11/15/04 Version 1.2.1 This release is a fully compatible minor update to the Shibboleth 1.2.1 release. It addesses problems and small functional gaps identified since the release of the previous version. New features in 1.2 ------------------- Support for the target software on Mac OS X Improved target RequestMap handling of web sites running on both http and https. Bug Fixes --------- Target build scripts better detect and handle threading and RPC issues. Variety of target race conditions and exceptions in RPC and socket handling. Bugs in assertion condition handling. Target RequestMap should ignore query strings. Fixed the library path in Windows resolvertest batch file loader. Fixed a crash in extkeytool program. Fixed a file descriptor leak in the IdP. Fixed a bug that prevented the HS from supporting multiple SAML Name Identifier formats. The attribute resolver now retains the order of attribute values obtained from data connectors. The JDBC Data Connector ignores case when mapping sourceName to the attribute name. Minor udpates to documentation. Rev'd dependant java libraries (Xerces, Commons Pool, Commons DBCP) ------- 4/30/04 Version 1.2 This release represents a fully compatible minor update to the Shibboleth 1.0 release, and is considered to be ready for production use. New features in 1.2 Origin ----------------- Multi-federation support. Most origin configuration, including signing credentials and identifiers, can be overriden depending on the recipient of the assertions. Simplified application architecture. Both origins and targets now reference each other using a single identifier called a "provider id". The Attribute Authority can be configured to answer requests with multiple SAML Subject formats, increasing interoperability with other SAML-based software. Signing credentials can now be loaded from a variety of formats, including those commonly used with OpenSSL. The origin now validates all requests from 1.2+ targets against federation metadata. Compatibility with 1.1 targets using a "legacy" or "default" configuration. Separate logs are created for errors and transaction auditing. Easier logging configuration. Support is included for pulling attribute data from SQL databases using JDBC. The JDBC Data Connector includes support for conection pooling and prepared statements. Mechanism for throttling requests to the Handle Service. This improves performance by preventing the server from becoming saturated with signing requests. Throttle can be adjusted based for servers with more than two CPUs. Support for signatures on all SAML Assertions and Responses, which allows for more interoperability with other SAML-based software and profiles. Attribute Release Policies can contain match functions on attribute values. This allows the release of specific values based on regular expression. Support has been added to the Attribute Authority for using alternate data connectors in the event of a failure. The resolvertest program can now process and enforce Attribute Release Policies. Updated library dependencies, including OpenSAML and XML Security, with substantial performance improvements when signing. Many important bug fixes Target ----------------- New XML-based configuration system supporting runtime adjustment of many settings and better integration with supplemental configuration files Ability to partition deployment into "Applications" at the vhost, path, or document level "Lazy" sessions allow applications to redirect browser to initiate a session, allowing content to decide it needs authentication or attributes at runtime Flexible support for multi-federation deployment, including selection of credentials and authorities based on the request and the origin site or federation Support for more types of key and certificate formats Improved pluggability for many aspects of system, including access control modules Clearer trace logging and support for a transaction/audit log Pooling and caching of HTTP and TLS connections to origins Support for alternative SAML name formats for intra-enterprise deployments and better interoperability with SAML products Support for tailoring attribute query behavior, particularly non-fatal failure modes for intelligent applications prepared to deal with missing information Updated library dependencies, including OpenSAML, Xerces parser, XML Security, and support for all GCC 3.x compiler versions Support for Apache 2.0 as well as Apache 1.3 and IIS Many important bug fixes