January 28, 2019
This is a bug fix that prevents new installations of the EDS from acting as an open redirector. Existing systems will continue to function as one until locked down, but the presence of the new setting will prevent this behavior.
Existing deployments should add the "this.returnWhiteList" parameter to their copy of idpselect_config.js to lock down the redirection to the right set of hosts. As an example, the instance on shibboleth.net is set to:
June 19, 2015
This is a bugfix and new feature refresh of the Embedded Discovery Service.
For a complete list of issues addressed in this release, see https://issues.shibboleth.net/jira/issues/?filter=10770
Of particular interest is:
- The ordering of history in the
_saml_idpcookie has been fixed to align with the spec. This means that the first time that the EDS is run after an upgrade the preferred IdP list will appear backwards. Some extra configuration has been added to allow better interoperation with the Shibboleth SP's use of the
- The EDS now incorporates AIRA mark up which makes it usable by screen readers EDS-26 (work in progress)
- The language bundles now include Japanese, Brazillian Portugese as well as German and English. The bundles are now shipped separately from the main configuration which means that no work is needed at upgrade time to take advantage of these languages.
- Several new configuration options are included. See the documentation for details.