v1.0.0

Dependencies

• Upgrade xml-crypto to 1.0.2. Thanks to @elahti

Node Release support

• Node 4 is no longer supported due to EOL status. BREAKING CHANGE.

Validation improvements

• Fixes #180: Signature validation will error if empty signature is provided. BREAKING CHANGE. Thanks to @andrsnn
• Validate issuer on logout requests/responses if configured. Thanks to @stavros-wb
• Handle case of missing InResponseTo when validation is on. Thanks to @cjbarth

Features

• Improve Microsoft Outlook compatibility by handling null as well as undefined Thanks to @sibelius
• Support redirect for Logout flows. Thanks to @stavros-wb
• Adding signing key in the metadata service provider generation BREAKING CHANGE. Thanks to @tmoiron.
• Extend and document the profile opbject. Thanks to @cjbarth
• #298 Thanks to @cjbarth
• Support dynamic SAML configuration lookup Thanks to @stavros-wb

Docs

• Fix typo in README.

v0.35.0

Internals

• Add initial support for DEBUG="passport-saml". (@markstos)

v0.34.0

Internals

• Provide unique diagnostic messages for six different cases where "Invalid Signature" was returned beforej (Thanks to @markstos, resolves #146)

v0.33.0

• Add support for setting the strategy name, allowing multiple saml target configurations (Thanks to @markstos)

• document that disableRequestedAuthnContext:true helps with Active Directory (Thanks to @markstos)

• document that cert: refers to the signature certification, not the encryption certificate. (Thanks to @markstos)

v0.32.1

• Add support for Audience validation (Thanks to @beneidel)

• README typo fix (Thanks to @teppeis)

v0.31.0

• Add support for multiple certs (Thanks to @richjharris)

• Add support for fetching certs with async call rather than hardcoding
  them. (Thanks to @richjharris)

• Add troubleshooting section to ADSF docs (Thanks to @cadesalaberry)

v0.30.0

• Dropped support for Node < 4, because our current dependencies require it.
• Improved Security: We now use crypto.randomBytes for ID generation instead Math.random (#235),
  thanks to @autopulated
• BugFix: We now fail gracefully when the SAML response format is invalid (#238, thanks to @markstos)
• Docs: privateKey docs are improved

v0.20.2

• Bump dependencies

v0.20.1

• BugFix: No longer crash when a bad private cert is used.

v0.20.0

• Security: bump xml-encryption to 0.11.0
• Deps: We now require Node 0.10.0 as a minimum version because xml-encryption does.
• README improvements
• Build: Fix jslint build failures
• Internal: refactor tests for clarity