- NLRFIM-168: Support AppSwitch extension on AuthnRequest in Java OIO SAML 3
- NLRFIM-120: Support SOAP bindings in Java OIO SAML 3
- NLRFIM-121: Session handling and storage in Java OIO SAML 3
- NLRFIM-123: Replay protection in Java OIO SAML 3
- CVE-2021-45105, CVE-2021-44832: Update log4j-core to version 2.17.1
- NLRFIM-153: Fail when trying to load configured credentials and private key is missing
- NLRFIM-139: Absolute path OIOSAML configuration
- CVE-2021-44228: Update log4j-core to version 2.16.0
- NLRFIM-109: Logging for Java OIO SAML 3
- NLRFIM-124: ResponseLocation is optional cf. section 2.2.2 in OASIS SAML 2 Metadata and hence if attribute is not present NULL check must be performed.
- NLRFIM-125: Missing KeyInfo in XML signature.
- NLRFIM-115: Custom URL paths in Java
- NLRFIM-130: Store query parameters in session when redirecting to IdP.
- NLRFIM-128: Update local IDP stub to fix runtime problems in the demo
- NLRFIM-110: Java OIO SAML 3 clock controls seconds instead of minutes
First official release based on OpenSAML 3.
- NLRFIM-100: Patch security issues in OIO SAML 2 version based on OpenSAML 2.6 (https://nvd.nist.gov/vuln/detail/CVE-2015-7501 and https://nvd.nist.gov/vuln/detail/CVE-2013-5960)
- NLRFIM-126: Dead lock in session handling (https://www.digitaliser.dk/forum/6259878)
Stable OIO SAML 2 reference implementation.