- Allow configuration and specification of id attribute name - Retrieve SLO endpoint by the appropriate service type - Deprecate AESCipher and aes.py module - Add saml2.cryptography module - Always generate a random IV for AES operations / Address CVE-2017-1000246 - Remove unused and broken RSA code - Add more nameid-format definitions - Remove invalid nameid-format - Retrieve pacakge version from pkg_resources - Fully replace Cryptodome library with cryptography - Fix SSRF caused by URI attribute of Reference element - Omit relay state in HTTP-POST response when empty - Fix eidas natural person attribute URIs - Add eidas attributes for legal person to saml2_uri attributemap - Fix deprecation and resource warnings. - Fix date format to show month, not minutes - Fix typos - s2repoze: Define session_info variable before use - s2repoze: Correctly pull the SAMLRequest from Redirect LogoutRequests - s2repoze: Include SCRIPT_NAME when checking whether current URL is a logout endpoint - tests: Document and test all supported Python versions - tests: Generate and upload coverage reports to codecov - tests: Include dependencies information in test report - tests: Run tests in verbose mode - tests: Clean up unclosed files causing ResourceWarnings - build: Set minimal version for cryptography package - build: Set the correct version in the docs - build: Update build manifest to include the correct files - build: Switch from setup.py to setup.cfg - docs: Add editorconfig file with basic rules - docs: Update gitignore file - docs: Remove downloads badge as it is no longer available - docs: Update all pypi.python.org URLs to pypi.org - docs: Updated license and renamed the file. - examples: Do not request a signed response - backwards compatibility - examples: Fix wsgiserver usage for example sp - examples: Fix cherrypy.wsgiserver usage
4.5.0
Not secure
**Breaking release!**
The SP by default now, requires the IdP to _sign authentication responses_. This is configurable through the [`want_response_signed`][0] option. To preserve the old behaviour, set `want_response_signed` to `False`.