[Release] Lasso 2.3
- update the NEWS file - add abi-2.3 file - update DOAP files - update lasso website template - add temporary message to download pages, as there are no download links currently.
This commit is contained in:
parent
42d1c18a69
commit
5ea1d1f1e5
128
NEWS
128
NEWS
|
@ -1,6 +1,134 @@
|
||||||
NEWS
|
NEWS
|
||||||
====
|
====
|
||||||
|
|
||||||
|
2.3 - July 19th 2010
|
||||||
|
--------------------
|
||||||
|
|
||||||
|
391 commits, 332 files changed, 13919 insertions, 7137 deletions
|
||||||
|
|
||||||
|
So what's new ?
|
||||||
|
|
||||||
|
* Misc:
|
||||||
|
- a public key is no more mandatory for building a LassoProvider
|
||||||
|
- date parsing now conforms to XSD and ISO8601 specification,
|
||||||
|
especially with respect to milliseconds (they are just ignored, but
|
||||||
|
parsing do not fails now).
|
||||||
|
- the encryption private key can be loaded with a password (SAMLv2
|
||||||
|
support only)
|
||||||
|
- keep on replacing direct glib data structure manipulation function by
|
||||||
|
safer lasso macros.
|
||||||
|
- remove useless verbosity when there is already some error reporting
|
||||||
|
through method return value.
|
||||||
|
- add a signature_verify_hint parameter to all profiles, which can be
|
||||||
|
used to specify the policy for verifying signatures. The choices are:
|
||||||
|
- maybe, i.e. let Lasso decides,
|
||||||
|
- force, i.e. always verify, even when it is not needed by the spec,
|
||||||
|
- ignore, i.e. verify, but do not block processing on signature
|
||||||
|
verifications error.
|
||||||
|
- add a new snippet type: SNIPPET_COLLECT_NAMESPACES, to collect all
|
||||||
|
declared namespaces in the context of a node. It is needed for
|
||||||
|
interpreting a string value which depend on the locally declared
|
||||||
|
namespaces (like XPath queries).
|
||||||
|
- support full syntax for query strings (lasso missed support for
|
||||||
|
semi-colon separator between query string key-value pairs).
|
||||||
|
- make LassoServer load its public key like LassoProvider
|
||||||
|
- lasso_build_unique_id is now part of the public API
|
||||||
|
- add lasso_profile_sso_role_with to decide on the role we have toward
|
||||||
|
another provider (depending on the Identity, the Session or the
|
||||||
|
Server object in this order).
|
||||||
|
- add a lasso_node_debug method wich output a human friendly dump (i.e.
|
||||||
|
indented) of a serialized LassoNode, contrary to dump which returns a
|
||||||
|
computer friendly one (dump will conserve signature values, not
|
||||||
|
debug).
|
||||||
|
|
||||||
|
* SAMLv2:
|
||||||
|
- constraint on the number of SessionIndex value in a LogoutRequest was
|
||||||
|
worked-around (see
|
||||||
|
lasso_samlp2_logout_request_get/set_session_indexes)
|
||||||
|
- full support for encrypted signing key (ID-FFv1.2 is coming in next
|
||||||
|
release)
|
||||||
|
- The treatment of assertions consumer endpoints metadata was improved to be
|
||||||
|
what the specification says, i.e find the best default.
|
||||||
|
- lasso_assertion_query_build_request_msg now properly initialize the Subject
|
||||||
|
of the query from all possibles sources (first profile->nameIdentifier, then
|
||||||
|
from the identity dump and finally from the session).
|
||||||
|
- when a parsed Assertion contains a signature, we return the
|
||||||
|
original_xmlnode instead of serializing the LassoNode content when
|
||||||
|
calling lasso_node_get_xmlNode. This is in order to keep canonical
|
||||||
|
representation of signed assertions. The result is that parsed and
|
||||||
|
signed assertions should be considered read-only with respect to
|
||||||
|
serialization.
|
||||||
|
- lasso_login_build_assertion no longer initialize sessionNotOnOrAfter,
|
||||||
|
it must be done explicitely by the IdP implementation. Only the
|
||||||
|
assertion lifetime is set by the arguments.
|
||||||
|
- when loading metadata for a provider, we verify that a role
|
||||||
|
descriptor exists for the prescribed role: i.e if you do
|
||||||
|
server.addProvider(lasso.PROVIDER_ROLE_SP, "metadata.xml"), lasso
|
||||||
|
checks that the metadata contain a descriptor for the role "SPSSO".
|
||||||
|
- new helper methods to manipulate and check conditions on
|
||||||
|
SAMLv2 assertions.
|
||||||
|
- move strings to their own header (but keep retro-compatibility
|
||||||
|
through inclusion in xml/strings.h).
|
||||||
|
|
||||||
|
* Bindings:
|
||||||
|
- improve general use of bindings/utils.py module inside the bindings
|
||||||
|
to share type matching logic.
