Wordpress Single Sign On
Release Notes

  October 15, 2024

• 
    

  Fixes for disabling updation of whitelisted roles.

• 
    

  Fixes for Logout Relay State URL.

  October 04, 2024

• 
    

  Added functionality to exclude specific roles from being updated for existing users.

• 
    

  Improvement in the Relative and Absolute relaystate.

• 
    

  Improvements to the redirect_to parameter.

  July 29, 2024

• 
    
  Compatibility with WordPress 6.6:

  Made the plugin compatible with WordPress version 6.6.

• 
    
  Added support for Relative URLs to configure Login and Logout relaystate:

  Fixed and added support to save relative URLs in the Logout and Login RelayState fields.

• 
    
  Improvements in the support query subject:

  Added version number in plugin heading as well as mentioned the plan name & plugin version in the query email subject line itself.

• 
    
  Improvements in the attribute restriction to configure more than one attribute:

  Fixed an issue where, when configuring more than one value in the Allow/Deny user login based on IDP attribute values and checking the allow radio span, attempting to perform SSO with a user having one of these attributes results in a wp_die message instead of providing access to the WP site.

• 
    
  Updated .htaccess rules for compatibility with Apache 2.4.59 and upwards:

  Fixed and updated .htaccess file rules in the plugin’s root folder as well as in the resources folder, so that the CSS and JS files can load seamlessly if we have Apache 2.4.59 or later.

• 
    
  Fixed backdoor URL issue:

  Fixed an issue in the current implementation of the backdoor URL query that permitted all special characters and scripts to be saved. Restricted this behaviour, and displayed a warning when the user enters special characters in the field.

• 
    
  Fixes for fatal error on invalid value of the SAML Request & SAML Response Parameter in URL:

  Fixed an error where, when the plugin is activated and the site URL is accessed with an invalid SAMLRequest/SAMLResponse parameter, a fatal error was received.

• 
    
  Fixed backdoor URL's subpath issue:

  Backdoor URL does not redirect to the wordpress login page when third party plugins such as WPS-Hide plugin are activated which are used to change the wp-login subpath.

• 
    
  Link Portal for license:

  Since now customers use the portal to access their license details and download the plugin so linked portal for license keys in the plugin.

• 
    
  Other minor bug fixes and UI improvements:

  Fixed some other minor issues such as wrong message on status code, attribute/role mapping UI improvements, etc.

  April 12, 2024

• 
    

  Improvements in plugin notices.

• 
    
  Fix for Error codes and FAQ text formats:

  Ensured that the SAML support email ID is correctly displayed in the Error Codes tab, with the mailto: attribute. Also In SAML Tracer, include a link to redirect users to the FAQ section where they can download SAML Tracer extension and access related documentation. Additionally, provided more descriptive explanations for error code fix and error.

• 
    
  UI Improvements in Attribute/Role Mapping Tab:

  Improved UI for Attribute/Role Mapping Tab.

• 
    
  Fix for delete configurations while deleting the plugin:

  Fixed When the Keep settings intact option is disabled and a Plugin is deleted, the Role mapping values, Advanced Settings, and Metadata sync settings are not being removed. All plugin configurations should be deleted when the plugin is removed. Additionally, when metadata syncs, the IDP name is not added, resulting in an empty IDP name value.

• 
    
  Improvements in the Licensing Framework:

  Fixed Issues related to Licensing Framework.

• 
    
  Fixed invalid trigger of email updated notifications to users during SAML Authentication:

  Added a check that compares the email address (received from SAML Response) with the email address of the user (that exists in WP with the received username in SAML Response) in a case-insensitive manner. The user’s email is updated only if the check fails i.e. the email is completely different.

• 
    
  Market Azure and Salesforce solutions:

  Added a check that cA Notice appearing when a customer saves any Azure or Salesforce-related IDP, promoting our Azure and Salesforce solutions.

  December 27, 2023

• 
    
  Fix for License Activated on Multiple Domains warning:

  Fix for the license activated on multiple domains warning.

• 
    
  Fix for RSS Feed accessibility issue on Auto-Redirection:

  Fix for the RSS feed redirection issue and redirection loop in the API call.

  December 11, 2023

• 
    
  Sync Only Certificate from Metadata:

  Added an option in the Metadata Sync section to sync only certificates from the metadata.

• 
    
  New and Improved Design of the Service Provider Setup tab:

  Redesigned the user interface of the 'Service Provider Setup' tab within the plugin to show a list of the configured IDPs. Added bulk options as well as IDP status.

• 
    
  Improved the Certificate Update flow:

  Added the corrected steps to update the plugin to update to the latest certificate.

• 
    
  Added warnings for required PHP extensions:

  Improved the warnings to display errors in case of a missing PHP extension. Handled all cases of error messages.

• 
    
  Improved the Metadata Sync functionality:
  
  

  • Added notices to notify that manual configuration would be overridden if sync is enabled.

  • Separated the Metadata Sync section in the SP Setup tab.

  • Added a Sync Now span.

• 
    
  Implemented PHP Coding Standards:

  Added PHP CS fixes as required in the plugin.

• 
    
  Improved import of plugin configuration:

  Added check for required fields in the configuration file. Also added validation for the values of the configuration file.

• 
    

  Other UI improvements.

  November 11, 2023

• 
    
  Default Role Assignment Issue:

  Fixed default role assignment for existing users when role mapping is not configured.

