v1.6.0-rc1

This version switches the SAML library back to the original upstream github.com/crewjam/saml and allows customising the cookie name for the JWT.

What's Changed

• Bump version and no longer user rancher version by @andrewheberle in #60

Full Changelog: v1.5.5...v1.6.0-rc1

v1.5.5

This release should contain no functionality changes.

What's Changed

• Update module github.com/golang-jwt/jwt/v4 to v4.5.1 [SECURITY] by @renovate in #41
• Update gcr.io/distroless/base-debian12:nonroot Docker digest to c3584d9 by @renovate in #34
• Update golang:1.22 Docker digest to 0ca97f4 by @renovate in #35
• Update module github.com/karlseguin/ccache/v3 to v3.0.6 by @renovate in #42
• Update module github.com/golang-jwt/jwt/v4 to v4.5.2 [SECURITY] by @renovate in #47
• Update module github.com/spf13/pflag to v1.0.6 by @renovate in #49
• Update gcr.io/distroless/base-debian12:nonroot Docker digest to fa5f94f by @renovate in #45
• Update golang Docker tag to v1.24 by @renovate in #38
• Migrate to github.com/andrewheberle/simplecommand by @andrewheberle in #58

Full Changelog: v1.5.4...v1.5.5

v1.5.2

This small update makes the released version match the example code shown in the v1.5.1 release notes.

v1.5.1

The default in-memory attribute store now uses a LRU caching process and expires items after 1-hour of inactivity.

This is currently hard-coded in the compiled executable, however this is configurable when using the sp package using the following example:

root, _ := url.Parse("https://localhost:8080")
store := sp.NewMemoryAttributeStore(time.Hour * 8)
serviceProvider, err := sp.NewServiceProvider("./samlsp.crt", "./samlsp.key", root, sp.WithMetadataURL("https://mocksaml.com/api/saml/metadata"), sp.WithAttributeStore(store))

v1.5.0

What's Changed

• By using a config file multiple service providers can be supported by @andrewheberle in #40

Example

With the following configuration files as config.yml:

service-providers:
- name: a
  sp-url: http://localhost:9091/a
  sp-cert: ./samlsp.crt
  sp-key: ./samlsp.key
  idp-metadata: https://mocksaml.com/api/saml/metadata
- name: b
  sp-url: http://localhost:9091/b
  sp-cert: ./samlsp.crt
  sp-key: ./samlsp.key
  idp-metadata: https://mocksaml.com/api/saml/metadata

Two service providers will be available using the following command:

./http-auth-server.exe --config config.yml

In the above configuration, the SP name is optional and mainly used for logging purposes.

Full Changelog: v1.4.1...v1.5.0

v1.3.7

This release uses a basic server side session store that holds claims based on the session ID.

The implementation is very basic with no expiry process so is likely to be problematic for high volume use.

v1.3.6

This version represents a working version that has been tested in the real world.

Known Issues

When large claims are returned by the SAML IdP the session cookie may be larger than the maximum allowed size of 4Kib, which will then be blocked by the browser.

This is an issue with the upstream and will require a custom implementation of the session codec to change how this works.

v1.0.0

This initial version provides a "semi-compatible" API to Authelia, but instead of handling authentication internally, this is handled off to a SAML Service Provider.