4 Refresh of branch with numerous bug and portability fixes
5 Enhancements to RequestMap
11 Fix for secadv 20061002
16 Fix for secadv 20060615
21 Support for Apache 2.2, improved autoconf and RPM support
22 Support for some 64-bit platforms (e.g. x86_64 Linux)
23 Misc. fixes and small enhancements
28 Updated fix for secadv 20051227
29 Fixed seldom-used Apache commands
31 Included optional ADFS support
36 Updated fix for secadv 20050901
37 Fixes for bugs involving embedded slashes in RequestMap Paths,
38 inheritance of handler locations in overridden Applications,
39 inheritance of Access Control plugins in RequestMap,
40 creation of per-site script mapping in IIS install
45 Fix for secadv 20050901
50 See http://shibboleth.internet2.edu for details of this
56 This release is a fully compatible minor update
57 to the Shibboleth 1.2.1 release. It addesses problems
58 and small functional gaps identified since the release
59 of the previous version.
63 Support for the target software on Mac OS X
65 Improved target RequestMap handling of web sites
66 running on both http and https.
70 Target build scripts better detect and handle threading
73 Variety of target race conditions and exceptions in RPC
76 Bugs in assertion condition handling.
78 Target RequestMap should ignore query strings.
80 Fixed the library path in Windows resolvertest batch
83 Fixed a crash in extkeytool program.
85 Fixed a file descriptor leak in the IdP.
87 Fixed a bug that prevented the HS from supporting
88 multiple SAML Name Identifier formats.
90 The attribute resolver now retains the order of attribute
91 values obtained from data connectors.
93 The JDBC Data Connector ignores case when mapping
94 sourceName to the attribute name.
96 Minor udpates to documentation.
98 Rev'd dependant java libraries (Xerces, Commons Pool,
106 This release represents a fully compatible minor update
107 to the Shibboleth 1.0 release, and is considered to be
108 ready for production use.
115 Multi-federation support. Most origin configuration,
116 including signing credentials and identifiers, can be
117 overriden depending on the recipient of the assertions.
119 Simplified application architecture. Both origins
120 and targets now reference each other using a single
121 identifier called a "provider id".
123 The Attribute Authority can be configured to answer
124 requests with multiple SAML Subject formats,
125 increasing interoperability with other SAML-based
128 Signing credentials can now be loaded from a variety
129 of formats, including those commonly used with OpenSSL.
131 The origin now validates all requests from 1.2+ targets
132 against federation metadata.
134 Compatibility with 1.1 targets using a "legacy" or
135 "default" configuration.
137 Separate logs are created for errors and transaction
140 Easier logging configuration.
142 Support is included for pulling attribute data from SQL
143 databases using JDBC. The JDBC Data Connector includes
144 support for conection pooling and prepared statements.
146 Mechanism for throttling requests to the Handle Service.
147 This improves performance by preventing the server from
148 becoming saturated with signing requests. Throttle can
149 be adjusted based for servers with more than two CPUs.
151 Support for signatures on all SAML Assertions and
152 Responses, which allows for more interoperability
153 with other SAML-based software and profiles.
155 Attribute Release Policies can contain match functions
156 on attribute values. This allows the release of specific
157 values based on regular expression.
159 Support has been added to the Attribute Authority for
160 using alternate data connectors in the event of a
163 The resolvertest program can now process and enforce
164 Attribute Release Policies.
166 Updated library dependencies, including OpenSAML and XML
167 Security, with substantial performance improvements when
170 Many important bug fixes
176 New XML-based configuration system supporting runtime
177 adjustment of many settings and better integration with
178 supplemental configuration files
180 Ability to partition deployment into "Applications" at the
181 vhost, path, or document level
183 "Lazy" sessions allow applications to redirect browser
184 to initiate a session, allowing content to decide it
185 needs authentication or attributes at runtime
187 Flexible support for multi-federation deployment, including
188 selection of credentials and authorities based on the request
189 and the origin site or federation
191 Support for more types of key and certificate formats
193 Improved pluggability for many aspects of system, including
194 access control modules
196 Clearer trace logging and support for a transaction/audit log
198 Pooling and caching of HTTP and TLS connections to origins
200 Support for alternative SAML name formats for intra-enterprise
201 deployments and better interoperability with SAML products
203 Support for tailoring attribute query behavior, particularly
204 non-fatal failure modes for intelligent applications prepared
205 to deal with missing information
207 Updated library dependencies, including OpenSAML, Xerces parser,
208 XML Security, and support for all GCC 3.x compiler versions
210 Support for Apache 2.0 as well as Apache 1.3 and IIS
212 Many important bug fixes