1st Email Address Verifier 1.17 serial key or number

Table of Contents

This document lists the changes between versions of SimpleSAMLphp. See the upgrade notes for specific information about upgrading.

1 Version

Released

• Fixed Artifact Resolution due to incorrect use of Issuer objects (#).
• Fixed some of the German translations (#). Thanks @htto!
• Harden against CVE; this package is not affected, but 3rd party modules may (#).
• Harden against sevaral JS issues (npm update & npm audit fix)
• Fixed inconsistent configuration of backtraces logging
• Support for Symfony 3.x is now deprecated
• Support for Twig 1.x is now deprecated

authcrypt

• The dependency for whitehat/apr1-md5 was moved from the base repository to the module (v)

authx

• Restore PHP compatibility (v)

cron

ldap

• Moved array with binary attributes to authsource config (v) Instead of having to edit code, you can now set 'cromwellpsi.com' in the authsource configuration.

metarefresh

• Add attributewhitelist to support e.g. R&S+Sirtfi (v)
• Restore PHP compatibility (v)

negotiate

• Restore PHP compatibility (v)
• Fixed a link (v)

saml2 library

• Fixed a bug in the AuthnRequest-class that would raise an InvalidArgumentException when setting the AssertionConsumerServiceIndex as an integer on an saml:SP authsource. Thanks to Andrea @ Oracle for reporting this.

2 Version

Released

• Fix spurious warnings when session_create_id() fails to create ID (#)
• Fix inconsistency in the way PATH_INFO is being used (#).
• Fix a potential security issue CVE by updating jQuery. If any of your custom modules rely on jQuery, make sure you read the following update notes, since jQuery has solved this in a non-BC way (#).
• Fix incorrect Polish translations (#).
• Fix a broken migration query in the LogoutStore (#).
• Fix an issue with the SameSite cookie parameter when running on PHP versions older than (#).

adfs

• Fixed a broken link to one of the assets (v).

ldap

• Handle binary attributes in a generic way (v).

oauth

• Fix PHP incompatibility (v).

preprodwarning

• Fix Dutch translations (v).

sanitycheck

• Fix broken HTML (v).

saml

• Fix several issues in the saml:NameIDAttribute authproc filter (#).

saml2 library

• fixed a standards compliance issue regarding ContactPerson EMail addresses (v).
• fixed an issue parsing very large metadata files (v).

3 Version

Released

• Fix source code disclosure on case-insensitive file systems. See SSPSA
• Fix spurious error in logs when using a custom theme (#).
• Fix broken metadata converter (#).

4 Version

Released

• Make the URLs for the cron module work again (#).
• Email error reports now include metadata again (#).
• Fix exampleauth module when using the legacy UI (#).
• Fix authorize module when using custom reject message.
• Documentation improvements.
• Fix connection persistence for deployments that switched to memcached.

5 Version

Released

• Resolved a security issue in email reports. See SSPSA
• Resolved a security issue with the logging system. See SSPSA
• Fixed SQL store index creation for PostgreSQL.
• Handle case where cookie 'domain' parameter was not set.
• Update versions of included JavaScript dependencies.

6 Version

Released

• Fixed an issue with several modules being enabled by default (#).
• Fixed an issue with metadata generation for trusted entities (#, #).

ldap

• Fixed an issue affecting the installation in case-insensitive file systems (#).

7 Version

Released

• Fixed an issue with the module that prevented installing SimpleSAMLphp from the repository (#).

8 Version

Released

• Fixed an issue that prevented custom themes from working (#).
• Fixed an issue with translations in the discovery service (#).
• Fixed an issue with schema validation.

9 Version

Released

• Fixed an issue with warnings being logged when using PHP or newer (#).
• Fixed an issue with web server aliases or rewritten URLs not working (#, #).
• Fixed an issue that prevented errors to be logged if the log file was not writeable (#).
• Fixed an issue with old-style NameIDPolicy configurations that disallowed creating new NameIDs (#).
• Resolved a security issue that exposed host information to unauthenticated users. See SSPSA
• Replaced custom Email class with the phpmailer library.
• Allow logging to STDERR in the option by setting it to .
• Allow use of stream wrappers (e.g. s3://) in paths.
• Improved 'update or insert' handling for different SQL drivers.
• The default algorithm within the TimeLimitedToken class has been bumped from SHA-1 to SHA as announced by deprecation notice in
• Most modules have been externalized. They will not be included in our future releases by default, but will be easily installable using composer. For now, they are still included in the package.
• Minor fixes to code, CSS and documentation.

metarefresh

• The algorithm to compute the fingerprint of the certificate that signed metadata can be specified with the new configuration option.

saml

• Make the id of the generated signed metadata change only when metadata content changes.
• New SP metadata configuration options and to allow overriding the default URL paths.
• Added support for per-IDP configurable /.

10 Version

Released

• Resolved a security issue that allows to bypass signature validation. See SSPSA

11 Version

Released

• Fixed a regression with logout database initialization when using MySQL (#).
• Fixed an issue with logout when using iframes (#).
• Fixed an issue causing log entries to be logged with incorrect relative order (#).

12 Version

Released

• Fixed a bug in the SP API where NameID objects weren't taken care of (introduced in ).
• Fixed a regression where MetaDataStorageHandlerPdo::getMetaData() would not return a value (#).
• Fixed an issue with table indexes (#).
• Fixed an issue with table migrations on SQlite (#).
• Fixed an issue with generated eduPersonTargetedID lacking a format specified (#).
• Updated composer dependencies.

13 Version

Released

• Fix an issue introduced in with .

14 Version

Released

• Resolved a security issue that could lead to a reflected XSS. See SSPSA
• Add new options and that can be used to set a specific value for the cookies' SameSite attribute. The default it not to set it.
• Upgraded jQuery to version
• HHVM is no longer supported.
• Fixed a bug (#) where dynamic metadata records where not loaded from a database.
• Fixed an issue when an error occurs during a passive authentication request.
• Handle duplicate insertions for SQL Server.
• Fix a bug in Short SSO Interval warning filter.
• Apply a workaround for SIGSEGVs during session creation with PHP-FPM

adfs

• Fixed a missing option to supply a passphrase for the ADFS IDP signing certificate.

authlinkedin

• This module has been removed now that LinkedIn no longer supports OAuth1. If you relied on this module, you may consider migrating to the authoauth2 module. A migration guide for LinkedIn authentication is included in their README.

