Install

Works with Drupal: ^8 || ^9

Using Composer to manage Drupal site dependencies

Alternative installation files

Download samlauth-8.x-3.0-alpha2.tar.gztar.gz 41.7 KB
MD5: 9d775a84fe4492021340ce9a91072c24
SHA-1: 30a2574d7ae96c21a5fff728f735c1254a0f5f94
SHA-256: c9c5cb5d6a1baa950babdc3bb787038b734924931d52b03e26682139c29d7ca2
Download samlauth-8.x-3.0-alpha2.zipzip 56.39 KB
MD5: 9d4a50d415076a90eb65639d769b30f9
SHA-1: d525663e769418f0627d13589f36cc8c90206f23
SHA-256: 171a7cbe53d7bd1a12499619b8d29e3c3d143d06ec2c6a6e9c38e69df523deba
Downloads are for manual installation, which is not recommended when using Drupal 8 or later.

Release notes

Significant issues

  • Drupal 9 compatibility (#3112135 by angela_G, japerry, glitchinfinity)
  • Fix login/logout issues with non-default language on sites with URL prefix negotiation (#2848809 by lpeabody)
  • Better support for ADFS IdPs (among others) through more configurable options; reorganized advanced options on the configuration screen
    • #3045027 by johnjw59: Allow Signing of Logout Requests
    • #3099353 by jeffam: Allow encryption of IDP assertions
    • #3086827 by Antonnavi, davidferlay, andypost, roderik: Add UI to set NameId not required
    • #3086441 by Antonnavi, nironan, roderik: add option to prevent setting NameIdPolicy in the SAML request. Fix default value for unspecified NameID format.
    • #3097401 by nguerrier, andypost: Add option to reuse signature parameters from $_SERVER['REQUEST'] to validate incoming logout requests/responses.
    • #3131028 by roderik: set security_lowercase_url_encoding to True for new installs. Also, add detailed configuration info to the README.

Other fixes

  • More work on preventing "Leaked Metadata" exceptions (#3050122)
  • #3067225 by Oleksiy: Missed samlauth.authentication:idp_entity_id config schema
  • #3087233 by piggito, davidferlay: Ignore e-mail synchronization if user_mail_attribute is empty
  • #3045553 by Leon Kessler: Prevent error when name field does not exist on user login page
  • #3103165 by nguerrier, KondratievaS: Remove default value for user name and email attributes
  • #3064958 by moshe weitzman, piggito, roderik: Drupal\Core\Entity\EntityStorageException: Constant ONELOGIN_CUSTOMPATH already defined
  • #3053187 by adamfranco: Improve error messages when account doesn't map
  • <#3092803 by rakesh.gectcr, roderik: Update composer.json php-saml dependency to one without vulnerable recursive dependencies/li>
  • #3129800 by ndrake86: Process relay state in AccessDeniedSubscriber event (fixing IdP initiated login flow)

Other enhancements

  • #3131295 by svendecabooter: Allow passing of parameters to SAML login / logout events
  • #2816991 by roderik: New debugging options for logging SAML requests/responses

Release plan

This is still another alpha release, despite the functionality being stable, because work has been focused on functionality/fixes rather than tests/API stability.

The release has been prompted by organisations' immediate need for D9 compatibility; Another alpha release may still follow soonish, containing fixes to some still outstanding issues.

Progress reported in #2882568: Plan for SAML Authentication 4.x.

Created by: roderik
Created on: 29 Apr 2020 at 18:00 UTC
Last updated: 28 Apr 2021 at 16:57 UTC
Git tag 8.x-3.0-alpha2
Bug fixes
New features
Insecure

Other releases