Release Notes

Release SVS 4.0.0 (22nd August 2022)

  • Adds support for Authorization Code Grant. Implicit flow will continue to be supported, until end of 2023 or until the IETF OAuth Working Group specifies removal from Best Practice (whichever is sooner).  Further information can be found in our Implementation Guidelines. Requires no changes to merchant workflows unless the merchant wishes to use this flow. Please contact us if you would like to update your workflow from Implicit to Authorization Code Grant.
  • Adds support for SATOSA 8.1.1
  • Scope now returned in the id_token

Release SVS 3.3.0 (9th May 2022)

  • Adds support for aarc_idp_hint parameter, requiring expression of IdP Hints using URL-encoded entityIDs. Note that support for the idp_hint claim and idp_hint parameter are now scheduled for deprecation and will be removed from support in August 2022.
  • IdP Hint of the requested IdP will be returned in the id_token by default when expressed using either the idp_hint or aarc_idp_hint parameter.
  • Add support for pysaml2 v7.1.1
  • Further enhancements to internal logging and debugging capabilities.

Release SVS 3.2.0 (31st January 2022)

  • Support for SATOSA v8.0.0
  • Language at consent will be pre-set based on the user’s locale.
  • Further enhancements to internal logging and debugging capabilities.

Release SVS 3.1.2 (17th November 2021)

  • User consent screen has been re-designed for optimised for mobile device responsiveness:
    • Action buttons shuffle above the narrative on mobile screens (e.g. portrait view iPhone X, iPhone 6/7/8 Plus, iPhone 5/SE, Galaxy S5, Galaxy S9)
    • Merchant logo is removed on very small mobile screens in portrait view (but remains on landscape view)
    • This is designed to ensure that users are presented with the most vital pieces of information and are explicitly aware that action is required to proceed.
  • Handle users that click ‘OK, accept’ multiple times at consent.
  • Further logging and debugging enhancements.

Release SVS 3.1.1 (5th November 2021)

  • User consent screen translated to Turkish
  • User consent screen translated to Czech

Release SVS 3.1.0 (29th October 2021)

  • User consent screen re-designed to present high-level description and affiliation to be verified before an expandable detailed information section.
  • Improved handling of ‘state lost’ at consent: users that click back after indicating deny/accept consent will now be directed to https://inacademia.org/error-transaction-already-completed/ and encouraged to return to the merchant’s website.
  • Any uncaught exceptions will now be directed to: https://inacademia.org/unknown-error/ which encourages the user to return to the merchant’s website.
  • Further enhancements to internal logging and debugging capabilities.

Release SVS 3.0.0 (25th August 2021)

  • Support for SaToSa v7.0.3
  • User consent screen translated to Italian and Swedish
  • Adds support for subject_id (refer to reuse_detection feature released in v2.8.0)
  • Improved handling of ‘state lost’ at consent.
  • User consent screen now presents only the claims to be validated, not all claims received.
  • Further enhancements to internal logging and debugging capabilities.

Release SVS 2.8.0 (28th June 2021)

  • Updates existing error handling in the event
    • that an invalid or mismatching redirect_uri is received or if the redirect_uri is missing
    • an invalid client_id is received or if the client_id is missing
    • an invalid scope is received
    • an invalid or unsupported response_type is received or if the response_type is missing
  • Introduces the new ‘reuse detection’ feature alongside support for pairwise_id
  • Now supports affiliations returned in uppercase format
  • Consent screen now supports French language snd presents only the affiliations to be validated for the merchant
  • Further enhancements to internal logging, monitoring and debugging capabilities

Release SVS 2.7.0 (25th February 2021)

  • Improves error handling in the event that an unsupported claim is received
  • Introduces error handling in the event that a claim in an unsupported format is received
  • Introduces handling for an entityID error.
  • Further enhancements to internal logging, monitoring and debugging capabilities

IdP_hinting (16th February 2021)

  • Fixes for UTF-8 encoding in IdP_hinting

Release SVS 2.6.1 (25th January 2021)

  • Incorporates PySAML2 version 6.5.1

Release SVS 2.6.0 (14th December 2020)

  • Implemented enhancements to specified error flows
  • Minor update to consent details
  • Further enhancements to internal logging, monitoring and debugging capabilities

Release SVS 2.5.0 (30th November 2020)

  • Implemented new ‘Assert idp_hint’ feature
  • Enabled new ‘Attribute override’ feature
  • Implemented enhancements to specified error flows

Release SVS 2.4.0

  • Fixed issue with alias micro service in case the alias was not directing to a known resource
  • Improved error message in case a request was made for a claim that is not allowed
  • Updated consent screen and associated translations
  • Updated service OIDC metadata .wellknown endpoint to better reflect supported configuration(s)
  • Improved SAML support by accepting both signed assertions or signed responses
  • Support for ‘affiliate’ verification removed

Release 2.3.1

  • Adds dependencies to resolve interoperability with Shibboleth 4.0 IdP providing enhanced support for Shibboleth v4 encryption profiles
  • Improves logging of user flow
  • Localizes all js and css dependencies for consent screen.

Release SVS 2.2.0

  • Resolves XSS vulnerability issue
  • Resolves CVE-2020-5390 vulnerability in pySAML
  • Applied fix to id persistence when restarting InAcademia
  • Various minor changes to fix dependency breakage

Updated dependencies:

  • Updated pyOP to 2.0.8
  • Updated pySAML2 to 5.0.0

InAcademia Release 2.0

Based on feedback from our pilot partners we have improved the features of the InAcademia service. In addition some issues were fixed.

  • We consolidated our SAML backend to one and for better interaction with institutions.
  • We support discovery hinting
  • We support redirect to a custom error page when the IdP doesn’t release necessary attributes.
  • We improved support for affiliation attribute handling.
  • We have improved support for getting the domain claim.
  • We have improved support for generating persistent pairwise sub.
  • We support generating transient pairwise sub even if we don’t get one from the institution.
  • We support Identity Provider blacklisting.
  • We support offloading audit logs to a log server for statistics.
  • We have a new UI for the consent screen.
  • We have improved error messages and handling.
Skip to content