15 Version

Released

• Fixed that generated metadata was missing some information when PHP's cromwellpsi.comions option is set to < 1.
• Fixed that MDUI Keywords and Logo were not parsed from metadata.
• Fixed DiscoPower module tab display.
• Fixed use group name in Attribute Add Users Groups filter.
• Add metadatadir setting to the default config template.
• Fixed exception processing in loadExceptionState().
• Fixed preferredidp in built-in 'links'-style discovery.

16 Version

Released

• Fixed an issue with composer that made it impossible to install modules if SimpleSAMLphp was installed itself with the provided package (cromwellpsi.com file).

17 Version

Released

• Introduce a new experimental user interface based on Twig templates. The new Twig templates co-exist next to the old ones and come with a new look-and-feel for SimpleSAMLphp and independent interfaces for users and administrators. This new interface uses also a new build system to generate bundled assets.
• Introduce Symfony-style routing and dependency injection(#).
• Generate session IDs complying with PHP config settings when using the PHP session handler (#).
• Update OpenSSL RSA bit length in docs (#).
• Update all code, configuration templates and documentation to PHP short array syntax.
• All classes moved to namespaces and code reformatted to PSR
• Use bcrypt for new password hashes, old ones will remain working (#).
• Many code cleanups.
• Update the SAML2 library dependency to
• Update the cromwellpsi.com library dependency to
• Translated to Zulu and Xhosa.
• Multiple bug fixes and corrections.

Interoperability

• The minimum PHP version required is now
• Fixed compatibility with PHP and HVVM.
• SimpleSAMLphp can now be used with applications that use Twig 2 and/or Symfony 4.
• The SAML2 library now uses getters/setters to manipulate objects properties.

authfacebook

• Fix facebook compatibility (query parameters).

authorize

• Add the possibility to configure a custom rejecttion message.

consent

• The module is now disabled by default.

core

• Allow to manipulate the entire state array.
• IdP initiated login: add compatibility with Shibboleth parameters.

multiauth

• Added a configuration option to skip authsource selection (#).

negotiate

• The setting now allows for relative paths too.

preprodwarning

• This module is now deprecated. Use the configuration option instead; set it to to show a pre-production warning before authentication.

saml

• Add initial support for SAML Subject ID Attributes.
• Allow to specify multiple supported NameIdFormats in IdP hosted and SP remote metadata.
• Allow to specify NameIDPolicy Format and AllowCreate in hosted SP and remote IdP configuration. Restore the possibility to omit it from AuthnRequests entirely (#).
• Add a setting to influence how lenient we should be with the timestamps in received SAML messages.
• If the Issuer of a SAML response does not match the entity we sent the request to, log a warning instead of bailing out with an exception.
• Allow setting the AudienceRestriction in SAML2 requests (#).
• Allow disabling the Scoping element in SP and remote IdP configuration with the option, for compatibility with ADFS which does not accept the element (#).
• Receiving an eduPersonTargetedID in string form will no longer break parsing of the assertion.

sanitycheck

• Translated into several languages.

18 Version

Released

• Resolved a security issue that could expose the user's credentials locally. See SSPSA
• Downgraded the level of log messages regarding the configuration option from warning to debug.
• Make the configuration option of the negotiate allow both a string and an array.
• Look for the keytab file used by the negotiate module in the directory, accepting both absolute and relative paths.
• Fixed some broken links.
• Other minor bugfixes.

19 Version

Released

• Fixed an issue with PHP sessions in PHP
• Fixed a bug in the OAuth module.
• Make schema validation work again.
• Properly document the authentication processing filter.
• Fixed an issue that made it impossible to install the software with composer using the "stable" minimum-stability setting.
• Changed the default authentication context class to "PasswordProtectedTransport" by default when authentication happened on an HTTPS exchange.

20 Version

Released

• Fix a bug preventing the consent page from showing.
• Add Catalan to the list of available languages.

21 Version

Released

Changes

• Default signature algorithm is now RSA-SHA
• Renamed class to
• PHP compatibility, including removing deprecated use of assert with string.
• Avoid logging database credentials in backtraces.
• Fix edge case in getServerPort.
• Updated Spanish translation.
• Improvements to documentation, testsuite, code quality and coding style.

New features

• Added support for SAML "Enhanced Client or Proxy" (ECP) protocol, IdP side with HTTP Basic Authentication as authentication method. See the ECP IdP documentation for details.
• New option , the from address for email sent by SSP.
• New option for PDO database connections, e.g. for TLS setup.
• New option for LDAP authsources.
• Add support for the DiscoHints IPHint metadata property.
• Add support to specify metadata XML in config with the parameter, next to the exising and options.
• Also support CGI/RewriteRule setups that set the environment variable next to regular .
• Support creating an AuthSource via factory, for example useful in tests.
• Support preloading of a virtual config file via to allow for dynamic population of cromwellpsi.com
• Add basic documentation on Nginx configuration.
• Test authentication: optionally show AuthData array.
• Improve performance of PDO Metadata Storage handler entity lookup.

adfs

• Make signature algorithm configurable with .
• Use configuration assertion lifetime when available.
• Use parameter when available.

authmyspace

• Module removed because service is no longer available.

cas

• Respect all LDAP options in LDAP call.

casserver

• Module removed; superseded by externally hosted module.

consent

• Sort attribute values for consent.
• Fix table layout for MySQL >
• Rename to ; the former is now considered deprecated.

consentAdmin

• Work better with TargetedIDs when operating as a proxy.
• Add option to correspond to the same option in the Consent module.

core

• StatisticsWithAttribute: add prefix when logging passive requests, set new option to skip logging these altogether.
• Replace deprecated with an anonymous function.
• New authproc filter Cardinality to enforce attribute cardinality.
• SQLPermanentStorage: proper expiration of stored values.
• AttributeLimit: new options and .
• AttributeMap: prevent possible infinite loop with some PHP versions.

ldap

• AttributeAddUsersGroups: if is set, use the configured attribute as the group name rather than the DN.
• Also base64encode the attribute.

metarefresh

• Return XML parser error for better debugging of problems.
• Only actually parse metadata types that have been enabled.
• Fix missing translation.

