- Several security improvements:
- Conditions element required and unique.
- AuthnStatement element required and unique.
- SPNameQualifier must math the SP EntityID
- Reject saml:Attribute element with same “Name” attribute
- Reject empty nameID
- Require Issuer element. (Must match IdP EntityID).
- Destination value can't be blank (if present must match ACS URL).
- Check that the EncryptedAssertion element only contains 1 Assertion element.
- #335 Explicitly parse as XML and fix setting of Nokogiri options.
- #345 Support multiple settings.auth_context
- #342 Correct the usage of Mutex
- #352 Support multiple AttributeStatement tags
- More tests to prevent XML Signature Wrapping