4 Fix for secadv 20060615
9 Support for Apache 2.2, improved autoconf and RPM support
10 Support for some 64-bit platforms (e.g. x86_64 Linux)
11 Misc. fixes and small enhancements
16 Updated fix for secadv 20051227
17 Fixed seldom-used Apache commands
19 Included optional ADFS support
24 Updated fix for secadv 20050901
25 Fixes for bugs involving embedded slashes in RequestMap Paths,
26 inheritance of handler locations in overridden Applications,
27 inheritance of Access Control plugins in RequestMap,
28 creation of per-site script mapping in IIS install
33 Fix for secadv 20050901
38 See http://shibboleth.internet2.edu for details of this
44 This release is a fully compatible minor update
45 to the Shibboleth 1.2.1 release. It addesses problems
46 and small functional gaps identified since the release
47 of the previous version.
51 Support for the target software on Mac OS X
53 Improved target RequestMap handling of web sites
54 running on both http and https.
58 Target build scripts better detect and handle threading
61 Variety of target race conditions and exceptions in RPC
64 Bugs in assertion condition handling.
66 Target RequestMap should ignore query strings.
68 Fixed the library path in Windows resolvertest batch
71 Fixed a crash in extkeytool program.
73 Fixed a file descriptor leak in the IdP.
75 Fixed a bug that prevented the HS from supporting
76 multiple SAML Name Identifier formats.
78 The attribute resolver now retains the order of attribute
79 values obtained from data connectors.
81 The JDBC Data Connector ignores case when mapping
82 sourceName to the attribute name.
84 Minor udpates to documentation.
86 Rev'd dependant java libraries (Xerces, Commons Pool,
94 This release represents a fully compatible minor update
95 to the Shibboleth 1.0 release, and is considered to be
96 ready for production use.
103 Multi-federation support. Most origin configuration,
104 including signing credentials and identifiers, can be
105 overriden depending on the recipient of the assertions.
107 Simplified application architecture. Both origins
108 and targets now reference each other using a single
109 identifier called a "provider id".
111 The Attribute Authority can be configured to answer
112 requests with multiple SAML Subject formats,
113 increasing interoperability with other SAML-based
116 Signing credentials can now be loaded from a variety
117 of formats, including those commonly used with OpenSSL.
119 The origin now validates all requests from 1.2+ targets
120 against federation metadata.
122 Compatibility with 1.1 targets using a "legacy" or
123 "default" configuration.
125 Separate logs are created for errors and transaction
128 Easier logging configuration.
130 Support is included for pulling attribute data from SQL
131 databases using JDBC. The JDBC Data Connector includes
132 support for conection pooling and prepared statements.
134 Mechanism for throttling requests to the Handle Service.
135 This improves performance by preventing the server from
136 becoming saturated with signing requests. Throttle can
137 be adjusted based for servers with more than two CPUs.
139 Support for signatures on all SAML Assertions and
140 Responses, which allows for more interoperability
141 with other SAML-based software and profiles.
143 Attribute Release Policies can contain match functions
144 on attribute values. This allows the release of specific
145 values based on regular expression.
147 Support has been added to the Attribute Authority for
148 using alternate data connectors in the event of a
151 The resolvertest program can now process and enforce
152 Attribute Release Policies.
154 Updated library dependencies, including OpenSAML and XML
155 Security, with substantial performance improvements when
158 Many important bug fixes
164 New XML-based configuration system supporting runtime
165 adjustment of many settings and better integration with
166 supplemental configuration files
168 Ability to partition deployment into "Applications" at the
169 vhost, path, or document level
171 "Lazy" sessions allow applications to redirect browser
172 to initiate a session, allowing content to decide it
173 needs authentication or attributes at runtime
175 Flexible support for multi-federation deployment, including
176 selection of credentials and authorities based on the request
177 and the origin site or federation
179 Support for more types of key and certificate formats
181 Improved pluggability for many aspects of system, including
182 access control modules
184 Clearer trace logging and support for a transaction/audit log
186 Pooling and caching of HTTP and TLS connections to origins
188 Support for alternative SAML name formats for intra-enterprise
189 deployments and better interoperability with SAML products
191 Support for tailoring attribute query behavior, particularly
192 non-fatal failure modes for intelligent applications prepared
193 to deal with missing information
195 Updated library dependencies, including OpenSAML, Xerces parser,
196 XML Security, and support for all GCC 3.x compiler versions
198 Support for Apache 2.0 as well as Apache 1.3 and IIS
200 Many important bug fixes