|
||||||
|
|
||||||
|
* Python binding:
|
||||||
|
- Glib warning are tunneled through python logging API
|
||||||
|
- camelcasing of uppercase starting fields for python and java bindings has
|
||||||
|
been fixed, old orthograph has been also kept for compatibility. The problem
|
||||||
|
could be seen on LassoAssertion object where the field ID was renamed iD
|
||||||
|
which was difficult to guess.
|
||||||
|
- node class now supports pickling by leveraging existing XML
|
||||||
|
serialization. It posseses the same limitations as the existing XML
|
||||||
|
serialization, for example serializing a LassProfile is not an
|
||||||
|
idempotent operation, it will miss the server, identity and session
|
||||||
|
fields.
|
||||||
|
- empty GList now return an empty tuple, not None (it fixes a lot
|
||||||
|
list traversal codes)
|
||||||
|
- do not forget to emit 'pass' in declaration of class without any
|
||||||
|
content (no method, no field, no constructor)
|
||||||
|
- the code to emit 'freeing' code for values was factorized and improved.
|
||||||
|
- for empty lists returns an empty pyhon list, not None.
|
||||||
|
|
||||||
|
* Perl binding:
|
||||||
|
- support for out parameters was added.
|
||||||
|
- better memory freeing
|
||||||
|
|
||||||
|
* Java binding:
|
||||||
|
- finished exception support for error returning methods.
|
||||||
|
- optimize the makefile for file listing generation
|
||||||
|
- for NULL GList returns an empty ArrayList object, not null.
|
||||||
|
|
||||||
|
* Documentation:
|
||||||
|
- add examples to LassoLogout documentation
|
||||||
|
- fix missing or deprecated methods in lasso-sections.txt
|
||||||
|
- document LassoIdWsf2Profile methods
|
||||||
|
- document runtime flags
|
||||||
|
|
||||||
|
* Tests:
|
||||||
|
- new macros to help in testing (see tests/tests.h), they also make
|
||||||
|
better error reporting (when comparing values, they show the expected
|
||||||
|
and the obtained value).
|
||||||
|
- SAMLv2 AuthnRequest through HTTP-Artifact binding is tested
|
||||||
|
- SAMLv2 LogoutRequest with multiple SessionIndex is tested
|
||||||
|
- force C locale for integration test (we match UI strings, so it is
|
||||||
|
needed).
|
||||||
|
- SAMLv2, test websso with encrypted private keys (idp and sp side)
|
||||||
|
- SAMLv2, add a python test for attribute authority
|
||||||
|
|
||||||
|
* ID-WSF 2.0:
|
||||||
|
- constant strings were moved to their own header
|
||||||
|
(lasso/xml/id-wsf-2.0/idwsf2_strings.h)
|
||||||
|
- add helper method to retrieve the bootstrap EPR from an assertion and
|
||||||
|
to mint assertion to use as WS-Security tokens.
|
||||||
|
- add method lasso_idwsf2_data_service_get_query_item_result_content to
|
||||||
|
retrieve DST query result as text
|
||||||
|
- sign SAMLv2 assertion used as WS-Security tokens
|
||||||
|
|
||||||
|
And many minor bug-fixes...
|
||||||
|
|
||||||
2.2.91 - January 26th 2010
|
2.2.91 - January 26th 2010
|
||||||
--------------------------
|
--------------------------
|
||||||
|
|
||||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -15,7 +15,7 @@ dnl - Second number is the number of supported API versions where API version >
|
||||||
dnl first number.
|
dnl first number.
|
||||||
dnl - Third number is the current API version implementation version number.
|
dnl - Third number is the current API version implementation version number.
|
||||||
dnl See libtool explanations about current, age and release, later in this file.
|
dnl See libtool explanations about current, age and release, later in this file.
|
||||||
AC_INIT([lasso], 2.2.91, lasso-devel@lists.labs.libre-entreprise.org)
|
AC_INIT([lasso], 2.3, lasso-devel@lists.labs.libre-entreprise.org)
|
||||||
dnl Check if autoconf ver > 2.53
|
dnl Check if autoconf ver > 2.53
|
||||||
AC_PREREQ(2.53)
|
AC_PREREQ(2.53)
|
||||||
AC_CONFIG_MACRO_DIR([m4])
|
AC_CONFIG_MACRO_DIR([m4])
|
||||||
|
|
|
@ -61,6 +61,10 @@
|
||||||
</SVNRepository>
|
</SVNRepository>
|
||||||
</repository>
|
</repository>
|
||||||
<release>
|
<release>
|
||||||
|
<Version>
|
||||||
|
<created>2010-07-19</created>
|
||||||
|
<revision>2.3</revision>
|
||||||
|
</Version>
|
||||||
<Version>
|
<Version>
|
||||||
<created>2010-01-26</created>
|
<created>2010-01-26</created>
|
||||||
<revision>2.2.91</revision>
|
<revision>2.2.91</revision>
|
||||||
|
|
|
@ -37,8 +37,8 @@
|
||||||
<div id="download">
|
<div id="download">
|
||||||
<h2>Download</h2>
|
<h2>Download</h2>
|
||||||
<p>
|
<p>
|
||||||
The most recent version of Lasso is <strong>2.2.91</strong> and was
|
The most recent version of Lasso is <strong>2.3</strong> and was
|
||||||
release on January 26th 2010.
