Skip to content

OneLogin's SAML PHP Toolkit v2.20.0

Compare
Choose a tag to compare
@pitbulk pitbulk released this 30 May 15:21
· 37 commits to master since this release
  • #586 IdPMetadataParser::parseRemoteXML - Add argument for setting whether to validate peer SSL certificate
  • #585 Declare conditional return types
  • Make Saml2\Auth can accept a param $spValidationOnly
  • #577 Allow empty NameID value when no strict or wantNameId is false
  • #570 Support X509 cert comments
  • #569 Add parameter to exclude validUntil on SP Metadata XML
  • #551 Fix compatibility with proxies that extends HTTP_X_FORWARDED_HOST
  • #487 Enable strict check on in_array method
  • Fix typos on readme.
  • #480 Fix typo on SPNameQualifier mismatch error message
  • Add $spValidationOnly param to Auth
  • Update xmlseclibs (3.1.2 without AES-GCM and OAEP support)
  • Add warning about Open Redirect and Reply attacks
  • Add warning about the use of IdpMetadataParser class. If Metadata URLs
    are provided by 3rd parties, the URL inputs MUST be validated to avoid issues like SSRF
  • Update dependencies
  • Fix test payloads
  • Remove references to OneLogin.