lot of bugfixes

*: This change has required a schema version bump. For information on upgrading your database, see Upgrading.

Detailed Changelog

Jamie Lennox (1):

  • Default --saml-sp-logout/post base on --saml-sp

Jan Pazdziora (1):

  • Make wellknowndir substitution work on Alias line as well.

John Dennis (1):

  • Define PAOS AssertionConsumerService in ipsilon-client-install

Patrick Uiterwijk (30):

  • Add missing requirement on mod_ssl for ipsilon-client
  • Replace some type(...) checks with isinstance(...)
  • Only initialize the OpenID IDP when actually enabled
  • Only initialize the SAML IDP when actually enabled
  • Only initialize the Persona IDP when actually enabled
  • Clear testdir before test run
  • Fix permission check on SP update
  • Enable auto-escaping templates
  • Fix transaction check
  • Move initialization of SAML2 cleanup to init_idp
  • Create database upgrade framework
  • Rename the SAML2 sessions database to saml2_sessions
  • Add SQL primary key and indexes
  • Implement database upgrade for indexes
  • Add test suite for database upgrades
  • Fix initialization of plugin_data table in AdminStore
  • Fix database upgrades from partially initialized schema 1 databases
  • Add openid_extensions table to be created
  • Fix the database upgrade for readonly databases (file-conf)
  • Close connections after creating the tables
  • Implement automatic database cleanup
  • Implement cleeanup for TranStore
  • Implement cleanup for sessions
  • Make it possible to enable database query echoing
  • Implement cleanup for OpenIDStore
  • Make the database upgrade system use logger
  • Also add the store name when reporting data load error
  • Also create plugin UserStore data tables
  • Make it possible to use PluginLoader without store
  • Bump version to 1.1.0

Pierre-Yves Chibon (1):

  • Drop all the calls to .keys() when iterating on the keys of a dict

Rich Megginson (1):

  • ipsilon-client-install give password in env. var.

Rob Crittenden (28):

  • Return PAM errors from mod_intercept_form_submit
  • Add support for logout over SOAP
  • Add client install option to disable logout over SOAP
  • Refactor SP generation to simplify logout testing
  • Include timezone in metadata validUntil value and use UTC time
  • Set the value of WantAuthnRequestsSigned to True
  • Log caught exceptions in server installer at debug level
  • Use full path when constructing "Other authentication methods"
  • Mark the service as readonly in the UI in authpam plugin
  • Report to user if an LDAP error occurs
  • Count IPA as a login plugin when checking for enabled plugins
  • Log a message when authentication is successful but doesn't
  • Validate options of the LDAP auth plugin on installation
  • Add city to info plugin, fetch correct attrs in SSSD
  • SP Portal administrative interface
  • Create cache directory for storing images for SP Portal
  • End-user UI for SP Portal
  • Javascript for filtering the SP by name and description
  • Add CSS to preview an uploaded image
  • Update bootstrap, update/add all of PatternFly, add font-awesome
  • CSS for the SP Portal
  • Regenerate the CSS, add patternfly and styles
  • Build and ship CSS for SP Portal
  • Ship the PatternFlyIcons font in fonts-local.
  • Update REST test to include attributes for SP Portal
  • Flip some debug messages to error messages in SAML2 provider
  • saml_base must be a subpath of saml_auth in client installer
  • Derive splink when registering SP, allow visible = True in SP portal