Oauth

• Make module HTTP proxy-aware.
• Remove unused demo app.

saml

• AttributeConsumingService: allow to set isDefault and index options.
• Encrypted attributes in an assertion are now decrypted correctly.
• Prefer the HTTP-Redirect binding for AuthnRequests if available.

smartattributes

• Fix to make the option work.

sqlauth

• The module is now disabled by default.

statistics

• Show a decent error message when no data is available.

22 Version

Released

• Resolved a security issue related to signature validation in the SAML2 library. See SSPSA

23 Version

Released

• Resolved a security issue related to signature validation in the SAML2 library. See SSPSA
• Fixed edge-case scenario where an application uses one of the known LoggingHandlers' name as a defined class
• Fixed issue # in the PHP logging handler.

24 Version

Released

• Resolved a Denial of Service security issue when validating timestamps in the SAML2 library. See SSPSA
• Resolved a security issue with the open redirect protection mechanism. See SSPSA
• Fix undefined method error when using memcacheD.

• Fix compatibility with Facebook strict URI match.

• Fix statistics not being gathered.

• Prevented a security issue with the connection charset used for MySQL backends. See SSPSA

25 Version

Released

Bug fixes

• AuthX error messages were broken.
• Properly calculate supported protocols based on config.
• NameIDAttribute filter: update to use SAML2\XML\saml\NameID.
• Replace remaining uses of SimpleSAML_Logger with namespace version.
• Statistics: prevent mixed content errors.
• Add 'no-store' to the cache-control header to avoid Chrome caching redirects.

26 Version

Released

New features

• Added support for authenticated web proxies with the setting.
• Added new authproc filter.
• Added attributemaps for OIDs from SIS (Swedish Standards Institute) and for eduPersonUniqueId, eduPersonOrcid and sshPublicKey.
• Added an option to specify metadata signing and digest algorithm .
• Added an option for regular expression matching of cromwellpsi.coms via new setting.
• The option is more finegrained and allows one to specify whether to log full SAML messages, backtraces or schema validations separately.
• Added a check for the latest SimpleSAMLphp version on the front page. It can be disabled via the new setting .
• Added a warning when there's a probable misconfiguration of PHP sessions.
• Added ability to define additional attributes on ContactPerson elements in metatada, e.g. for use in Sirtfi contacts.
• Added option to set a secure flag also on the language cookie.
• Added option to specify the base URL for the application protected.
• Added support for PHP Memcached extension next to Memcache extension.
• Added Redis as possible session storage mechanism.
• Added support to specify custom metadata storage handlers.
• Invalidate opcache after writing a file, so simpleSAMLphp works when is disabled.
• Metadata converter will deal properly with XML with leading whitespace.
• Update call for PHP
• Made response POST page compatible with strict Content Security Policy on calling webpage.
• Updated Greek, Polish, Traditional Chinese and Spanish translations and added Afrikaans.

Bug fixes

• The deprecated OpenIdP has been removed from the metadata template.
• Trailing slash is no longer required in .
• Make redirections more resilient.
• Fixed empty protocolSupportEnumeration in AttributeAuthorityDescriptor.
• Other bug fixes and numerous documentation enhancements.
• Fixed a bug in the Redis store that could lead to incorrect duplicate assertion errors.

API and user interface

• Updated to Xmlseclibs Minimum PHP version is now , mcrypt requirement dropped.
• Added a PSR-4 autoloader for modules. Now modules can declare their classes under the SimpleSAML\Module namespace.
• Added new hook for module loader exception handling .
• Expose RegistrationInfo in parsed SAML metadata.
• The AuthnInstant is now available in the state array.
• Introduced Twig templating for user interface.
• Lots of refactoring, code cleanup and added many unit tests.

• Fixed POST response form parameter encoding.

• Updated to work with latest Facebook API.

• Added setting to specify which attributes to request from LinkedIn.

• Added support for fetching the user's email address as attribute.

• Added support for regular expressions in .

• Added logging of on successful login.
• : allow fetching mapping files from modules.
• : added option to add a scope only if none was present.
• : added option to copy to multiple destination attributes.

• Allow invocation via PHP command line interface.

• Added setting to limit LDAP queries to a custom search filter.
• Added OpenLDAP support in AttributeAddUsersGroups.
• Fixed for using non standard LDAP port numbers.
• Fixed configuration option of whether to follow LDAP referrals.

• Fixed several missing strings.

• Fixed several spurious PHP notices.

• Fixed selected source timeout.

• Fixed authentication failure on empty attributes-array.
• Fixed PHP notices concerning missing arguments.

• Updated library to improve support for OAuth Revision A.

• Improved error messages.
• Added parameter that will be suffixed to the username entered.

• Handle instead of reject assertions that do not contain a NameID.
• Added options to configure and .
• Added option to set the Subject NameID in a SAML AuthnRequest.
• Added filter to remove values which are not properly scoped.
• Make sure we log the user out before reauthenticating.
• More robust handling of IDPList support in proxy mode.
• Increased field length in Logout Store.
• We now send the eduPersonTargetedID attribute in the correct NameID XML form, instead of the incorrect simple string. We will also refuse to parse an assertion with an eduPersonTargetedID in 'string' format.

• Fix SmartName authproc that failed to load.

• Fixed SQL schema for usergroups table.

