v3.15.0

This release introduces a new feature that allows the extraction of custom attributes from the SAML Response during user identity processing. The new hook function, TRIGGER.EXTRACT_USER_IDENTITY, accepts two parameters:

1. A user dictionary that has been processed by the extract_user_identity function.
2. A decoded but unvalidated AuthnResponse object, provided as a raw XML string.

If this function is implemented, it MUST return the user dictionary or optionally enrich it with additional attributes extracted from the AuthnResponse.

Warning

This hook function receives an unvalidated and unverified raw XML string. Extreme caution is required to validate the attributes before using them. For example, the Issuer and NameID attributes should at minimum be verified to contain a valid URL and URN, respectively. For further details, refer to this discussion.

What's Changed

• Extract user identity hook by @mostafa in #344

Full Changelog: v3.13.0...v3.15.0

v3.14.0

What's Changed

• Update README.md - replaced url() with re_path() by @oussjarrousse in #229
• Update README.md by @tsr10 in #269
• Log exception traceback if DEBUG is enabled by @mostafa in #281
• Revamp tooling by @mostafa in #286
• Bump types-setuptools from 68.0.0.3 to 69.5.0.20240423 by @dependabot in #279
• Bump pysaml2 from 7.4.2 to 7.5.0 by @dependabot in #289
• Bump setuptools from 67.8.0 to 69.5.1 by @dependabot in #287
• Bump interrogate from 1.5.0 to 1.7.0 by @dependabot in #288
• Bump cyclonedx-bom from 3.11.0 to 4.4.3 by @dependabot in #292
• Update README.md by @rrauenza in #296
• Fix NameIdFormat policy naming to comply with PySaml2 by @CodeGuro in #264
• Long awaited refactoring by @mostafa in #339
• Allow claims-like attribute keys by @wrabit in #253
• feat(trigger): add custom get metadata hook by @sgabb in #342

New Contributors

• @oussjarrousse made their first contribution in #229
• @tsr10 made their first contribution in #269
• @rrauenza made their first contribution in #296
• @CodeGuro made their first contribution in #264
• @wrabit made their first contribution in #253

Full Changelog: v3.12.0...v3.14.0

v3.12.0

This release contains version updates, deprecation and fixes to encryption. Support for Python 3.7 and 3.8 are removed, as well as Django 4.0 and 4.1. The encryption in this library was tricky, and with fixes by @gregorywong, it is supposed to work as expected. If you are already using CERT_FILE and KEY_FILE parameters, you don't need to touch anything, as the ENCRYPTION_KEYPAIRS will be automatically populated. Also, pysaml2 is updated to 7.4.2 to add support for xmlsec1 v.1.3.x, thanks to @mvbattista. The other dependencies are updated as well.

What's Changed

• Bump pyjwt from 2.7.0 to 2.8.0 by @dependabot in #193
• Bump responses from 0.23.1 to 0.23.3 by @dependabot in #197
• Add ENCRYPTION_KEYPAIRS to settings by @gregorywong in #216
• Release v3.12.0 by @mostafa in #218

New Contributors

• @gregorywong made their first contribution in #216
• @mvbattista made their first contribution in #218 (#204)

Full Changelog: v3.11.0...v3.12.0

v3.11.0

This release contains 3 important features:

1. Long sought-after debugging. See how to debug.
2. Support for key and certificate files, configurable via KEY_FILE: str and CERT_FILE: str respectively, thanks to @sgabb.
3. Support for creating groups if they don't exist in Django based on incoming IdP group attribute statements, configurable via CREATE_GROUPS: bool, thanks to @santigandolfo.

What's Changed

• Bump coverage from 7.2.6 to 7.2.7 by @dependabot in #171
• feat(settings): add cert and key file by @sgabb in #176
• Add proper debug config by @mostafa in #185
• Add CREATE_GROUPS boolean to Settings by @santigandolfo in #191
• Release v3.11.0 by @mostafa in #186

New Contributors

• @santigandolfo made their first contribution in #191

Full Changelog: v3.10.0...v3.11.0

v3.10.0

What's Changed

• Bump responses from 0.21.0 to 0.22.0 by @dependabot in #98
• Bump types-setuptools from 65.4.0.0 to 65.5.0.1 by @dependabot in #99
• Bump pyjwt from 2.5.0 to 2.6.0 by @dependabot in #100
• [Snyk] Security upgrade setuptools from 39.0.1 to 65.5.1 by @mostafa in #123
• [Snyk] Security upgrade setuptools from 39.0.1 to 65.5.1 by @snyk-bot in #113
• Bump pytest from 7.1.3 to 7.2.0 by @dependabot in #102
• Bump django-stubs from 1.12.0 to 1.13.1 by @dependabot in #118
• Bump types-setuptools from 65.5.0.1 to 65.6.0.3 by @dependabot in #126
• Bump cyclonedx-bom from 3.6.3 to 3.10.1 by @dependabot in #122
• login page redirect url passed as RelayState instead of "login_next_url" by @gnuman in #164
• Update dependencies by @mostafa in #170

New Contributors

• @snyk-bot made their first contribution in #113
• @gnuman made their first contribution in #164

Full Changelog: v3.9.0...v3.10.0

v3.9.0

What's Changed

• Adds support for configurable authentication backends by @henxing in #72
• Add GET_USER to TRIGGER actions by @paoloromolini in #88
• Creating user with custom function by @UraizAli and @mostafa in #93
• Release v3.9.0 by @mostafa in #92
• Update dependencies to latest versions by @mostafa in #97
• Fix issues with coverage report to coveralls.io by @mostafa in fae23d5, 107919a and 2d5a668
• Update README by @mostafa in c6c78c5 and 8446374

New Contributors

• @henxing made their first contribution in #72
• @paoloromolini and @TamaraNocentini made their first contribution in #88
• @UraizAli made their first contribution in #93

Full Changelog: v3.8.0...v3.9.0

v3.8.0

What's Changed

• Bump types-setuptools from 57.4.14 to 57.4.17 by @dependabot in #53
• Bump django-stubs from 1.10.1 to 1.11.0 by @dependabot in #48
• Bump dictor from 0.1.9 to 0.1.10 by @dependabot in #50
• Bump responses from 0.20.0 to 0.21.0 by @dependabot in #51
• Retrieve user_id from SAML unverified response by @rafa-munoz in #56
• Update config variables to reflect code by @mvbattista in #62

New Contributors

• @mvbattista made their first contribution in #62

Full Changelog: v3.7.0...v3.8.0

v3.7.0: Security fix release

What's Changed

• [Snyk] Security upgrade pyjwt from 2.3.0 to 2.4.0 by @mostafa in #45
• Lots of changes to CI/CD process for creating SBOM artifacts along with using a separate requirements file, and also adding status badges by @mostafa in 6cc22cc 76db855 c0867a7 82e6383 7b0f9cf b1c1f89

Full Changelog: v3.6.1...v3.7.0

v3.6.1

What's Changed

• Add cyclonedx-bom for generating SBOMs for requirements files by @mostafa in #42

Full Changelog: v3.6.0...v3.6.1

v3.6.0

What's Changed

• Bump pytest from 7.1.1 to 7.1.2 by @dependabot in #39
• Publish an official package to PyPI by @mostafa in #40 (available as grafana-django-saml2-auth)

Full Changelog: v3.5.1...v3.6.0