This repository has been archived by the owner on Apr 17, 2024. It is now read-only.
Releases: rancher/rancher-auth-service
Releases · rancher/rancher-auth-service
v0.4.33
v0.4.32
v0.4.31: Merge pull request #66 from mrajashree/fixthis
Change if-checks for token and redirect URL
v0.4.30: Add additional handler to set token as cookie
RedirectBackBase might differ from the acs URL. In this case, we will create a token in the ACS handler and sent it as a hidden field in a form with html and js to submit the form on load, and this will be sent to the redirectBackBase URL with new handler for creating token cookie. This new handler will receive token and set it as a cookie RedirectBackBase & RedirecBackPath won't be set on the global SamlServiceProvider struct. HandleSamlLogin sets relayState per request, which contains the URI of the request, which has the redirectBackBase and RedirectBackPath values. This commit retrieves those values in the getPossibleRequestIDs method, along with the requestID, and passes along that to HandleSamlAssertion. So we don't need to set any values separately. The setting to specify whitelisted domains for redirectBackBase values will accept domain. So the users can enter domain.com or domain.com:8080, this commit checks the redirectBackBase against both.
v0.4.29: Merge pull request #64 from mrajashree/whitelistSaml
Add setting to accept whitelisted redirect URLs
v0.4.28: Refactor SAML
1. Remove use of SAML library's middleware, so that we don't use the token that the library sets. This token set by the library can be big depending on size of user's assertion returned by IdP. This token is set as a cookie and big cookies cause problems as most browsers have a max limit of cookie size of 4096 bytes 2. Make the auth flow similar to 2.0 3. Make sure token cookie's secure flag is set depending on the request 4. Restrict redirectBackBase to whitelisted domains (Host registration URL)
v0.4.27
v0.4.26
Fix access mode issue
v0.4.25: Merge pull request #60 from mrajashree/updateSaml
v0.4.24: Skip error for identities in savedIdentities required mode
In required mode, additional query is made during login to get all identities from the allowed identity list. While getting these identities, the error can be ignored as they don't belong to the user trying to login.