Releasedate: 2. April 2009

Releasenote

This release contains a number of bug fixes and new features.

Please notice a security fix in SPFilter which allowed access in some cases where the local session timed out.

Changes

4340. do not run SessionDestroyListener if no SessionHandler has been configured
4339. a little developer information added to readme.txt — jre / detail
4338. security fix: Timeout of local session did not remove assertion from SessionHandler. SPFilter did not check if the httpsession still contained an assertion, so in some cases, access was granted even though the session had been destroyed. Fixed by checking for an assertion in SPFilter. Also, a HttpSessionListener has been added for additional cleanup.
4337. upgraded discovery war file
4336. audit log discovered idps in a human readable way
4333. improved audit logging
4332. test request url rewriting when using oiosaml in a clustered environment or behind a reverse proxy
4297. fix ivy dependencies when using recent versions of ivy
4288. do not log entire message, this seems to break the signature (in unitttesting at least)
4286. set svn mime types so online browsing works a little better
4285. refactored audit logging - removed LogUtil and added new Audit class, and rewritten audit loggin statements
4277. refactored protocol handling to support other bindings than saml2 protocol bindings
4276. write no cache headers in meta redirect pages
4275. save request id before handing over to binding handler
4273. added support for user prompting when idp discovery is active but no idp could be discovered automatically
4272. display an index page with protocol endpoints on the SAML dispatcher servlet
4267. support url fragments when redirecting to and from idp (requires javascript)

Filer og referencer