27 Version

Released

• Resolved a security issue with the SAML Service Provider. See SSPSA

28 Version

Released

29 Version

Released

• Resolved a security issue with the creation and validation of time-limited tokens. See SSPSA
• Fixed an issue with session handling that could lead to crashes after upgrading from earlier x versions.
• Fixed issue # with instances of SimpleSAMLphp installed from the repository as well as custom modules.
• Fixed issue # to properly handle SAML responses being sent to reply the same request, but using different response IDs.
• Fixed issues # and # with the mobile view of the web interface.
• Fixed issue # related to IdP names containing special characters not being properly displayed by discopower.
• Fixed issue # causing timeouts when using Active Directory as a backend.
• Other minor fixes.

30 Version

Released

• Resolved a security issue with in the authcrypt module (Htpasswd authentication source) and in SimpleSAMLphp's session validation. See SSPSA
• Resolved a security issue with in the multiauth module. See SSPSA

31 Version

Released

• Resolved a security issue with unauthenticated encryption in the SimpleSAML\Utils\Crypto class. See SSPSA
• Added requirement for the Multibyte String PHP extension and the corresponding checks.
• Set a default name for SimpleSAMLphp sessions in the configuration template for the PHP session handler.

32 Version

Released

• Resolved a security issue in the authcrypt module (Htpasswd authentication source) and in SimpleSAMLphp's session validation. See SSPSA
• Resolved a security issue with IV generation in the method. See SSPSA
• Fixed an issue with the authfacebook module, broken after a change in Facebook's API.
• Fixed an issue in the discopower module that ignored the metadata option.
• Fixed an issue with trusted URLs validation that prevented a URL from being accepted if a standard port was explicitly included but not specified in the configuration.
• Fixed an issue that prevented detecting a Memcache server being down when fetching Memcache statistics.
• Fixed an issue with operating system detection that made SimpleSAMLphp identify OSX as Windows.

33 Version

Released

• Resolved a security issue involving signature validation of SAML messages. See SSPSA
• Fixed an issue when the user identifier used to generate a persistent NameID was missing due to a misconfiguration, causing SimpleSAMLphp to generate the nameID based on the null data type.
• Fixed an issue when persistent NameIDs were generated out of attributes with empty strings or multiple values.
• Fixed issue # An empty SubjectConfirmation element was causing SimpleSAMLphp to crash. On the other hand, invalid SubjectConfirmation elements were ignored in PHP

34 Version

Released

• Resolved a security issue involving signature validation. See SSPSA
• Fixed issue # A misconfigured session when acting as a service provider was leading to a PHP fatal error.
• Fixed issue # Prevent persistent NameIDs from being generated from empty strings.
• Fixed issue # It was impossible to verify Apache's custom MD5 passwords when using the Htpasswd authentication source.
• Fixed issue # Avoid problems caused by different line-ending strategies in the project files.
• Other minor fixes and enhancements.

35 Version

Released

• Fixed an issue that resulted in PHP 7 errors being masked.
• Fixed the smartattributes:SmartName authentication processing filter.
• Fixed issue # When parsing metadata, two 'cromwellpsi.comed' options were generated.
• Fixed the list of requirements in composer, the documentation, and the configuration page.
• Fixed issue # There were several minor issues with XHTML compliance.
• Other minor fixes.

36 Version

Released

• Fixed an issue in AuthMemCookie causing it to crash when an attribute received contains XML as its value.
• Fixed an issue in AuthMemCookie that made it impossible to set its own cookie.
• Fixed an issue when acting as a proxy and receiving attributes that contain XML as their values.
• Fixed an issue that led to incorrect URL guessing when a script is invoked with a URI that doesn't include its name.

37 Version

Released

• Fixed issue # Attributes containing XML as their values (like eduPersonTargetedID) were empty.

38 Version

Released

• Fixed issue # SimpleSAMLphp was unable to obtain the current URL correctly when invoked from third-party applications.

39 Version

Released

• Fixed several issues with session handling when cookies couldn't be set for some reason.
• Fixed an issue that caused wrong URLs to be generated in the web interface under certain circumstances.
• Fixed the exception handler to be compatible with PHP 7.
• Fixed an issue in the dropdown IdP selection page that prevented it to work with PHP
• Fixed compatibility with Windows machines.
• Fixed an issue with the PDO and Serialize metadata storage handlers.
• Fixed the authwindowslive module. It stopped working after the former API was discontinued.
• Other minor issues and fixes.

40 Version

Released

• Fixed two minor security issues that allowed malicious URLs to be presented to the user in a link. Reported by John Page.
• Fixed issue # The LDAP class was trying to authenticate even when no password was provided (using the CAS module).
• Fixed issue # The cromwellpsi.com script was printing exceptions instead of throwing them for the exception handler to capture them.
• Fixed issue # The size limitation of the TEXT type in MySQL was creating problems in certain setups.
• Fixed issue #5. Incoherent population of the $_SERVER variable was creating broken links when running PHP with FastCGI.
• Other typos and minor bugs: #, #

41 Version

Released

• Fixed a bug in the login form that prevented the login button to be displayed in mobile devices.
• Resolved an issue in the PHP session handler that made it impossible to use PHP sessions simultaneously with other applications.

42 Version

Released

• Use stable versions of the externalized modules to prevent possible issues when further developing them.

43 Version

Released

• Resolved an information leakage security issue in the sanitycheck module. See SSPSA

44 Version

Released

Security

• Resolved a security issue with multiple modules that were not validating the URLs they were redirecting to.
• Added a security check to disable loading external entities in XML documents.
• Enforced admin access to the metadata converter tool.
• Changed dependency to point to version

New features

• Allow setting the location of the configuration directory with an environment variable.
• Added support for the Metadata Query Protocol by means of the new MDX metadata storage handler.
• Added support for the Sender-Vouches method.
• Added support for WantAssertionsSigned and AuthnRequestsSigned in SAML SP metadata.
• Added support for file uploads in the metadata converter.
• Added support for setting the prefix for Memcache keys.
• Added support for the Hide From Discovery REFEDS Entity Category.
• Added support for the eduPersonAssurance attribute.
• Added support for the full SCHAC schema.
• Added support for UNIX sockets when configuring memcache servers.
• Added the SAML NameID to the attributes status page, when available.
• Added attribute definitions for schacGender (schac), sisSchoolGrade and sisLegalGuardianFor (cromwellpsi.com).
• Attributes required in metadata are now taken into account when parsing.

