SimpleSAMLphp 1.15.0

[Jaime Perez Crespo]

Hi,

We are pleased to announce that the final release for version 1.15.0 of SimpleSAMLphp is now available for download. This release puts together a lot of work fixing bugs and adding new functionalities, and introduces some of the flagship features of the future 2.0 release. As such, I would like to thank everybody who helped making this possible. For a detailed and extensive list of changes, please refer to the changelog.

The changelog and upgrade notes are available here, respectively:

https://simplesamlphp.org/docs/1.15/simplesamlphp-changelog

https://simplesamlphp.org/docs/1.15/simplesamlphp-upgrade-notes-1.15

This release finally removes completely the need to have mcrypt installed, but this comes at the price of the dropped support for PHP 5.3. A minimum PHP version of 5.4 is now required.

This final release is available for download here:

https://simplesamlphp.org/res/downloads/simplesamlphp-1.15.0.tar.gz

You can check the integrity of this file by comparing the SHA256 digest: b96a2ac8f549f58a428cb4aa2e2873c9497751f613bac1340c94a7ee99ea5ca2

Regards,

—
Jaime Pérez
UNINETT / Feide

jaime...@uninett.no
jaime...@protonmail.com
9A08 EA20 E062 70B4 616B 43E3 562A FE3A 6293 62C2

"Two roads diverged in a wood, and I, I took the one less traveled by, and that has made all the difference."
- Robert Frost

[Patrick Radtke]

Thank you Jaime and team for the hard work and new release.

We've been running 1.15 in parts of our UAT environment and everything has worked great.

- Patrick

[Jaime Perez Crespo]

On 20 Nov 2017, at 19:37 PM, Patrick Radtke <pra...@gmail.com> wrote:
> Thank you Jaime and team for the hard work and new release.
>
> We've been running 1.15 in parts of our UAT environment and everything has worked great.

That’s great to hear, thanks a lot for the feedback Patrick!

[Kristof Bajnok]

Hi Jaime,

On 2017-11-20 11:37, Jaime Perez Crespo wrote:
> We are pleased to announce that the final release for version 1.15.0 of SimpleSAMLphp is now available for download. This release puts together a lot of work fixing bugs and adding new functionalities, and introduces some of the flagship features of the future 2.0 release.

First off, thank you for your persistent hard work on improving and
maintaining SimpleSAML. The Hungarian R&E federation runs SimpleSAML
IdPs mostly, and we all benefit from it, so we really appreciate it!

I've noticed that moving to 1.15.0 might require some adjustments from
the third party modules. Most notably the move to psr4 and to saml>=3
seems to affect our modules mostly.

How long you want to support the 1.14 branch? Do you still plan to roll
out bugfix releases to it? We are trying to determine whether we should
maintain support for SSP 1.14 in our modules or just bump the
requirement to SimpleSAML>=1.15, once we are done with the fixes.

Also, what are your plans, to what extent will the new 2.0 release
differ from the 1.15 line? What are the expected major changes?

Cheers,
Kristof

[Jaime Perez Crespo]

Hi Kristof!

Sorry for the delay. Your message got trapped as spam and I didn’t get the report until today. Are you subscribed to the mailing list with this address? Subscribers shouldn’t get marked as spam...

> On 23 Nov 2017, at 15:14 PM, Kristof Bajnok <baj...@niif.hu> wrote:
> Hi Jaime,
>
> On 2017-11-20 11:37, Jaime Perez Crespo wrote:
>> We are pleased to announce that the final release for version 1.15.0 of SimpleSAMLphp is now available for download. This release puts together a lot of work fixing bugs and adding new functionalities, and introduces some of the flagship features of the future 2.0 release.
>
>
> First off, thank you for your persistent hard work on improving and
> maintaining SimpleSAML. The Hungarian R&E federation runs SimpleSAML
> IdPs mostly, and we all benefit from it, so we really appreciate it!

Good to hear it’s useful for you!

> I've noticed that moving to 1.15.0 might require some adjustments from
> the third party modules. Most notably the move to psr4 and to saml>=3
> seems to affect our modules mostly.

In general, the changes should not affect backwards compatibility. We have an autoloader in place that makes classes available both with PSR-0 and PSR-4 names. What kind of issues have you noticed?

> How long you want to support the 1.14 branch? Do you still plan to roll
> out bugfix releases to it? We are trying to determine whether we should
> maintain support for SSP 1.14 in our modules or just bump the
> requirement to SimpleSAML>=1.15, once we are done with the fixes.

In general, every time we’ve released a new minor version, we stopped supporting the previous. Considering how many releases we’ve had in the 1.14 branch, I think it makes sense to let it go. On the other hand, if 1.15 proves difficult to upgrade and we find a security issue, it might be worth getting a bugfix release on the 1.14 branch. In any case, I wouldn’t expect regular bugfixes there now.

