Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.Install
Works with Drupal: ^9.2 || ^10Using Composer to manage Drupal site dependencies
Alternative installation files
Download tar.gz
107.95 KB
MD5: e1bf17472f2a9f910055e782547582d2
SHA-1: 17e9ed42ca472b7f65201ab0ecd40bad16b77772
SHA-256: e71cdce0eb601e3521923d02bd547bc8dfc7564adcae6d33c8462bf3b7d64e5c
Download zip
141.9 KB
MD5: 8eeb9e4eb76ff8829c8655dee05c198f
SHA-1: 1af6aec1b9f7f49bd2bc8e023ef53dbbd7329722
SHA-256: b179c18fe87f3fc2ba6d67464dfbe3022dfb011acc79971d501d92e0ac576cab
Release notes
To keep in mind:
- Do not be confused by the version number. Versions 8.x-3.8 and above are compatible with (only) Drupal 9.2+ and Drupal 10.
- ACSF compatibility (#3218856: v3.3 change in configuration values breaks ACSF) has not been fixed yet, as far as I'm aware.
Behavior change:
- by Mingsong, longwave: After processing login/logout, the ACS/SLS endpoints now refuse to redirect to URLS deemed unsafe, after login/logout. This only affects setups whose IdP explicitly wants to redirect to a URL whose hostname differs from the ACS endpoint. See Changelog.md for mitigation measures.
Bugfixes:
- Actually fix #3294460 by immaculatexavier (lost from 3.7) / #3308446 by Spec0, Migsong: Syntax error in SamlauthRoleMappingForm.php on line 45
Other:
- 'Configure SAML authentication' permission is marked as "Give to trusted roles only; this permission has security implications."
