4 Refresh of branch with numerous bug and portability fixes
5 Expanded support for more 64-bit platforms (but not Windows)
6 Auto-detection of Apache version during build
7 Enhancements to RequestMap to support Host and Path regex matches
8 Trust engine changes to align behavior with 2.0 release
9 Optional header spoofing detection by modules
10 Apache module cleanup, including use of environment variables
11 Minor logging improvements
17 Fix for secadv 20061002
22 Fix for secadv 20060615
27 Support for Apache 2.2, improved autoconf and RPM support
28 Support for some 64-bit platforms (e.g. x86_64 Linux)
29 Misc. fixes and small enhancements
34 Updated fix for secadv 20051227
35 Fixed seldom-used Apache commands
37 Included optional ADFS support
42 Updated fix for secadv 20050901
43 Fixes for bugs involving embedded slashes in RequestMap Paths,
44 inheritance of handler locations in overridden Applications,
45 inheritance of Access Control plugins in RequestMap,
46 creation of per-site script mapping in IIS install
51 Fix for secadv 20050901
56 See http://shibboleth.internet2.edu for details of this
62 This release is a fully compatible minor update
63 to the Shibboleth 1.2.1 release. It addesses problems
64 and small functional gaps identified since the release
65 of the previous version.
69 Support for the target software on Mac OS X
71 Improved target RequestMap handling of web sites
72 running on both http and https.
76 Target build scripts better detect and handle threading
79 Variety of target race conditions and exceptions in RPC
82 Bugs in assertion condition handling.
84 Target RequestMap should ignore query strings.
86 Fixed the library path in Windows resolvertest batch
89 Fixed a crash in extkeytool program.
91 Fixed a file descriptor leak in the IdP.
93 Fixed a bug that prevented the HS from supporting
94 multiple SAML Name Identifier formats.
96 The attribute resolver now retains the order of attribute
97 values obtained from data connectors.
99 The JDBC Data Connector ignores case when mapping
100 sourceName to the attribute name.
102 Minor udpates to documentation.
104 Rev'd dependant java libraries (Xerces, Commons Pool,
112 This release represents a fully compatible minor update
113 to the Shibboleth 1.0 release, and is considered to be
114 ready for production use.
121 Multi-federation support. Most origin configuration,
122 including signing credentials and identifiers, can be
123 overriden depending on the recipient of the assertions.
125 Simplified application architecture. Both origins
126 and targets now reference each other using a single
127 identifier called a "provider id".
129 The Attribute Authority can be configured to answer
130 requests with multiple SAML Subject formats,
131 increasing interoperability with other SAML-based
134 Signing credentials can now be loaded from a variety
135 of formats, including those commonly used with OpenSSL.
137 The origin now validates all requests from 1.2+ targets
138 against federation metadata.
140 Compatibility with 1.1 targets using a "legacy" or
141 "default" configuration.
143 Separate logs are created for errors and transaction
146 Easier logging configuration.
148 Support is included for pulling attribute data from SQL
149 databases using JDBC. The JDBC Data Connector includes
150 support for conection pooling and prepared statements.
152 Mechanism for throttling requests to the Handle Service.
153 This improves performance by preventing the server from
154 becoming saturated with signing requests. Throttle can
155 be adjusted based for servers with more than two CPUs.
157 Support for signatures on all SAML Assertions and
158 Responses, which allows for more interoperability
159 with other SAML-based software and profiles.
161 Attribute Release Policies can contain match functions
162 on attribute values. This allows the release of specific
163 values based on regular expression.
165 Support has been added to the Attribute Authority for
166 using alternate data connectors in the event of a
169 The resolvertest program can now process and enforce
170 Attribute Release Policies.
172 Updated library dependencies, including OpenSAML and XML
173 Security, with substantial performance improvements when
176 Many important bug fixes
182 New XML-based configuration system supporting runtime
183 adjustment of many settings and better integration with
184 supplemental configuration files
186 Ability to partition deployment into "Applications" at the
187 vhost, path, or document level
189 "Lazy" sessions allow applications to redirect browser
190 to initiate a session, allowing content to decide it
191 needs authentication or attributes at runtime
193 Flexible support for multi-federation deployment, including
194 selection of credentials and authorities based on the request
195 and the origin site or federation
197 Support for more types of key and certificate formats
199 Improved pluggability for many aspects of system, including
200 access control modules
202 Clearer trace logging and support for a transaction/audit log
204 Pooling and caching of HTTP and TLS connections to origins
206 Support for alternative SAML name formats for intra-enterprise
207 deployments and better interoperability with SAML products
209 Support for tailoring attribute query behavior, particularly
210 non-fatal failure modes for intelligent applications prepared
211 to deal with missing information
213 Updated library dependencies, including OpenSAML, Xerces parser,
214 XML Security, and support for all GCC 3.x compiler versions
216 Support for Apache 2.0 as well as Apache 1.3 and IIS
218 Many important bug fixes