Release SVS 2.4.0
- Fixed issue with alias micro service in case the alias was not directing to a known resource
- Improved error message in case a request was made for a claim that is not allowed
- Updated consent screen and associated translations
- Updated service OIDC metadata .wellknown endpoint to better reflect supported configuration(s)
- Improved SAML support by accepting both signed assertions or signed responses
- Support for ‘affiliate’ verification removed
Release 2.3.1
- Adds dependencies to resolve interoperability with Shibboleth 4.0 IdP providing enhanced support for Shibboleth v4 encryption profiles
- Improves logging of user flow
- Localizes all js and css dependencies for consent screen.
Release SVS 2.2.0
- Resolves XSS vulnerability issue
- Resolves CVE-2020-5390 vulnerability in pySAML
- Applied fix to id persistence when restarting InAcademia
- Various minor changes to fix dependency breakage
Updated dependencies:
- Updated pyOP to 2.0.8
- Updated pySAML2 to 5.0.0
InAcademia Release 2.0
Based on feedback from our pilot partners we have improved the features of the InAcademia service. In addition some issues were fixed.
- We consolidated our SAML backend to one and for better interaction with institutions.
- We support discovery hinting
- We support redirect to a custom error page when the IdP doesn’t release necessary attributes.
- We improved support for affiliation attribute handling.
- We have improved support for getting the domain claim.
- We have improved support for generating persistent pairwise sub.
- We support generating transient pairwise sub even if we don’t get one from the institution.
- We support Identity Provider blacklisting.
- We support offloading audit logs to a log server for statistics.
- We have a new UI for the consent screen.
- We have improved error messages and handling.
