- removed obsolete 0001-Always-use-base64.encodebytes-base64.encodestring-ha.patch
- Update to 7.0.1:
* 7.0.1 (2021-05-20)
- Preserve order of response bindings on IdP-initiated logout
- Fix use of expected binding on SP logout
* 7.0.0 (2021-05-18)
- **BREAKING** Replace encryption method rsa-1_5 with rsa-oaep-mgf1p
- Add documentation next to the code
* 6.5.2 (2021-05-18)
- Add shibmd_scopes metadata extractor
- Allow the Issuer element on a Response to be missing
- Respect the preferred_binding configuration for the single_logout_service
- Fix logout signature flags for redirect, post and soap requests
- Respect the logout_requests_signed configuration option
- Fix crash when applying policy on RequestedAttribute without a friendlyName
- Correctly validate IssueInstant
- Correctly handle AudienceRestriction elements with no value
- Raise InvalidAssertion exception when assertion requirements are not met
- Raise SAMLError on failure to parse a metadata file
- Raise StatusInvalidAuthnResponseStatement when the AuthnStatement is not valid
- Handle all forms of ACS endpoint specifications
- tests: Always use base64.encodebytes; base64.encodestring has been dropped
- build: Set minimum version needed for xmlschema
- docs: Update Travis CI badge from travis-ci.org to travis-ci.com
- examples: Fix example code
OBS-URL: https://build.opensuse.org/request/show/903776
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-pysaml2?expand=0&rev=60
- Update to 6.5.0 - Security release
* Fix processing of invalid SAML XML documents - CVE-2021-21238
* Fix unspecified xmlsec1 key-type preference - CVE-2021-21239
* Add more tests regarding XSW attacks
* Add XML Schemas for SAML2 and common extensions
* Fix the XML parser to not break on ePTID AttributeValues
* Fix the initialization value of the return_addrs property of the StatusResponse object
* Fix SWAMID entity-category policy regarding eduPersonTargetedID
* data: use importlib to load package data (backwards compatibility through the importlib_resources package)
* docs: improve the documentation for the signing_algorithm and digest_algorithm options
* examples: fix the logging configuration of the example-IdP
* tests: allow tests to pass on 32bit systems by properly choosing dates in test XML documents
* tests: improvements on the generation of response and assertion objects
* tests: expand tests on python-3.9 and python-3.10-dev
- added new build dependencies:
* python3-importlib-resources
* python3-xmlschema
* update-alternatives
- removed obsolete avoid-too-large-dates.patch
- replaced %python3_alternative by %python_alternative
OBS-URL: https://build.opensuse.org/request/show/865074
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-pysaml2?expand=0&rev=52
- Fix extraction of RegistrationInfo when no information is available
- Fix http_info struct to include status-code
- Allow to specify policy configurations based on the registration authority.
- Add new configuration option `logout_responses_signed` to sign logout responses.
- When available and appropriate return the ResponseLocation along with the Location
attribute.
- Always use base64.encodebytes; base64.encodestring has been dropped.
- Examples: fix IdP example that was outputing debug statements on stdout that became
part of its metadata.
- CI/CD: Use Ubuntu bionic as the host to run the CI/CD process.
- CI/CD: Pre-releases are now available on [test.pypi.org][pypi.test.pysaml2]. Each
commit/merge on the master branch autotically creates a new pre-release. To install a
prelease, run:
- Fix the generated xsd:ID format for EncryptedData and EncryptedKey elements
- Set the default value for the NameFormat attribute to unspecified when parsing
- Support arbitrary entity attributes
- Replace all asserts with proper checks
- Allow request signing in artifact2message
- Support logging configuration through the python logger
- Fix wrong identifiers for ecdsa algos
- Fix automatic inversion of attribute map files
- Factor out common codepaths in attribute_converter
- Remove uneeded exception logging
- Docs: Update configuration options documentation
- Examples: Support both str and bytes in SAML requests on the example idp
- Examples: Update to key generation to 2048 bits
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-pysaml2?expand=0&rev=46
- update to 6.1.0:
* Fix signed logout requests flag
* Differentiate between metadata NameIDFormat and AuthnRequest NameIDPolicy Format
- Users using `name_id_format` to set the `<NameIDPolicy Format="...">` attribute now
need to use the new configuration option `name_id_policy_format`.
* Fix documentation formatting
* Fix generation of signed metadata
* Add attribute mappings used by SwedenConnect (DIGG, INERA and PKIX specifications)
* Update SWAMID entity category
* Document the `additional_cert_files` configuration option
OBS-URL: https://build.opensuse.org/request/show/820452
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-pysaml2?expand=0&rev=44
- Fix check for nameid_format set to the string "None" in the configuration
- Fix presence of empty eIDAS RequestedAttributes element on AuthnRequest
- Refactor create_authn_request method to be easier to reason about
- Fix NameIDPolicy checks for allowed Format and allowCreate values
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-pysaml2?expand=0&rev=42
- support eIDAS RequestedAttributes per AuthnRequest
- fix xmlsec1 --id-attr configuration option value
- do not remove existing disco URL query params
- load attribute maps in predictable order
- better error message when AudienceRestriction does not validate
- always use base64.encodebytes instead of base64.encodestring
- update the eIDAS attribute mapping for legal person
- fix py_compile warnings
- fix pylint errors and warnings
- various small fixes
- add Python3.8 as supported
- tests: fix validity dates
- docs: document default value for 'want_response_signed'
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-pysaml2?expand=0&rev=40
* Refactor the way ForceAuthn is set: check for "true" and "1"
* Allow to set NameQualifier and SPNameQualifier attributes for ePTID
* Parse assertions with Holder-of-Key profile
* Add created_at timestamps to all mongodb documents
* Look for existing persistent id's before creating new ones
* Do not add AllowCreate property for default transient NameID
* Enable entity category import from module search path
* Add SAML subject identifier attributes to saml2_uri attributemap
* Fix deprecation warning regarding the cgi module - use the html module when available
* Misc minor improvements
* tests: Be compatible with latest pytest
* tests: Make tests pass after 2024
* tests: Add py37 as a test target
* docs: Correct instructions to run tests
* docs: Fix misc typos
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-pysaml2?expand=0&rev=27
