What's new?

• Server

  • Updated: The directory API to support Require Signed Assertion Response.

• UI:

  • Added: Introduced UI options for Require Signed Assertion Response for enhanced security in SAML authentication.

Requirements

• TEF: 1.51.0
• TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

Enhanced Security and Compatibility Guide for SAML Authentication

Description: The recent update to @node-saml/passport-saml mandates the signing of the assertion response. To ensure backward compatibility, we have introduced a new configuration option in the UI:

• Require Signed Assertion Response

By default, this option is set to Disabled to maintain compatibility with existing setups.

Recommendations: We recommend enabling this option as it adds an additional layer of security. However, please be aware that enabling this setting might impact the SAML login functionality.