blob: 149c6b29d3f8dc72bc769059e2423f33fe346b9e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
|
Version 0.1.1
---------------------------------------------------------------------------
* MellonSecureCookie option, which enables Secure + HttpOnly flags on
session cookies.
* Better handling of logout request when the user is already logged out.
Version 0.1.0
---------------------------------------------------------------------------
* Better support for BSD.
* Support for setting a IdP CA certificate and SP certificate.
* Support for loading the private key during web server initialization.
With this, the private key only needs to be readable by root. This
requires a recent version of Lasso to work.
* Better DOS resistance, by only allocating a session when the user has
authenticated with the IdP.
* Support for IdP initiated login. The MellonDefaultLoginPath option can
be to configure which page the user should land on after authentication.
Version 0.0.7
---------------------------------------------------------------------------
* Renamed the logout endpoint from "logoutRequest" to "logout".
"logoutRequest" is now an alias for "logout", and may be removed in the
future.
* Added SP initiated logout. To initiate a logout from the web site, link
the user to the logout endpoint, with a ReturnTo parameter with the url
the user should be redirected to after being logged out. Example url:
"https://www.example.com/secret/endpoint/logout
?ReturnTo=http://www.example.com/". (Note that this should be on a
single line.)
* Fixed a memory leak on login.
* Increased maximum Lasso session size to 8192 from 3074. This allows us to
handle users with more attributes.
* Fixed handling of multiple AttributeValue elements in response.
|