1.12.0 (Feb 18, 2021)

• Support AES-128-GCM, AES-192-GCM, and AES-256-GCM encryptions
• Parse & return SLO ResponseLocation in IDPMetadataParser & Settings
• Adding idp_sso_service_url and idp_slo_service_url settings. IDPMetadataParser now parse_to_hash/parse_to_array methods now retrieve those params instead idp_sso_target_url and idp_slo_target_url
• #536 Adding feth method to be able retrieve attributes based on regex
• Reduce size of built gem by excluding the test folder
• Improve protection on Zlib deflate decompression bomb attack.
• Add ValidUntil and cacheDuration support on Metadata generator
• Add support for cacheDuration at the IdpMetadataParser
• Support customizable statusCode on generated LogoutResponse
• #545 More specific error messages for signature validation
• Support Process Transform
• Raise SettingError if invoking an action with no endpoint defined on the settings
• Made IdpMetadataParser more extensible for subclasses
• #548 Add :skip_audience option
• #555 Define 'soft' variable to prevent exception when doc cert is invalid
• Improve documentation

1.11.0 (Jul 24, 2019)

• Add support for certification expiration
• Deprecate the use of settings.issuer. Use instead settings.sp_entity_id
• Add security warning about the use of nokogiri on Readme

1.10.2 (Apr 29, 2019)

• Add valid until, accessor
• Fix Rubygem metadata that requested nokogiri <= 1.5.11

1.10.1 (April 08, 2019)

• Fix ruby 1.8.7 incompatibilities

1.10.0 (Mar 21, 2019)

• Add Subject support on AuthNRequest to allow SPs provide info to the IdP about the user to be authenticated
• Improves IdpMetadataParser to allow parse multiple IDPSSODescriptors
• Improves format_cert method to accept certs with /\x0d/
• Forces nokogiri >= 1.8.2 when possible

1.9.0 (Sept 03, 2018)

• #465 Partial attributes to security settings now nullify missing ones
• Allow for allowed_clock_drift to be set as a string
• Add support for JRuby 9.2.0.0
• Code refactor and clean.

1.8.0 (April 23, 2018)

• #437 Creating AuthRequests/LogoutRequests/LogoutResponses with nil RelayState should not send empty RelayState URL param
• #454 Added Response available options
• #453 Raise a more descriptive exception if idp_sso_target_url is missing
• #452 Fix behavior of skip_conditions flag on Response
• #449 Add ability to skip authnstatement validation
• Clear cached values to be able to use IdpMetadataParser more than once
• Updated invalid audience error message

1.7.2 (Feb 28, 2018)

1.7.2 (Feb 28, 2018)

• #446 Normalize text returned by OneLogin::RubySaml::Utils.element_text

1.7.1 (Feb 28, 2018)

1.7.1 (Feb 28, 2018)

• #444 Fix audience validation for empty audience restriction

1.7.0 (Feb 27, 2018)

1.7.0

• Fix vulnerability CVE-2017-11428. Process text of nodes properly, ignoring comments