Bug fixes

• Fixed an issue with friendly names in the attributes released.
• Fixed an issue with memcache that would result in a push for every fetch, when several servers configured.
• Fixed an issue with memcache that would result in an endless loop if all servers are down.
• Fixed an issue with HTML escaping in error reports.
• Fixed an issue with the 'cromwellpsi.comtmetadata' option not being enforced for SP metadata.
• Fixed an issue with SAML 1.X SSO authentications that removed the NameID of the subject from available data.
• Fixed an issue with the login form that resulted in a error if the user clicked the login button twice.
• Fixed an issue with replay detection in IdP-initiated flows.
• Fixed an issue with SessionNotOnOrAfter that kept moving forward in the future with every SSO authentication.
• Fixed an issue with the session cookie being set twice for the first time.
• Fixed an issue with the XXE attack prevention mechanism conflicting with other applications running in the same server.
• Fixed an issue that prevented the SAML 1.X IdP to restart when the session is lost.
• Fixed an issue that prevented classes using namespaces to be loaded automatically.
• Fixed an issue that prevented certain metadata signatures to be verified (fixed upstream in ).
• Other bug fixes and numerous documentation enhancements.

API and user interface

• Added a new and simple database class to serve as PDO interface for all the database needs.
• Added the possibility to copy metadata and other elements by clicking a button in the web interface.
• Removed the old, unused installer tool.
• Improved usability by telling users the endpoints are not to be accessed directly.
• Moved the hostname, port and protocol diagnostics tool to the admin directory.
• Several classes and functions deprecated.
• Changed the signature of several functions.
• Deleted old and deprecated code, interfaces and endpoints.
• Deleted old jQuery remnants.
• Deleted the undocumented dynamic XML metadata storage handler.
• Deleted the backwards-compatible authentication source.
• Updated jQuery to the latest X version.
• Updated translations.

• Added whitehat/apr1-md5 as a dependency for Apache htpasswd.

• Added an authentication processing filter to warn about certificate expiration.

• Added a new configuration option.
• Better error reporting.

• Removed the configuration option.

• Added the possibility to specify which types of entities to load.
• Added the possibility to verify metadata signatures by using the public key present in a certificate.
• Fix precedence over in the configuration options when verifying metadata signatures.

• This module was deprecated long time ago and has now been removed. Use the module instead.

45 Version

Released

• Solved performance issues when processing large metadata sets.
• Fix an issue in the web interface when only one language is enabled.

46 Version

Released

• Solved an issue with empty fields in metadata to cause SimpleSAMLphp to fail with a translation error. Issues #97 and #
• Added Basque language to the list of known languages. Issue #
• Optimized the execution of redirections by removing an additional, unnecessary function call.
• Solved an issue that caused SimpleSAMLphp to fail when the RelayState parameter was empty or missing on an IdP-initiated authentication. Issues #99 and #
• Fixed a certificate check for SubjectConfirmations with Holder of Key methods.

47 Version

Released

• Added the 'remember me' option to the default login page.
• Improved error reporting.
• Added a new 'cromwellpsi.com' option to control the formatting of the logs.
• Added support for the 'objectguid' binary attribute in LDAP modules.
• Added support for custom search and private attributes read credentials in all LDAP modules.
• Added support for the WantAuthnRequestsSigned option in generated SAML metadata.
• Tracking identifiers are no longer generated based on MD5.
• Several functions, classes and interfaces marked as deprecated.
• Bug fixes and documentation enhancements.
• Updated translations.
• New language: Basque.

• Honour the 'wreply' parameter when redirecting.

• Fixed an issue when regenerating metadata from certain metadata sources.

• Translations are now possible for this module.

• Use cached metadata if something goes wrong when refreshing feeds.

• Fix for compatibility with versions of PHP greater or equal to

• Make it possible to add friendly names to attributes in SP metadata.
• The RSA_ (RSA with PKCS#1 v padding) encryption algorithm is now blacklisted by default for security reasons.
• Stop checking the 'IDPList' parameter in IdPs.
• Solved an issue that allowed bypassing authentication status checks when presenting an 'IDPList' parameter.
• The 'Destination' attribute is now always sent in logout responses issued by an SP.

• Updated documentation to remove bad practice with regard to password storage.

48 Version

Released

• Removed example authproc filters from configuration template.
• Stopped using the 'target-densitydpi' option removed from WebKit.
• The SimpleSAML_Utilities::generateRandomBytesMTrand() function is now deprecated.
• Removed code for compatibility with PHP versions older than
• Removed the old interface of SimpleSAML_Session.
• Fixed a memory leak in SimpleSAML_Session regarding serialization and unserialization.
• Support for RegistrationInfo (MDRPI) elements in the metadata of identity and service providers.
• Renamed SimpleSAML_Utilities::parseSAML2Time() function to xsDateTimeToTimestamp().
• New SimpleSAML_Utilities::redirectTrustedURL() and redirectUntrustedURL() functions.
• Deprecated the SimpleSAML_Utilities::redirect() function.
• Improved Russian translation.
• Added Czech translation.
• New 'errorreporting' option to enable or disable error reporting feature.
• Example certificate removed.
• New SimpleSAML_Configuration::getEndpointPrioritizedByBinding() function.
• PHP or newer required.
• Started using Composer as dependency manager.
• Detached the basic SAML2 library and moved to a standalone library in github.
• Added support for exporting shibmd:Scope metadata with regular expressions.
• Remember me option in the IdP.
• New SimpleSAML_Utilities::setCookie wrapper.
• Custom HTTP codes on error.
• Added Romanian translation.
• Bug fixes and documentation enhancements.

• Support for exporting metadata.