|
release on July 19th 2010.
|
||||||
</p>
|
</p>
|
||||||
<h3>Binary packages</h3>
|
<h3>Binary packages</h3>
|
||||||
<p>
|
<p>
|
||||||
|
@ -47,8 +47,7 @@
|
||||||
</p>
|
</p>
|
||||||
<h3>Source</h3>
|
<h3>Source</h3>
|
||||||
<p>
|
<p>
|
||||||
<li><a href="http://labs.libre-entreprise.org/frs/download.php/765/lasso-2.2.91.tar.gz">.tar.gz</a></li>
|
<li>Wait for 2.3 updates of download links...</li>
|
||||||
<li><a href="https://dev.entrouvert.org/projects/lasso/repository">Subversion Repository</a></li>
|
|
||||||
</p>
|
</p>
|
||||||
</div>
|
</div>
|
||||||
[end]
|
[end]
|
||||||
|
|
|
@ -61,6 +61,10 @@
|
||||||
</SVNRepository>
|
</SVNRepository>
|
||||||
</repository>
|
</repository>
|
||||||
<release>
|
<release>
|
||||||
|
<Version>
|
||||||
|
<created>2010-07-19</created>
|
||||||
|
<revision>2.3</revision>
|
||||||
|
</Version>
|
||||||
<Version>
|
<Version>
|
||||||
<created>2010-01-26</created>
|
<created>2010-01-26</created>
|
||||||
<revision>2.2.91</revision>
|
<revision>2.2.91</revision>
|
||||||
|
|
|
@ -10,8 +10,7 @@
|
||||||
<p>
|
<p>
|
||||||
Lasso is licensed under the GNU GPL and the latest release
|
Lasso is licensed under the GNU GPL and the latest release
|
||||||
is available here as a gzipped tarball:
|
is available here as a gzipped tarball:
|
||||||
<a
|
<a href="">Wait for update of 2.3 release sources...</a>
|
||||||
href="http://labs.libre-entreprise.org/frs/download.php/765/lasso-2.2.91.tar.gz">lasso-2.2.91.tar.gz</a>
|
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
<h2>Binary Downloads</h2>
|
<h2>Binary Downloads</h2>
|
||||||
|
@ -25,14 +24,14 @@
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
Additionnaly there are <i>sarge</i> packages and there may be more
|
Additionnaly there are <i>lenny</i> abd <i>karmic</i> packages and there may be more
|
||||||
uptodate packages available in our local apt repository. Pick the
|
uptodate packages available in our local apt repository. Pick the
|
||||||
one appropriate for your distribution:
|
one appropriate for your distribution:
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
<pre>
|
<pre>
|
||||||
deb http://deb.entrouvert.org sarge main
|
deb http://deb.entrouvert.org lenny main
|
||||||
deb http://deb.entrouvert.org etch main
|
deb http://deb.entrouvert.org karmic main
|
||||||
</pre>
|
</pre>
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
|
@ -42,11 +41,10 @@ deb http://deb.entrouvert.org etch main
|
||||||
<ul>
|
<ul>
|
||||||
<li>liblasso3: runtime library</li>
|
<li>liblasso3: runtime library</li>
|
||||||
<li>liblasso3-dev: C development kit</li>
|
<li>liblasso3-dev: C development kit</li>
|
||||||
<li>python2.3-lasso: Python 2.3 bindings</li>
|
<li>python-lasso: Python 2.5 & 2.6 bindings</li>
|
||||||
<li>php4-lasso: PHP bindings</li>
|
<li>php5-lasso: PHP bindings</li>
|
||||||
<li>liblasso-java: JAVA bindings</li>
|
<li>liblasso-java: JAVA bindings</li>
|
||||||
<li>liblasso-perl: Perl bindings</li>
|
<li>liblasso3-perl: Perl bindings</li>
|
||||||
<!--<li>liblasso-cil: .NET bindings</li>-->
|
|
||||||
</ul>
|
</ul>
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
|
@ -58,8 +56,8 @@ deb http://deb.entrouvert.org etch main
|
||||||
<h3>Fedora Core Packages</h3>
|
<h3>Fedora Core Packages</h3>
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
There are RPM packages built on Fedora Core 6; <strong>they will soon
|
There are RPM packages built on Fedora Core 6; <strong>beware that
|
||||||
be updated for 2.2.1 and a newer Fedora</strong>
|
they are from an old release</strong>
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
<ul>
|
<ul>
|
||||||
|
@ -109,6 +107,10 @@ deb http://deb.entrouvert.org etch main
|
||||||
|
|
||||||
<pre> svn checkout svn://labs.libre-entreprise.org/svnroot/lasso/trunk lasso </pre>
|
<pre> svn checkout svn://labs.libre-entreprise.org/svnroot/lasso/trunk lasso </pre>
|
||||||
|
|
||||||
|
<p> We are actively moving to git for future development, the details
|
||||||
|
will be given here. For people who cannot use git, regular
|
||||||
|
tarbal of the trunk will be made. </p>
|
||||||
|
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue