Release SVS 3.3.0 (9th May 2022)
- Adds support for aarc_idp_hint parameter, requiring expression of IdP Hints using URL-encoded entityIDs. Note that support for the idp_hint claim and idp_hint parameter are now scheduled for deprecation and will be removed from support in August 2022.
- IdP Hint of the requested IdP will be returned in the id_token by default when expressed using either the idp_hint or aarc_idp_hint parameter.
- Add support for pysaml2 v7.1.1
- Further enhancements to internal logging and debugging capabilities.
Release SVS 3.2.0 (31st January 2022)
- Support for SATOSA v8.0.0
- Language at consent will be pre-set based on the user’s locale.
- Further enhancements to internal logging and debugging capabilities.
Release SVS 3.1.2 (17th November 2021)
- User consent screen has been re-designed for optimised for mobile device responsiveness:
- Action buttons shuffle above the narrative on mobile screens (e.g. portrait view iPhone X, iPhone 6/7/8 Plus, iPhone 5/SE, Galaxy S5, Galaxy S9)
- Merchant logo is removed on very small mobile screens in portrait view (but remains on landscape view)
- This is designed to ensure that users are presented with the most vital pieces of information and are explicitly aware that action is required to proceed.
- Handle users that click ‘OK, accept’ multiple times at consent.
- Further logging and debugging enhancements.
Release SVS 3.1.1 (5th November 2021)
- User consent screen translated to Turkish
- User consent screen translated to Czech
Release SVS 3.1.0 (29th October 2021)
- User consent screen re-designed to present high-level description and affiliation to be verified before an expandable detailed information section.
- Improved handling of ‘state lost’ at consent: users that click back after indicating deny/accept consent will now be directed to https://inacademia.org/error-transaction-already-completed/ and encouraged to return to the merchant’s website.
- Any uncaught exceptions will now be directed to: https://inacademia.org/unknown-error/ which encourages the user to return to the merchant’s website.
- Further enhancements to internal logging and debugging capabilities.
Release SVS 3.0.0 (25th August 2021)
- Support for SaToSa v7.0.3
- User consent screen translated to Italian and Swedish
- Adds support for subject_id (refer to reuse_detection feature released in v2.8.0)
- Improved handling of ‘state lost’ at consent.
- User consent screen now presents only the claims to be validated, not all claims received.
- Further enhancements to internal logging and debugging capabilities.
Release SVS 2.8.0 (28th June 2021)
- Updates existing error handling in the event
- that an invalid or mismatching redirect_uri is received or if the redirect_uri is missing
- an invalid client_id is received or if the client_id is missing
- an invalid scope is received
- an invalid or unsupported response_type is received or if the response_type is missing
- Introduces the new ‘reuse detection’ feature alongside support for pairwise_id
- Now supports affiliations returned in uppercase format
- Consent screen now supports French language snd presents only the affiliations to be validated for the merchant
- Further enhancements to internal logging, monitoring and debugging capabilities
Release SVS 2.7.0 (25th February 2021)
- Improves error handling in the event that an unsupported claim is received
- Introduces error handling in the event that a claim in an unsupported format is received
- Introduces handling for an entityID error.
- Further enhancements to internal logging, monitoring and debugging capabilities
IdP_hinting (16th February 2021)
- Fixes for UTF-8 encoding in IdP_hinting
Release SVS 2.6.1 (25th January 2021)
- Incorporates PySAML2 version 6.5.1
Release SVS 2.6.0 (14th December 2020)
- Implemented enhancements to specified error flows
- Minor update to consent details
- Further enhancements to internal logging, monitoring and debugging capabilities
Release SVS 2.5.0 (30th November 2020)
- Implemented new ‘Assert idp_hint’ feature
- Enabled new ‘Attribute override’ feature
- Implemented enhancements to specified error flows
Release SVS 2.4.0
- Fixed issue with alias micro service in case the alias was not directing to a known resource
- Improved error message in case a request was made for a claim that is not allowed
- Updated consent screen and associated translations
- Updated service OIDC metadata .wellknown endpoint to better reflect supported configuration(s)
- Improved SAML support by accepting both signed assertions or signed responses
- Support for ‘affiliate’ verification removed
Release 2.3.1
- Adds dependencies to resolve interoperability with Shibboleth 4.0 IdP providing enhanced support for Shibboleth v4 encryption profiles
- Improves logging of user flow
- Localizes all js and css dependencies for consent screen.
Release SVS 2.2.0
- Resolves XSS vulnerability issue
- Resolves CVE-2020-5390 vulnerability in pySAML
- Applied fix to id persistence when restarting InAcademia
- Various minor changes to fix dependency breakage
Updated dependencies:
- Updated pyOP to 2.0.8
- Updated pySAML2 to 5.0.0
InAcademia Release 2.0
Based on feedback from our pilot partners we have improved the features of the InAcademia service. In addition some issues were fixed.
- We consolidated our SAML backend to one and for better interaction with institutions.
- We support discovery hinting
- We support redirect to a custom error page when the IdP doesn’t release necessary attributes.
- We improved support for affiliation attribute handling.
- We have improved support for getting the domain claim.
- We have improved support for generating persistent pairwise sub.
- We support generating transient pairwise sub even if we don’t get one from the institution.
- We support Identity Provider blacklisting.
- We support offloading audit logs to a log server for statistics.
- We have a new UI for the consent screen.
- We have improved error messages and handling.