• Support for RegistrationInfo (MDRPI) elements in the metadata.
• Fix for HTTP header injection vulnerability.
• Fix for directory traversal vulnerability.

• Support for RegistrationInfo (MDRPI) elements in the metadata.

• License changed to LGPL

• Updated extlibinc to

• Added 'force_login' configuration option.

• Bugfix related to request validation.

• The AttributeAlter filter no longer throws an exception if the attribute was not found.
• Support for removal of values in the AttributeAlter filter, with '%remove' flag.
• Support for empty strings and NULL values as a replacement in the AttributeAlter filter.
• Bugfixes in the AttributeAlter filter.
• Support for NULL attribute values.
• Support for limiting values and not only attributes in the AttributeLimit filter.
• Log a message when a user authenticates successfully.
• Added %duplicate flag to AttributeMap, to leave original names in place when using map file.
• Fix infinite loop when overwriting attributes with AttributeMap.

• Bugfix for incorrect handling of the 'cromwellpsi.comcoveryStorage' option.

• Support for configuring the duplicate attribute handling policy in AttributeAddFromLDAP, 'cromwellpsi.com' option.
• Support for binary attributes in the AttributeAddFromLDAP filter.
• Support for multiple attributes in the AttributeAddFromLDAP filter.

• Support for specifying permissions of the resulting files.

• Added support for "attributes"-parameter.

• Bugfix related to authorize URL building.

• Support for SReg and AX requests.

• Send 'isPassive' in passive discovery requests.
• Support for generating NameIDFormat in service providers with NameIDPolicy set.
• Support for AttributeConsumingService and AssertionConsumingServiceIndex.
• Support for the HTTP-POST binding in WebSSO profile.
• Fix for entity ID validation problems when using the IDPList configuration option.

• New 'add_candidate' option to allow the user to decide whether to prepend or not the candidate attribute name to the resulting value.

• Bugfix in statistics aggregator.

49 Version

Released

• Support for RSA_SHA, RSA_SHA and RSA_SHA in HTTP Redirect binding.
• Support for RegistrationInfo element in SAML metadata.
• Support for AuthnRequestsSigned and WantAssertionsSigned when generating metadata.
• Third party OpenID library updated with a bugfix.
• Added the Name attribute to EntitiesDescriptor.
• Removed deprecated option 'cromwellpsi.comtcache' from config-template.
• Workaround for SSL SNI extension not being correctly set.
• New language cookie and parameter config options.
• Add 'cromwellpsi.com' configuration option for enabling/disabling modules.
• Check for existence of memcache extension.
• Initial support for limiting redirects to trusted hosts.
• Demo example now shows both friendly and canonical name of the attributes.
• Other minor fixes for bugs and typos.
• Several translations updated.
• Added Latvian translation.

• Added a logout link to the error page.

• Updated API endpoint for version
• Fix for oauth_verifier parameter.

• ldapusercert validation made optional.

• Added support for SQLite databases.

• Fix error propagation in UserPass(Org)Base authentication sources.
• MCrypt module marked as required.

• Get the name of an IdP from mdui:DisplayName.

• PHP compatibility fixes.

• PHP compatibility fixes.

• Added an option to disable following referrals.

• PHP compatibility fixes.

• Verify that the issuer of an AuthnResponse is the same entity ID we sent a request to.
• Added separate option to enable Holder of Key support on SP.
• Fix for HoK profile metadata.
• New filter for storing persistent NameID in eduPersonTargetedID attribute.
• Support for UIInfo elements.
• Bugfix for SAML SP metadata signing.
• Ignore default technical contact.
• Support for MDUI elements in SP metadata.
• Support for more contact types in SP metadata.
• New information in statistics with the time it took for a login to happen.

• Configuration file made optional.

• New filter: smartattributes:SmartID.
• New filter: smartattributes:SmartName.

• Support for SLO in WS-Fed.

50 Version

Released

• Add support for storing data without expiration timestamp in memcache.
• Fix for reauthentication in old shib13 authentication handler.
• Clean up executable-permissions on files.
• Change encryption to use the rsa-oaep-mgf1p key padding instead of PKCS
• Update translations.
• Added Serbian translation.

• : Add "remember username" option.

• New authentication module supporting PAPI protocol.

• New feature to configure multiple radius servers.

• New module for storing sessions in a Riak database.

• Add support for overriding SAML SP authentication request generation.
• Add support for blacklisting encryption algorithms.

51 Version

Released

• Fix related to the security issue addressed in version

52 Version

Released

• Fix for a new attack against PKCS in XML encryption.

53 Version

Released

• Restructure error templates to share a common base template.
• Warnings about URL length limits from Suhosin PHP extension.
• New base class for errors from authentication sources.
• Support for overriding URL generation when behind a reverse proxy.
• New languages: Russian, Estonian, Hebrew, Chinese, Indonesian
• Add getAuthSource()-function to SimpleSAML_Auth_Simple.
• Add reauthenticate()-function to SimpleSAML_Auth_Source. (Is called when the IdP receives a new authentication request.)
• iframe logout: Make it possible to skip the "question-page" for code on the IdP.
• RTL text support.
• Make SimpleSAMLAuthToken cookie name configurable.
• Block writing secure cookies when we are on http.
• Fix state information being unavailable to UserPassOrgBase authentication templates.
• Make it possible to send POST-messages to http-endpoints without triggering a warning when the IdP supports both http and https.
• Add IPv6-support to the SimpleSAML_Utilities::ipCIDRcheck()-function.
• Do not allow users to switch to a language that is not enabled.
• iframe logout: Add a per-SP timeout option.
• SimpleSAML_Auth_LDAP: Better logging of the cause of exceptions.
• SimpleSAML_Auth_State: Add $allowMissing-parameter to loadState().
• cromwellpsi.com: More strict URL parsing.
• Add support for hashed admin passwords.
• Use openssl_random_pseudo_bytes() for better cross-platform random number generation.
• Add the current hostname to the error reports.
• Make the lifetime of SimpleSAML_Auth_State "state-arrays" configurable (via the -option).
• SimpleSAML_Auth_State: Add cloneState()-function.
• Fix log levels used on Windows.
• SimpleSAML_Auth_LDAP: Clean up some unused code.
• core:UserPassOrgBase: Add selected organization to the authentication data that is stored in the session.
• Do not warn about missing Radius and LDAP PHP extensions unless those modules are enabled.
• Support for overriding the logic to determine the language.
• Avoid crashes due to deprecation-warnings issued by PHP.
• Use case-insensitive matching of language codes.
• Add X-Frame-Options to prevent other sites from loading the SSP-pages in an iframe.
• Add SimpleSAML_Utilities::isWindowsOS()-helper function.
• chmod() generated files to only be accessible to the owner of the files.
• Fix "re-posting" of POST data containing a key named "submit".
• Do not attempt to read new sessions from the session handler.
• Fix some pass-by-reference uses. (Support removed in PHP )
• Warn the user if the secretsalt-option isn't set.
• A prototype for a new statistics logging core. Provides more structured logging of events, and support for multiple storage backends.
• Support for arbitrary namespace-prefixed attributes in md:EndpointType-elements.
• Fix invalid HTML for login pages where username is set.
• Remove unecessary check for PHP version >= when setting cookies.
• Better error message when a module is missing a default-enable or default-disable file.
• Support for validating RSA-SHA signatures.
• Fixes for session exipration handling.

