New Auditors
- Checks for SAML Clients and IDPs 🥳 by @FeSuert in #192
- New Auditor: OfflineSessionMaxLifespanDisabled by @erenkan in #210
- Add auditor for invalid webOrigins entries by @dasniko in #213
- Add auditor for undefined scheme in post_logout_redirect_uris by @dasniko in #214
- Add auditor for wildcard webOrigins by @dasniko in #215
- Add monitor for composite roles containing a sensitive role by @dasniko in #219
- Add Federated JWT as recommended client authentication method by @dasniko in #233
Fixes and Code Quality
- Code Quality: Avoid directly accessing the _d object by @malexmave in #187
- Fix incorrect wildcard handling in redirect URIs by @malexmave in #222
- Configure cooldown settings for dependabot by @malexmave in #225
- Update more docs with link to new monitor by @malexmave in #224
- Fix Dockerfile formatting: standardize 'AS' keyword usage by @dasniko in #231
- Expose notes on monitor matches by @malexmave in #234
- Improve/update CI/CD config by @twwd in #246
- Fix unset redirect URI docs by @malexmave in #256
- Bug: Fix unintended state mutation in group role inheritance logic by @malexmave in #258
- Change group index to path instead of name by @malexmave in #261
- Fix behavior of
get_effective_roles_for_service_accountby @malexmave in #259
New Contributors
Full Changelog: v0.16.0...v0.17.0