Install
Works with Drupal: 7.xUsing Composer to manage Drupal site dependencies
Downloads
Release notes
Please check when installing:
The "Allow SAML users to login directly with Drupal" did exactly the opposite from what it said: it would only allow SAML users to log using the Drupal login screen, when it was deselected. The code has now been changed to do what the option says, so the behavior will change after installing the new version.
Also, it is recommended to walk through the new options on the configuration screen and select them if appropriate (e.g. 'Strict mode' which is recommended to enable if at all possible).
All issues addressed:
#3113451 by nironan: "Allow SAML users to login directly with Drupal" not working
#3043713 by klausi: set baseurl in Saml2\Settings (Note roderik: this likely enables working behind a reverse proxy without additional configuration.)
#3044116 by klausi: Update SAML Auth library to version 3 for PHP 7.2
#3043711 by klausi: Imrove watchdog logging to better track errors
Implement SLS:
- #2981952 by terrywmc: Fix for SLS path not found and timezone warning when creating new user
- #3043704 by klausi: Make user logout more robust
- #3065889 by smfsh, nironan, klausi, roderik: Actually implement SLS, which also fixes open redirect introduced in #2981952
More options to configure checks in the SAML conversation:
- #3043713 by klausi, nironan, roderik: Do not use insecure SHA-1 digest and use strict response checking
- #3086441 by Antonnavi, nironan, roderik: fix Invalid response, status: InvalidNameIDPolicy
- #3004680 by roderik: take over configuration options from D8 version and add 'Require assertions to be signed'.