4 Updated fix for secadv 20050901
5 Fixes for bugs involving embedded slashes in RequestMap Paths,
6 inheritance of handler locations in overridden Applications,
7 inheritance of Access Control plugins in RequestMap,
8 creation of per-site script mapping in IIS install
13 Fix for secadv 20050901
18 See http://shibboleth.internet2.edu for details of this
24 This release is a fully compatible minor update
25 to the Shibboleth 1.2.1 release. It addesses problems
26 and small functional gaps identified since the release
27 of the previous version.
31 Support for the target software on Mac OS X
33 Improved target RequestMap handling of web sites
34 running on both http and https.
38 Target build scripts better detect and handle threading
41 Variety of target race conditions and exceptions in RPC
44 Bugs in assertion condition handling.
46 Target RequestMap should ignore query strings.
48 Fixed the library path in Windows resolvertest batch
51 Fixed a crash in extkeytool program.
53 Fixed a file descriptor leak in the IdP.
55 Fixed a bug that prevented the HS from supporting
56 multiple SAML Name Identifier formats.
58 The attribute resolver now retains the order of attribute
59 values obtained from data connectors.
61 The JDBC Data Connector ignores case when mapping
62 sourceName to the attribute name.
64 Minor udpates to documentation.
66 Rev'd dependant java libraries (Xerces, Commons Pool,
74 This release represents a fully compatible minor update
75 to the Shibboleth 1.0 release, and is considered to be
76 ready for production use.
83 Multi-federation support. Most origin configuration,
84 including signing credentials and identifiers, can be
85 overriden depending on the recipient of the assertions.
87 Simplified application architecture. Both origins
88 and targets now reference each other using a single
89 identifier called a "provider id".
91 The Attribute Authority can be configured to answer
92 requests with multiple SAML Subject formats,
93 increasing interoperability with other SAML-based
96 Signing credentials can now be loaded from a variety
97 of formats, including those commonly used with OpenSSL.
99 The origin now validates all requests from 1.2+ targets
100 against federation metadata.
102 Compatibility with 1.1 targets using a "legacy" or
103 "default" configuration.
105 Separate logs are created for errors and transaction
108 Easier logging configuration.
110 Support is included for pulling attribute data from SQL
111 databases using JDBC. The JDBC Data Connector includes
112 support for conection pooling and prepared statements.
114 Mechanism for throttling requests to the Handle Service.
115 This improves performance by preventing the server from
116 becoming saturated with signing requests. Throttle can
117 be adjusted based for servers with more than two CPUs.
119 Support for signatures on all SAML Assertions and
120 Responses, which allows for more interoperability
121 with other SAML-based software and profiles.
123 Attribute Release Policies can contain match functions
124 on attribute values. This allows the release of specific
125 values based on regular expression.
127 Support has been added to the Attribute Authority for
128 using alternate data connectors in the event of a
131 The resolvertest program can now process and enforce
132 Attribute Release Policies.
134 Updated library dependencies, including OpenSAML and XML
135 Security, with substantial performance improvements when
138 Many important bug fixes
144 New XML-based configuration system supporting runtime
145 adjustment of many settings and better integration with
146 supplemental configuration files
148 Ability to partition deployment into "Applications" at the
149 vhost, path, or document level
151 "Lazy" sessions allow applications to redirect browser
152 to initiate a session, allowing content to decide it
153 needs authentication or attributes at runtime
155 Flexible support for multi-federation deployment, including
156 selection of credentials and authorities based on the request
157 and the origin site or federation
159 Support for more types of key and certificate formats
161 Improved pluggability for many aspects of system, including
162 access control modules
164 Clearer trace logging and support for a transaction/audit log
166 Pooling and caching of HTTP and TLS connections to origins
168 Support for alternative SAML name formats for intra-enterprise
169 deployments and better interoperability with SAML products
171 Support for tailoring attribute query behavior, particularly
172 non-fatal failure modes for intelligent applications prepared
173 to deal with missing information
175 Updated library dependencies, including OpenSAML, Xerces parser,
176 XML Security, and support for all GCC 3.x compiler versions
178 Support for Apache 2.0 as well as Apache 1.3 and IIS
180 Many important bug fixes