v2.0.0

New features

• Store IDP session index in session to allow multiple sessions per user (#255)
  • BREAKING CHANGE: single logout is enabled by default. Set Devise.saml_session_index_key to nil to disable.
  • BREAKING CHANGE: single logout session index key is now stored in session instead of as a column on the User model. Remove Devise.saml_session_index_key from your Devise config and you can drop that column from your users table after this update is deployed.

Fixes

• [refactor]use find_by instead of where + first (#233)
• Bump ruby-saml to v1.17.0 to fix CVE-2024-4540 (#256)
• Using model name in logs instead of user (#258)
• Dependency-vulnerability: ruby-saml to 1.18, updates for tests to pass (#263)

Housekeeping

• Fix Build Status on README (#238)
• Bump actions/checkout from 3 to 4 (#240)
• Add Rails 7.1 to CI (#246)
• Update README.md (#247)
  • "Surface ruby-saml's single_value_compatibility, which is easy to miss and a non intuitive default"

v1.9.1

Fixes

• Adds homepage and required_ruby_version to gemspec (#222)
• Replace deprecated OneLogin::RubySaml::Settings#issuer with sp_entity_id (#220)
• Update File.exists? reference (#223)
  • This is required for Ruby 3.2

Housekeeping

• Add Dependabot for GitHub Actions (#225)
• Bump actions/checkout from 2 to 3 (#226)
• Adds Ruby 3.2 to the CI matrix (#231)

v1.9.0

Features

• Allow proc as value for saml_create_user and saml_update_user
• Pass controller request object to idp settings adapter

Documentation

• Add more config options to README.md

v1.8.0

Features (mostly for Rails 7)

• Use strings for class names
• Refactor logging and produce info-level messages for strategy failures
• Rails 7 Support

Fixes

• Typos in the comments of the configuration example
• Update README to remove outdated comment

Internal updates

• Add Ruby 3.0 and 3.1 to CI
• Trim EOL Ruby and Rails versions out of the matrix

v1.7.0

Features

• Validate InResponseTo header in SAML responses (#195)

Fixes

• Check user signed in before init sp logout (#191)

v1.6.3

Rails support

• Use strings for class names (#185)
  • This supports the zeitwerk autoloader in Rails 6

1.6.2

Regression fixes

• Revert "return nil when creating/updating resource raises an exception" (#184)
  • This was mistakenly included in 1.6.1 and should not have been in a patch release. It breaks existing behavior, see #181 (comment) for the problem and some potential solutions.

1.6.1

Updates

• add params to metadata action to fix multi IdPs issue (#175)
• return nil when creating/updating resource raises an exception (#176)

Fixes

• Replace Model::attribute_map method (#179)

1.6.0

Features

• Added a configuration for clock drift (#145)
• added support for name identifier in SP-initiated logout (#149)
• better support for multiple IdPs: dynamic attribute mapping (#162)
• better support for relay state in IdP-initiated logout (#162)

Miscellany

• SamlException inherits from StandardError instead of Exception (#140)

1.5.0

• Support for multiple authentication strategies
• Support Rails 5.2