Changes in Release 2.3.4
=============================================
[SIDP-508] - NullPointerException in AuthenticationEngine
[SIDP-510] - Error with stack trace when passive cannot be honored
[SIDP-511] - ExternalAuthnSystemLoginHandler does not support forceAuthn/isPassive
[SIDP-512] - idpui taglib should iterate over all browser aproved languages
[SIDP-513] - idpui taglib could look for more languages matches
[SIDP-514] - Alt text for IdP Logos is not esapiEncoder.encodeForHTMLAttribute
[SIDP-516] - Example login.jsp / Usage of label tag
[SIDP-519] - Switching between multiple login handlers cause first context to be sticky in Shib-Authentication-Method
[SIDP-520] - Ipad/iOS devices will auto capitalize text entered into the IdP login screen, which can cause errors. Adding an HTML element will prevent that
[SIDP-521] - Allow specificying file location of renewed key and certificate
[SIDP-522] - supplied examples shouldn't promote federation URIs as relying parties
[SIDP-523] - Add access to inbound AuthnRequest
Changes in Release 2.3.3
=============================================
[SIDP-504] - Alt text generate for logo has mismatched quoting
Changes in Release 2.3.2
=============================================
[SIDP-500] - shibboleth-identityprovider-2.3.1 installer broken on Windows 7 (64-bit) and Windows XP
- Update version of Shib Common library
Changes in Release 2.3.1
=============================================
[SIDP-490] - REMOTE_USER handler not detecting empty value
[SIDP-491] - Stylesheet link in login.jsp is not inside the head tag
[SIDP-492] - bin/version causes exception
[SIDP-494] - login.config sample needs updating
[SIDP-497] - Queries should return the same NameID supplied by the caller
Changes in Release 2.3.0
=============================================
[SIDP-272] - Regenerate self-signed certificate with installer task
[SIDP-404] - Add an install-time setting for the path to web.xml
[SIDP-429] - Limit metadata SP credential resolution for encryption to RSA keys only
[SIDP-442] - Add JSESSIONID and ClientIP to MDC
[SIDP-448] - Create a login handler that provides authn "state" data to an external authentication
system and has that system authenticate the user.
[SIDP-461] - Add legacy Shib SSO protocol as binding for IdP-initiated SSO for SAML 2.0
[SIDP-464] - An SPNameQualifier in NameIDPolicy always treated as an affiliation
[SIDP-468] - Add taglib to simplify rendering login pages.
[SIDP-469] - eduPersonTargetedID Could Be Separately Commented
[SIDP-471] - Taglibs appear to be caching SP information
[SIDP-401] - Quick installer no longer does special things to the Tomcat installation for the "administrator" login
[SIDP-474] - NPE in taglib processing (bug never released).
[SIDP-475] - Better login page for IdP
[SIDP-478] - ECP profile support
[SIDP-480] - Update POM to add plugin versions, use / publish to Shib.net Repo, and attach generated source and Javadocs
[SIDP-482] - JSP pages should HTML-encode any strings they handle
[SIDP-483] - Log Completed, Unencrypted SAML Assertion
[SIDP-484] - Login stops at AuthnEngine with an empty page
[SIDP-485] - inside HTML pages must have alt attribute.[SIDP-486] - login.jsp page contains old wiki link
[SIDP-487] - More login.jsp changes (CR/LF issues, missing period)
[SIDP-488] - PeerEntityId property not set on SAML queries
[SIDP-489] - Typos in idpui.tld
Changes in Release 2.2.1
=============================================
[SIDP-286] - Configurable validity period for self signed certificate
[SIDP-417] - Shib deployed to root web context, SSOProfileHandler forwards to "/null/AuthnEngine"
[SIDP-421] - Error logging SOAP queries
[SIDP-422] - aacli.sh Exception in thread "main"
[SIDP-426] - Forced authentication does not reset the AuthnInstant
[SIDP-427] - Incorrect handling of returned authn error in SSO profile handlers
[SIDP-428] - Address lifecycle issues around use of MetadataCredentialResolverFactory
[SIDP-431] - Typo in default attribute-resolver.xml
[SIDP-433] - Update libs for 2.2.1
[SIDP-434] - More Typos in Default attribute-resolver.xml
[SIDP-432] - Set explicit caching headers on redirects
[SIDP-435] - Different principal used for index into session storage and transient ID
[SIDP-436] - Null AuthnContextClassRef causes NPE
[SIDP-438] - Improve user experience when switching versions of SAML
[SIDP-443] - Profile handlers override encoder nameQualifier setting
[SIDP-447] - Fix for SIDP-417 missed RemoteUserLoginHandler
[SIDP-450] - NPE with AttributeQueryProfile when there are errors resolving attributes
[SIDP-452] - Facilitate replay detection to Shibboleth SSO
[SIDP-453] - Session inactivity timeout being treated as a hard expiration time
