packages feed

wai-saml2 0.2.1.2 → 0.2.1.3

raw patch · 2 files changed

+12/−8 lines, 2 filesdep ~bytestring

Dependency ranges changed: bytestring

Files

README.md view
@@ -2,6 +2,8 @@  ![GitHub](https://img.shields.io/github/license/mbg/wai-saml2) ![Haskell CI](https://github.com/mbg/wai-saml2/workflows/Haskell/badge.svg?branch=master)+![stackage-nightly](https://github.com/mbg/wai-saml2/workflows/stackage-nightly/badge.svg)+[![Hackage](https://img.shields.io/hackage/v/wai-saml2)](https://hackage.haskell.org/package/wai-saml2)  A Haskell library which implements SAML2 assertion validation as WAI middleware. This can be used by a Haskell web application (the service provider, SP) to perform identity provider (IdP) initiated authentication, i.e. SAML2-based authentication where the authentication begins at the IdP-end, the IdP authenticates the user, and then gets the user to submit a SAML2 assertion back to the SP (known as "unsolicited SSO" within e.g. [the Shibboleth project](https://wiki.shibboleth.net/confluence/display/IDP30/UnsolicitedSSOConfiguration#UnsolicitedSSOConfiguration-SAML2.0)).  @@ -18,7 +20,7 @@  The library is estimated to be sufficiently robust for use in a production environment. If you wish to implement this middleware, please note the following: -* You __must__ store IDs of assertions you see. If an assertion is successfully validated by this library, you __must__ check that you have not previous seen the assertion ID in order to prevent replay attacks.+* You __must__ store IDs of assertions you see. If an assertion is successfully validated by this library, you __must__ check that you have not previously seen the assertion ID in order to prevent replay attacks.  * You __must not__ expose any errors to a client as that could severely compromise the security of the system as attackers may be able to use the errors to narrow down valid SAML responses. You __should__ log and monitor errors though as they may indicate attacks on your system. Ensure that log files containing errors from the SAML2 middleware are stored securely. 
wai-saml2.cabal view
@@ -1,20 +1,18 @@ cabal-version: 1.12 --- This file has been generated from package.yaml by hpack version 0.33.0.+-- This file has been generated from package.yaml by hpack version 0.34.4. -- -- see: https://github.com/sol/hpack------ hash: 4a1b318c169b45fea75edde89d81f7e0c7112e165e3e3cc5d65269c91210892f  name:           wai-saml2-version:        0.2.1.2+version:        0.2.1.3 synopsis:       SAML2 assertion validation as WAI middleware description:    A Haskell library which implements SAML2 assertion validation as WAI middleware category:       Security homepage:       https://github.com/mbg/wai-saml2#readme bug-reports:    https://github.com/mbg/wai-saml2/issues author:         Michael B. Gale-maintainer:     m.gale@warwick.ac.uk+maintainer:     github@michael-gale.co.uk copyright:      Copyright (c) Michael B. Gale license:        MIT license-file:   LICENSE@@ -45,12 +43,16 @@       Paths_wai_saml2   hs-source-dirs:       src-  default-extensions: OverloadedStrings MultiWayIf RecordWildCards FlexibleInstances+  default-extensions:+      OverloadedStrings+      MultiWayIf+      RecordWildCards+      FlexibleInstances   ghc-options: -W   build-depends:       base >=4.8 && <5     , base64-bytestring >=0.1 && <2-    , bytestring >=0.9 && <0.11+    , bytestring >=0.9 && <0.12     , c14n >=0.1.0.1 && <1     , cryptonite <1     , data-default-class <1