News:
- Micro services can implement callbacks in the same way as front-/backends. See a demo for a micro service using this new functionality to display a UI for 2-factor authentication here. Note the changed requirements for
MicroService.process()(subclasses has to callprocess()in the super class). - Account linking and consent are micro services of SATOSA instead of special cases. This will require configuration upgrades, see the examples here and here respectively.
OpenIDConnectFrontendsupports multiple configured backends. It just requires a request micro services to do the custom routing to specific backends based on something in the request (perhaps the OpenID Connect 'scope' parameter?).
Fixes:
SAMLMirrorFrontendregisters a much more restrictive regular expression for matching requests.- Pass the incoming request to request micro services, instead of clearing it before it's passed on.
- Update the consent micro service to work with the updated API of the external service.
- Include
jwks_uriin the provider configuration information published byOpenIDConnectFrontend.
Improvements:
- Added tests for account linking and consent micro services.
- Make --split-{frontend,backend} option of the
satosa-saml-metadatascript proper flags (so they don't require an extra argument). - Simplified config for account linking and consent now that they're micro services.
- Upgraded
pyopdependency to get a fix for token error at userinfo endpoint inOpenIDConnectFrontend.