> Also, what are your plans, to what extent will the new 2.0 release
> differ from the 1.15 line? What are the expected major changes?

The idea behind 2.0 is to use the change in major version to break lots of stuff we’ve been keeping for 10 years now. The biggest changes will be the new user interface and a new translation system. Both subsystems are already available in 1.15, and we are developing everything on top of that. This allows people having custom modules or themes to start migrating to the new system while it coexists with the old. That way, the migration is much easier, and you don’t have to worry about coordinating changes to modules / themes with the upgrade to 2.0. The goal is to have two separate user interfaces, one for end users, and one for administrators.

We’re going to focus on this during the workshop in Utrecht in December. It would be a good opportunity to learn more about it and help us moving forward. Have you considered joining?

[Patrick Radtke]

Dave,

The url looks like you are doing https on port 80. Is that correct?
What is your baseurlpath (in config.php) set to?

-Patrick


On Thu, Nov 30, 2017 at 6:47 AM, <ouja...@gmail.com> wrote:
> Hello,
>
> We installed (upgraded) to 1.15.0. It logs us in, but then throws this PHP
> error:
>
> SimpleSAML_Error_Error: UNHANDLEDEXCEPTION
> Backtrace:
> 1 www/_include.php:45 (SimpleSAML_exception_handler)
> 0 [builtin] (N/A)
> Caused by: SimpleSAML_Error_Exception: URL not allowed:
> https://xxxxxx.xxx.xxxx.xxx:80/web-login (x's substituted for actual URL)
> Backtrace:
> 2 lib/SimpleSAML/Utils/HTTP.php:375 (SimpleSAML\Utils\HTTP::checkURLAllowed)
> 1 modules/saml/www/sp/saml2-acs.php:116 (require)
> 0 www/module.php:135 (N/A)

>
>
>
> On Monday, November 20, 2017 at 5:38:05 AM UTC-5, Jaime Pérez wrote:
>>

> --
> This is a mailing list for users of SimpleSAMLphp, not a support service. If
> you are willing to buy commercial support, please take a look here:
>
> https://simplesamlphp.org/support
>
> Before sending your question, make sure it is related to SimpleSAMLphp, and
> not your web server's configuration or any other third-party software. This
> mailing list cannot help with software that uses SimpleSAMLphp, only
> regarding SimpleSAMLphp itself.
>
> Make sure to read the documentation:
>
> https://simplesamlphp.org/docs/stable/
>
> If you have an issue with SimpleSAMLphp that you cannot resolve and reading
> the documentation doesn't help, you are more than welcome to ask here for
> help. Subscribe to the list and send an email with your question. However,
> you will be expected to comply with some minimum, common sense standards in
> your questions. Please read this carefully:
>
> http://catb.org/~esr/faqs/smart-questions.html
> ---
> You received this message because you are subscribed to a topic in the
> Google Groups "SimpleSAMLphp" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/simplesamlphp/IMkQMJDBew0/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> simplesamlph...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

[Peter Schober]

* ouja...@gmail.com <ouja...@gmail.com> [2017-11-30 15:47]:

> Caused by: SimpleSAML_Error_Exception: URL not allowed:
> https://xxxxxx.xxx.xxxx.xxx:80/web-login

Your misconfigured server (or incorrect baseurlpath) seems to trip up
the "trusted sites" check, cf.:
https://github.com/simplesamlphp/simplesamlphp/blob/simplesamlphp-1.15/config-templates/config.php#L125

-peter

[David Hannum]

No we were not doing https on Port 80.  I upgraded the Drupal module (SimpleSAMLphp_Auth) and we're gold!  

Thank you all for all your help!

Dave

> simplesamlphp+unsubscribe@googlegroups.com.

> For more options, visit https://groups.google.com/d/optout.

--
This is a mailing list for users of SimpleSAMLphp, not a support service. If you are willing to buy commercial support, please take a look here:

https://simplesamlphp.org/support

Before sending your question, make sure it is related to SimpleSAMLphp, and not your web server's configuration or any other third-party software. This mailing list cannot help with software that uses SimpleSAMLphp, only regarding SimpleSAMLphp itself.

Make sure to read the documentation:

https://simplesamlphp.org/docs/stable/

If you have an issue with SimpleSAMLphp that you cannot resolve and reading the documentation doesn't help, you are more than welcome to ask here for help. Subscribe to the list and send an email with your question. However, you will be expected to comply with some minimum, common sense standards in your questions. Please read this carefully:

http://catb.org/~esr/faqs/smart-questions.html
---
You received this message because you are subscribed to a topic in the Google Groups "SimpleSAMLphp" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/simplesamlphp/IMkQMJDBew0/unsubscribe.

To unsubscribe from this group and all its topics, send an email to simplesamlphp+unsubscribe@googlegroups.com.