[SIDP-457] - would be nice to include displayName in default attribute resolver
Changes in Release 2.2.0
=============================================
[SIDP-416] - MetadataProviderObserver leak, new one added on every login
[SIDP-415] - SAML name identifier value not logged in audit log
[SIDP-413] - Change link of example login page
[SIDP-411] - Check for loginContext != null at login.jsp
[SIDP-409] - Pass IdP w/o authenticating
[SIDP-407] - Shibboleth SSO profile handler sets incorrect protocol string in outbound message context
[SIDP-403] - Use text/xml as the media type for returned metadata unless user agent request metadata media type
[SIDP-402] - Update 3rd party libraries for 2.2 release
[SIDP-397] - Remove any unit test that won't be fixed in the 2.X branch, fix the rest
[SIDP-396] - Previous session LoginHandler used even if authentication method has expired
[SIDP-392] - NullPointerException in LoginContext when authentication method information is null
[SIDP-388] - Add eduPersonAssurance attribute to attribute-resolver.xml config example
[SIDP-386] - Session indexes not cleared when session is destroyed
[SIDP-384] - Incorrect error message set for expired request in Shibboleth SSO Profile Handler
[SIDP-382] - Less verbose logging for failed attribute queries due to missing name-id
[SIDP-381] - Use duration notation for assertion lifetime in example config files
[SIDP-380] - Use of forwards between profile handlers and authentication engine causes problems for uApprove
[SIDP-379] - Usage of general AuthenticationException in UsernamePasswordLoginHandler
[SIDP-374] - Switch to use StaticBasicParserPool instead of BasicParserPool
[SIDP-373] - The SLF4J MDC state is not being properly cleared when request processing is done.
[SIDP-368] - Provide more acurate login error to servlet when Username/Password login authentication has failed.
[SIDP-369] - Allow to have cookie Domain set for login context cookie
[SIDP-365] - Expose uptime of IdP web application with status handler
[SIDP-362] - Only log exception message without stack trace for expired SAML messages
[SIDP-360] - Session isn't being set within the attribute request context during a SAML1 attribute query
[SIDP-359] - HttpServletHelper.getRelyingPartyConfirmationManager misnamed
[SIDP-355] - Idp reinstall from source overwrite some config files even when "no overwrite" is specified
[SIDP-301] - Remove use of events in SessionManager so that different StorageService implementations may be more easily used
[SIDP-288] - Improve consistency of XML configuration defaults/examples
[SIDP-275] - Using standard JAAS LoginException in UP LoginHandler servlet
[SC-63] - Use XML Schema duration syntax instead of integers for duration configuration options
Changes in Release 2.1.5
=============================================
[SIDP-353] - Default login.jsp crashes on anonymous RPs
Changes in Release 2.1.4
=============================================
[SIDP-340] - Default tc-config.xml causes TCNonPortableObjectError
[SIDP-342] - NameIdentifier encoder mix-up when the SP doesn't support the first NameIdentifier format
[SIDP-343] - AuthnInstant is updated even when authentication doesn't happen
[SIDP-348] - Remove Terracotta Configuration from IdP Install
[SIDP-249] - LoginContext is not removed from StorageService after Authentication Completes
[SIDP-350] - Installer does not remember installation directory when upgrading
[SIDP-351] - Attribute resolution errors shouldn't prevent valid authn statement being returned
Changes in Release 2.1.3
=============================================
[SIDP-244] - Error message on invalid ACS could be improved
[SIDP-247] - Log Exception in UP LoginHandler Servlet
[SIDP-258] - Authentication Engine does not check to ensure returned authenticaiton mechanism from Login Handler is acceptable to the SP
[SIDP-263] - Suggest adding defaultSigningCredentialRef to the AnonymousRelyingParty element in the default config
[SIDP-261] - IPAddressLoginHandler addresses comparison fails
[SIDP-265] - Distinguish requested AuthMethod and default AuthMethod
[SIDP-266] - General errors triggers error-404.jsp instead of error.jsp
[SIDP-271] - AuthenticationEngine doesn't correctly handle passive return from login servlet
[SIDP-276] - Example RDB Connector, quote principal
[SIDP-277] - Incorrect null check for request context in UsernamePasswordServlet
[SIDP-279] - IdP should log NameID for auditing
[SIDP-281] - Customize login.jsp appearance based on relying party
[SIDP-285] - Use $IDP_SCOPE$ to populate IdP scope in conf-tmpl\attribute-resolver.xml
[SIDP-291] - Update libs for 2.1.3 release
[SIDP-292] - login.jsp: wrong using of the attribute rowspan within the tag