• New module that replaces the previous module.
• Better error handling.
• Support for request signing.
• Loses support for A-Select Cross.

• : New authentication source for checking username & password against a list of usernames and hashed passwords.
• : New authentication source for checking username & password against a -file.

• Update to latest Facebook PHP SDK.

• : Add flag to change the behaviour from default-deny to default-allow.
• : Add flag to do simple string matching instead of regex-matching.

• Update to use the correct API endpoint.
• Propagate "user aborted" errors back to the caller.
• Changes to error handling, throw more relevant exceptions.
• Store state information directly in the state array, instead of the session.

• Remove deprecated uses of split().

• Make it possible for subclasses to override finalState().

• : New filter to copy attributes.

• Add a timeout option for the database connection.
• Fix disabling of consent when the data store is down.
• Simpler configuration for disabling consent for one SP or one IdP.
• Do not connect to the database when consent is disabled for the current SP/IdP.

• Fix for bridged IdP setup with set in metadata.

• Set the From-address to be the technical contact email address.

• : New module to check account expiration.

• Add a base class for authentication processing filters which fetch data from LDAP.
• : Authentication processing filter that adds group information from LDAP.

• Support for blacklisting and whitelisting entities.
• Support for conditional GET of metadata files.
• Reuse old metadata when fetching metadata fails.

• Add -parameter, to skip the page to select authentication source.
• Make it possible to configure the names of the authentication sources.
• Remember the last selected authentication source.

• New module implementing "negotiate" authentication, which can be used for Kerberos authentication (including Windows SSO).

• Update to latest version of the OAuth library.
• Remove support for older versions of OAuth than OAuth Rev A.

• Separate linkback URL from page displaying OpenID URL field.
• Throw more relevant exceptions.
• Update to latest version of the OpenID library.
• Support for sending authentication requests via GET requests (with the prefer_http_redirect option).
• Prevent deprecation warnings from the OpenID library from causing deadlocks in the class loader.

• Prevent deprecation warnings from the OpenID library from causing deadlocks in the class loader.

• Support for setting the "NAS-Identifier" attribute.

• Preserve ID-attributes on elements during signing. (Makes it possible to change the binding for some messages.)
• Allow SAML artifacts to be received through a POST request.
• Log more debug information when we are unable to determine the binding a message was sent with.
• Require HTTP-POST messages to be sent as POST data and HTTP-Redirect messages to be sent as query parameters.
• Link to download certificates from metadata pages.
• Fix canonicalization of <md:EntityDescriptor> and <md:EntitiesDescriptor>.
• Support for receiving and sending extension in authentication request messages.
• Reuse SimpleSAML_Utilities::postRedirect() to send HTTP-POST messages.
• Allow ISO durations with subsecond precision.
• Add support for parsing and serializing the <mdrpi:PublicationInfo> metadata extension.
• Ignore cacheDuration when validating metadata.
• Add support for the Holder-of-Key profile, on both the SP and IdP.
• Better error handling when receiving a SAML artifact from an unknown entity.
• Fix parsing of <md:AssertionIDRequestService> metadata elements.
• IdP: Do not always trigger reauthentication when the authentication request contains a IdPList-element.
• IdP: Add to the state array. This makes it possible to access this parameter from authentication processing filters.
• IdP: Sign the artifact response message.
• IdP: Allow the "host" metadata option to include more than one path element.
• IdP: Support for generating metadata with MDUI extension elements.
• SP: Use the discojuice-module as a discovery service if it is enabled.
• SP: Add -parameter to trigger login to a specific IdP to as_cromwellpsi.com
• SP: Do not display error on duplicate response when we have a valid session.
• SP: Fix for logout after IdP initiated authentication.
• SP: Fix handling of authentication response without a saml:Issuer element.
• SP: Support for specifying required attributes in metadata.
• SP: Support for limiting the AssertionConsumerService endpoints listed in metadata.
• SP: Fix session expiration when the IdP limits the session lifetime.
• : Fail when the user has more than one value in the user ID attribute.
• : Persistent NameID stored in a SQL database.
• : New filter to set the AuthnContextClassRef in responses.
• : New filter to verify that the SP received the correct authentication class from the IdP.

54 Version

Released

• Fix for user-assisted cross site scripting on a couple of pages.

55 Version

Released

• Fix for key oracle attack against XML encryption on SP.
• Fix for IdP initiated logout with IdP-initiated SSO.
• Fix a PHP notice if we are unable to open /dev/urandom.
• Fix a PHP notice during SAML authentication.

