Skip to content

Latest commit

 

History

History
101 lines (72 loc) · 4.97 KB

CHANGELOG.md

File metadata and controls

101 lines (72 loc) · 4.97 KB

Change Log

0.9.0 - 2019-01-09

  • FEATURE - Added SAMLConfigBean.useJdkCacertsForSslVerification flag to allow SSL verifications to be performed by using JDK's cacerts instead of app's keystore file.

0.8.0 - 2018-07-11

  • Moved from Java 7 to Java 8.
  • Dependencies update... organized POM.

0.7.1 - 2018-05-04

  • BUG - CsrfHeaderFilter creates multiple cookies with same name but different path due to possible empty context path, which then uses current request's path. This may cause client side to read the wrong cookie when retrieving the CSRF token.

0.7.0 - 2017-11-28

  • Dropped autowired Environment from SAMLWebSecurityConfigurerAdapter and replaced with ApplicationContext to allow concrete class to access any Spring beans instead of just Environment to configure the security. This will also prevent any lifecycle or circular dependency problems when trying to autowire beans in concrete class.
  • Replaced @PostContruct with @Bean for SAMLWebSecurityConfigurerAdapter.socketFactoryInitialization().

0.6.0 - 2016-07-18

  • Helper class JndiBackedKeystoreService to retrieve keystore info from JNDI value with following format: jks-path,alias,storepass,keypass

0.5.0 - 2016-07-13

  • If samlConfigBean.storeCsrfTokenInCookie is true, then store CSRF token in cookie.
  • Decoupled WebSSOProfileOptions from SAMLEntryPoint to allow user to override SAMLEntryPoint easily.
  • Dependency updates.
[INFO]   cglib:cglib-nodep ..................................... 3.2.2 -> 3.2.4
[INFO]   org.codehaus.groovy:groovy-all ........................ 2.4.6 -> 2.4.7
[INFO]   org.spockframework:spock-core ...
[INFO]                                    1.0-groovy-2.4 -> 1.1-groovy-2.4-rc-1
[INFO]   org.springframework:spring-test ....... 4.2.6.RELEASE -> 4.3.1.RELEASE
[INFO]   org.springframework.security:spring-security-config ...
[INFO]                                           4.1.0.RELEASE -> 4.1.1.RELEASE
[INFO]   org.springframework.security:spring-security-core ...
[INFO]                                           4.1.0.RELEASE -> 4.1.1.RELEASE
[INFO]   org.springframework.security:spring-security-web ...
[INFO]                                           4.1.0.RELEASE -> 4.1.1.RELEASE

0.4.0 - 2016-06-05

  • If samlConfigBean.samlUserDetailsService is provided, then set samlAuthenticationProvider.forcePrincipalAsString to false so that principal represents the userDetails object.
  • Ability to mock security to bypass authentication against ADFS during rapid app development. To use this, samlConfigBean.samlUserDetailsService must be set.
  • Dependency, parent and plugins updates.
com.github.choonchernlim:build-reports ................ 0.2.4 -> 0.3.2
com.google.guava:guava-testlib .......................... 18.0 -> 19.0
junit:junit ............................................. 4.11 -> 4.12
org.codehaus.groovy:groovy-all .............. 2.4.3 -> 2.4.6
org.springframework.security:spring-security-config ...
                                        4.0.3.RELEASE -> 4.1.0.RELEASE
org.springframework.security:spring-security-core ...
                                        4.0.3.RELEASE -> 4.1.0.RELEASE
org.springframework.security:spring-security-web ...
                                        4.0.3.RELEASE -> 4.1.0.RELEASE
org.springframework.security.extensions:spring-security-saml2-core ...
                                        1.0.1.RELEASE -> 1.0.2.RELEASE
maven-compiler-plugin ................................... 3.3 -> 3.5.1

0.3.3 - 2016-04-13

  • Inject Spring environment to get access to project properties file. (#1)

0.3.2 - 2016-03-14

  • Used SAMLContextProviderLB instead of SAMLContextProviderImpl to handle servers doing SSL termination.
  • Dropped SAMLConfigBean.spMetadataBaseUrl.
  • Renamed SAMLConfigBean.adfsHostName to SAMLConfigBean.idpHostName.
  • Added SAMLConfigBean.spServerName.
  • Added SAMLConfigBean.spHttpsPort.
  • Added SAMLConfigBean.spContextPath.

0.3.1 - 2016-03-10

  • Added SAMLConfigBean.spMetadataBaseUrl to manually specify the Sp's metadata base URL to handle situations where servers do SSL termination (HTTPS -> HTTP).
  • Configured metadata generator to use user defined Sp's metadata base URL when generating SAML endpoints URLs.

0.2.2 - 2016-03-08

  • Fixed casing typo from SAMLConfigBean.keyStoreResource to SAMLConfigBean.keystoreResource.

0.2.1 - 2016-03-07

  • Added SAMLConfigBean.keystorePrivateKeyPassword to add password for private key.
  • Kept storepass and keypass separate.
  • Excluded xml-apis from dependency because it's known to cause problems in WAS.

0.2.0 - 2016-03-02

  • Options to allow different authentication method. Default is user/password using IdP's form login page.
  • CustomAuthnContext.WINDOWS_INTEGRATED_AUTHN_CTX to allow Windows Integrated Authentication.

0.1.0 - 2016-02-28

  • Initial.