- Raise PermissionDenied when token is lacking information needed to create a user. #116 #149
- Documentation error for
- New parameter called CUSTOM_FAILED_RESPONSE_VIEW, allowing you to set a custom django function view to handle login failures. #136
- New parameter called LEEWAY_JWT, allowing you to set a leeway for validating the JWT token. #128
- Added support for enterprice app SSO certificates. #87
- Added setting to disable user creation. #96
- Dependency compatibility for PyJWT 2.0. #120
- Django 4.0 deprecation cleanup.
- Fixed a bug where IntegrityError could occur if a users groups changed, and multiple requests were done quickly. #95
From this release onwards, compatibility with python 2.7 and 3.4 is not guaranteed anymore.
- Python 2.7 and 3.4 tests
- Django Rest Framework 3.7 tests
- The URLs file to override the django rest framework login (
drf-urls.py), was not a valid python module name. It was changed to
drf_urls.py. Th old name is still there but will be removed in a next release.
- Added setting
SETTINGS_CLASS, defaulting to
django_auth_adfs.config.Settings. This provides a mechanism to load the
AUTH_ADFSconfig from sources other than Django settings.
- Python 3.8 tests
- Django Rest Framework 3.10 tests
- Django 1.8, 1.9 and 1.10 support. They are end of extended support and keeping support for them was becoming too complex.
- The django templates were missing in the wheel
- Added views to selectively disable SSO for login links
- Existing users with an empty password raised an exception
- Add a setting to force a login screen and disable SSO on ADFS.
- Documentation about how to enable SSO for other browsers than IE & Edge.
- Prevent username field from being overwritten by a claim mapping.
- Prevent traceback upon logout when ADFS config is not yet loaded.
- Fix fields in log messages being swapped.
- Don’t allow the audience claim to be ignored. Preventing access token reuse.
- Set an unusable password on newly created user instead of leaving it empty.
This version contains backwards incompatible changes. Make sure to read the entire release notes
- Windows 2016 (a.k.a. ADFS 4.0) Support
- AzureAD support (check the setting
- Django Rest Framework support.
- Add a
TIMEOUTsetting for requests towards the ADFS server.
- Add the
CLIENT_SECRETsetting to support client secrets in the OAuth2 Flow.
- Users are now redirected back to the page that triggered the login instead of the main page.
- Groups a user belongs to can now be automatically created in Django (check the
- Django 2.1 support
- All settings that can be determined automatically are now set automatically
- When a claim mapped to a non-required field in the user model is missing, a warning is logged instead of an exception raised
- Because of the login and logout views that were added, the redirect URI back from ADFS should
now point to
/oauth2/callback. Keeping it at
/oauth2/loginwould have caused a potential redirect loop.
these settings are now loaded from ADFS metadata automatically and have been deprecated:
- Fixed a bug were authentication failed when the last ADFS signing key was not the one that signed the JWT token.
- Django 1.11 support and tests.
- Proper handling the absence of ‘code’ query parameter after ADFS redirect.
- Added ADFS configuration guide to docs.
- Allow boolean user model fields to be set based on claims.
include()is not needed anymore on Django >=1.9.
- Fixed some Django 2.0 deprecation warnings, improving future django support.
- Numerous typos fixed in code and documentation.
- Proper handling of class variables to allow inheriting from the class
- By default, the ADFS signing certificate is loaded from the
FederationMetadata.xmlfile every 24 hours. Allowing to automatically follow certificate updates when the ADFS settings for
AutoCertificateRolloveris set to
- Group assignment optimisation. Users are not removed and added to all groups anymore. Instead only the groups that need to be removed or added are handled.
Backwards incompatible changes
- The redundant
ADFS_prefix was removed from the configuration variables.
REQUIRE_LOGIN_EXEMPT_URLSvariable was renamed to
- ADFS_REDIR_URI is now a required setting
- Now supports Python 2.7, 3.4 and 3.5
- Now supports Django 1.7, 1.8 and 1.9
- Added debug logging to aid in troubleshooting
- Added unit tests
- Lot’s of code cleanup
- Fixed a possible issue with the cryptography package when used with apache + mod_wsgi.
- Added a optional context processor to make the ADFS authentication URL available as a template variable (ADFS_AUTH_URL).
- Added a optional middleware class to be able force an anonymous user to authenticate.
0.0.1 - 2016-02-09¶
- Initial release