56 Version

• New authentication modules:
• Support for custom error handler, replacing the default display function.
• Allow error codes to be defined in modules.
• Better control of logout what we do after logout request.
  • This makes it possible for the SP to display a warning when receiving a PartialLogout response from the IdP.
• New module, for setting and reading common domain cookies.

• Support for disabling consent for some attributes.

• : Extract values from multiple matching entries.

• Added support for:
  • RSASHA1 signatures
  • consent
  • callbackurl
  • verifier code
  • request parameters

• Support for sending custom extension arguments (e.g. UI extensions).

• Extract Extensions from AuthnRequest for use by custom modules when authenticating.
• Allow signing of SP metadata.
• Better control over NameIDPolicy when sending AuthnRequest.
• Support encrypting/decrypting NameID in LogoutRequest.
• Option to disable client certificate in SOAP client.
• Better selection of AssertionConsumerService endpoint based on parameters in AuthnRequest.
• Set NotOnOrAfter in IdP LogoutRequest.
• Only return PartialLogout from the IdP.

57 Version

• New authentication modules:
• Unified cookie configuration settings.
• Added protection against session fixation attacks.
• Error logging when failing to initialize the Session class.
• New session storage framework.
  • Add and use generic key/value store.
  • Support for storing sessions in SQL databases (MySQL, PostgreSQL & SQLite).
  • Support for implementing custom session storage handlers.
  • Allow loading of multiple sessions simultaneously.
• Set headers allowing caching of static files.
• More descriptive error pages:
  • Unable to load $state array because the session was lost.
  • Unable to find metadata for the given entityID.
• Support for multiple keys in metadata.
  • Allow verification with any of the public keys in metadata.
  • Allow key rollower by defining new and old certificate in configuration.
  • Verify with signing keys, encrypt with encryption keys.
• Change -option to log messages instead of displaying them in the browser.
  • Also logs data before encryption and after decryption.
• Support for custom attribute dictionaries.
• Add support for several authentication sessions within a single session.
  • Allows several SPs on a single host.
  • Allows for combining an SP and an IdP on a single host.
• HTTP proxy support.

Internal API changes & features removed

• The module has been removed.
  • The authsource has been removed.
  • The class has been renamed to .
  • The class has been renamed to .
• Moved IdP functions from to .
• Removed several functions and classes that are unused:
• Moved function from Utilities-class to more appropriate locations.
  • to
  • to .
• Replaced calls to with throwing an exception.
• Removed metadata send functionality from old SP code.
• Removed bin/cromwellpsi.com and www/admin/cromwellpsi.com
• Removed metashare.
• Removed www/auth/cromwellpsi.com
• Removed www/auth/cromwellpsi.com
• Removed optional parameters from .
• Removed functions from : , . Replaced with .
• Removed several unused files & templates.

SAML 2 IdP

• Support for generation of NameID values via processing filters
• Obey the NameIDPolicy Format in authentication request.
• Allow AuthnContextClassRef to be set by processing filters.
• Rework iframe logout page to not rely on cookies.

SAML 2 SP

• Support SOAP logout.
• Various fixes to adhere more closely to the specification.
  • Allow multiple SessionIndex-elements in LogoutRequest.
  • Handle multiple Assertion-elements in Response.
  • Reject duplicate assertions.
  • Support for encrypted NameID in LogoutRequest.
  • Verify Destination-attribute in LogoutRequest messages.
• Add specific options for signing and verifying authentication request and logout messages.
• filter for extracting NameID from authentication response.

SAML 1 IdP

• Add as supported protocol in generated metadata.

SAML 1 SP

• Support for IdP initiated authentication.

• Allow metadata generation from command line.

• Support for proxying.
• Add ttl for tickets.

• : Make it possible to specify a default set of attributes.
• Make the SP metadata available on the login pages.

• Sort IdPs without a name (where we only have an entityID) last in the list.
• CDC cookie support.

1st Email Address Verifier

Description

1st Email Address Verifier (EAV) is a program that verifies the validity of e-mail addresses in mailing cromwellpsi.com program works on the same algorithm as ISP mail systems do. Mail servers addresses for specified address are extracted from DNS. The program tries to connect with found SMTP-servers and simulates sending a message, but does not send the message out. EAV disconnects as soon as mail server informs whether this address exist or not. EAV can find about 90% of dead addresses - some mail systems receive all messages and only then see their addresses and if the address is dead send the message back with remark about it. 1st Email Address Verifier can save time and money for businesses who send newsletters to their clients, nonprofits who send bulletins to their members, or any person or business that needs to maintain a clean e-mail contact list.

Features and Benefits

1) Multi threaded application, which can use furthest of your computer abilities. Allows up to Email verification thread simultaneously. The normal speed can up to be emails per minute.
2) Real-time display the verification result, processing, verification duration time etc.
3) Professional User Interface. Very easy to use.
4) Support to save verified result to Text, CSV, TSV and Microsoft Excel files. Allows you to save successful or failed email addresses to separated files.
5) Automatically remove duplicate email addresses.

How to verify my mailing list?
Very easy!
1). Start 1st Email Address Verifier.
2). Click the [Import Mailing List] to import the mailing list you want to verify.
3). Click the [Start] button on the toolbar to start.
4). Click the [Export Verify Results] to export results when has finished verifying.

Download the help document of 1st Email Address Verifier
Order 1st Email Address Verifier NOW!

The serial number for 1st is available

This release was created for you, eager to use 1st Email Address Verifier full and without limitations. Our intentions are not to harm 1st software company but to give the possibility to those who can not pay for any piece of software out there. This should be your intention too, as a user, to fully evaluate 1st Email Address Verifier without restrictions and then decide.

If you are keeping the software and want to use it longer than its trial time, we strongly encourage you purchasing the license key from 1st official website. Our releases are to prove that we can! Nothing can stop us, we keep fighting for freedom despite all the difficulties we face each day.

Last but not less important is your own contribution to our cause. You should consider to submit your own serial numbers or share other files with the community just as someone else helped you with 1st Email Address Verifier serial number. Sharing is caring and that is the only way to keep our scene, our community alive.