- New config fields added:
saml2.rvm_users_from_orgs- used in order to prevent Users from being removed from the Organization that are not mentioned within the response from IdP.saml2.disable_organization_membership- used to avoid membership creation process for the User that is log in.saml2.redirect_after_login- used to change default redirect URL after User log in.saml2.name_id_from_saml2_NameID- if specified astrue, thenameidwill be taken from straight from the IdP response instead of findidkey within thesaml_infoanddata_dictvariables at stage of User creation process.
- Added support for CKAN 2.8
- Added a script ckanext/saml2/admin/fresh_idp_metadata.py to keep IdP metadata up-to-date
- NameIDs are now stored in the saml2_user table, instead of as the user's username. No update method for existing data is provided.
- Deprecated the
saml2.local_email_domainsandsaml2.sso_email_domainsconfiguration directives in favour of a direct check for a NameID in the saml2_user table.
Note: This release requires the use of pysaml2's challenge_decider to enable single logout, which was not required in 0.1. See the sample who.ini configuration.
Note: If ckanext-saml was used to modify user privileges for user provisioning by the IdP, you now need to use ckanext-acl
- Move responsibility for sending LogoutResponses from the plugin to pysaml2
- Removed user account permission admin to [ckanext-acl|https://github.com/DataShades/ckanext-acl]