projects
/
shibboleth
/
cpp-sp.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Use shibboleth-sp as package name for compatibility.
[shibboleth/cpp-sp.git]
/
doc
/
RELEASE.txt
diff --git
a/doc/RELEASE.txt
b/doc/RELEASE.txt
index
4c1370a
..
cac7a19
100644
(file)
--- a/
doc/RELEASE.txt
+++ b/
doc/RELEASE.txt
@@
-1,13
+1,19
@@
-Release Notes
+
Shibboleth Native SP
Release Notes
-Shibboleth Native SP
-2.0
-3/17/2008
+Fix/Enhancement Lists:
+https://wiki.shibboleth.net/confluence/display/DEV/SPRoadmap
+
+Important Changes:
+https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPConfigurationChanges
+
+Feature Highlights:
+https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPInterestingFeatures
NOTE: The shibboleth2.xml configuration format in this release
NOTE: The shibboleth2.xml configuration format in this release
-is compatible with the RC1 release. Upgrading from earlier
-releases is NOT supported without replacing the configuration
-file and reapplying changes.
+is fully compatible with the 2.x releases, but there are significant
+new options available to simplify the majority of configurations.
+A stripped down default configuration and a "full" example file are
+included.
Fully Supported
Fully Supported
@@
-33,11
+39,13
@@
Fully Supported
- experimental support for SAML 2.0 assertions
- Shibboleth WAYF and SAML DS protocols for IdP Discovery
- experimental support for SAML 2.0 assertions
- Shibboleth WAYF and SAML DS protocols for IdP Discovery
+ - Generates JSON feed of IdPs using UIInfo metadata extensions
- Metadata Providers
- Bulk resolution via local file, or URL with local file backup
- Metadata Providers
- Bulk resolution via local file, or URL with local file backup
- - Dynamic resolution and caching based on entityID
- - Filtering based on whitelist, blacklist, or signature verification
+ - Dynamic resolution and caching based on entityID or MDX
+ - Filtering based on whitelist, blacklist, or signature verification
+ - Support for enhanced PKI processing in transport and signature verification
- Metadata Generation Handler
- Generates and optionally signs SAML metadata based on SP configuration
- Metadata Generation Handler
- Generates and optionally signs SAML metadata based on SP configuration
@@
-57,6
+65,7
@@
Fully Supported
- XML signing
- Simple "blob" signing
- TLS X.509 certificate authentication
- XML signing
- Simple "blob" signing
- TLS X.509 certificate authentication
+ - SAML condition handling, including delegation support
- Client transport authentication to SOAP endpoints via libcurl
- TLS X.509 client certificates
- Client transport authentication to SOAP endpoints via libcurl
- TLS X.509 client certificates
@@
-68,11
+77,22
@@
Fully Supported
- All incoming SAML 2 encrypted element types (Assertion, NameID, Attribute)
- Optional outgoing encryption of NameID in requests and responses
- All incoming SAML 2 encrypted element types (Assertion, NameID, Attribute)
- Optional outgoing encryption of NameID in requests and responses
+- General Security
+ - Black/whitelisting of XML security algorithms (with xml-security 1.6+)
+ - RSA and ECDSA signatures (EC requires xml-security 1.6+ and support from openssl)
+ - AES-GCM encryption (requires xml-security 1.7+ and support from openssl)
+ - Metadata-based algorithm selection
+
- Attributes
- Decoding and exporting SAML 1 and 2 attributes
- Strings
- Value/scope pairs (legacy and value@scope syntaxes supported)
- NameIDs
- Attributes
- Decoding and exporting SAML 1 and 2 attributes
- Strings
- Value/scope pairs (legacy and value@scope syntaxes supported)
- NameIDs
+ - Base64 to string
+ - XML to base64-encoded XML
+ - DOM to internal data structure
+ - KeyInfo-based data, including metadata-derived KeyDescriptors
+ - Metadata EntityAttributes extension "tags"
- Attribute Filtering
- Policy language compatible with IdP filtering, except that references
- Attribute Filtering
- Policy language compatible with IdP filtering, except that references
@@
-88,7
+108,7
@@
Fully Supported
- Enhanced Spoofing Detection
- Detects and blocks client headers that would match known attribute headers
- Enhanced Spoofing Detection
- Detects and blocks client headers that would match known attribute headers
- -
Does not support Apache mod_rewrite, but can be disabled when necessary
+ -
Key-based mechanism to handle internal server redirection while maintaining protection
- ODBC Clustering Support
- Tested against a few different servers with various drivers
- ODBC Clustering Support
- Tested against a few different servers with various drivers
@@
-101,14
+121,16
@@
Fully Supported
- Reporting of SAML status errors
- Optional redirection to custom error handler
- Reporting of SAML status errors
- Optional redirection to custom error handler
+- Form POST data preservation
+ - Support on Apache for preserving URL-encoded form data across SSO
+
- Apache module enhancements
- Apache module enhancements
- - "OR" coexistence with other authorization modules
- - htaccess-based override of any valid RequestMap property
+ - Apache 2.4 support including authz
+ - "OR" coexistence with other authz modules on older Apache
+ - htaccess-based override of any valid RequestMap property
+ - htaccess support for external access control plugins
- Command line tools
- samlsign for manual XML signing and verification
- mdquery for interrogating via metadata configuration
- resolvertest for exercising attribute extraction, filtering, and resolution
- Command line tools
- samlsign for manual XML signing and verification
- mdquery for interrogating via metadata configuration
- resolvertest for exercising attribute extraction, filtering, and resolution
-
-- Migrating 1.3 core configuration file
- - Stylesheet can handle some common options