• 
    
  Assigning None Role to Existing Users:

  Resolved issue of existing users being assigned no role.

• 
    

  Minor Bug fixes.

  November 09, 2023

• 
    
  Resolved the Issue of Default Role Assignment:

  Resolved a bug where after upgrading to 12.2.0 version, all users were assigned the default role.

  December 11, 2023

• 
    
  Assertion Time Validation:

  This features decides whether to check the time validity of SAML Assertion for SSO login.

• 
    
  Redesigned Role Mapping:

  Revamped the user interface of the 'Attribute/Role Mapping' tab within the plugin, introducing improvements for a more intuitive and user-friendly experience, accompanied by comprehensive documentation to guide users through the enhanced features and functionalities.

• 
    
  Improvements in Account Info Tab:

  Revamped the Account info tab by adding functionalities such as view your licence keys span, revamped user interface for the licence expiry notice reflecting the remaining days, updated FAQ’s content, etc.

• 
    
  Improvements for file paths:

  Used WordPress functions for file paths instead of PHP functions.

• 
    
  Reduce DB calls in SAML Response Flow:

  Improved the plugin performance as well as code by Reducing/Removing the unwanted database calls from the SAML Response flow.

  October 18, 2023

• 
    

  Added steps on how to resolve the warning message for license key used on multiple domains.

• 
    

  Added a Free your License Key link in the Account Info Tab.

• 
    

  Added additional type checks for upgrade.

• 
    

  Removed the Regex check on password.

• 
    

  Fixed Apply Role Mapping for Admins Issue.

• 
    

  Fixed the getValidAudiences on null Issue.

  October 11, 2023

• 
    
  Plugin Update via WP CLI:

  Added new functionality to update the plugin to its latest version by using this command: wp saml update.

• 
    
  Attribute Mapping for WP Nickname:

  Added updating the WP user's nickname during SSO based on their attributes received inthe SAML Response from the Identity Provider.

• 
    
  Do not update Existing User's Display Name:

  Added a new feature which prevents updating the existing user’s display name. All other attributes would be updated as per the attribute mapping configured.

• 
    
  Implemented an SSO User Tag for users logging in via SSO:

  Added a new feature that adds an SSO user tag for users logging in via SSO.This feature is useful if you want to differentiate between users logging in via WordPress and those logging in via SSO.

• 
    
  Customize SSO login button Hook:

  A hook is added to customize the SSO login button. Now, it is possible to add icon, custom CSS, etc. on the SSO login button.

• 
    
  Exception Handling and Error Codes in the SSO Flow:

  Added Error Codes for the SSO Login Flow in the plugin to help identify issues during SSO more effectively. This ensures that errors and issues encountered during the authentication process are appropriately managed.

• 
    
  Optimizations for plugin size:

  Reduce the size of the plugin by compressing the images through converting into SVG format.

• 
    
  Keep Settings Intact Default:

  To eliminate the need for manually enabling the Keep setting intact toggle, we've enabled this option automatically upon plugin activation.

• 
    
  Certificate Mismatch Iconv Encoding Resolution:

  We have improved the certificate mismatch error to list the exact steps needed to address the Certificate Mismatch error caused by Iconv encoding.

• 
    
  Import NameID Format from Metadata:

  Now the NameID format value would be fetched into the plugin settings from Identity Provider Metadata during import or metadata sync.

• 
    
  Test Configuration Access restriction:

  The test configuration endpoint will now be accessible to only administrators in WordPress.

• 
    
  Licensing Plans Link:

  We have removed the licensing plan from the plugin and added a link to the licensing plans page on our site to provide a smoother and uniform experience.

• 
    
  Code improvement for DB Options:

  We improved the plugin code by changing the DB options into constants.

• 
    

  Minor Bug Fixes.

  September 15, 2023

• 
    
  Accepting SAML Response without Audience URI:

  Relaxed the Audience Restriction check.

• 
    
  Resolved warning on plugin’s update page:

  No warning in the debug log when the customer checks for any new updates of the plugin.

• 
    
  Resolved Metadata Sync for empty Metadata URL:

  No warning in the debug log when the customer checks for any new updates of the plugin.

• 
    
  Added custom CSS for the Admin Dashboard widget:

  Not loading CSS on every page of the site.

• 
    
  Added a proper error message for invalid XML:

  In case of an invalid XML in the form of a string. The proper message is displayed.

  September 08, 2023

• 
    
  PHP 8.2 Compatibility:

  Tested the plugin with PHP 8.2 for compatibility.

• 
    
  DOS Attack Vulnerability fix:

  Also known as Entity Expansion Attack, the attack causes growth in resource requirements by simply repeating a large entity over and over again. The quadratic blowup variation can also cause quadratic growth in resources. To prevent this, additional checks were added to handle an invalid XML or an XML that has infinite entities referenced in it. This protects from a DOS attack.

• 
    
  Replay Attack Vulnerability fix:

  A replay attack can occur when a valid SAML Response is posted on the site by an attacker within the assertion time validity. This was fixed so that unauthorized access could be prevented.

• 
    
  Alpine Linux environments iconv Warning:

  Alpine Linux environments do not support the CP-1252 encoding in iconv function and hence throw a function undefined warning when the iconv toggle is enabled. This was handled so that warnings were not visible on the front end.

• 
    
  User session terminated Warning:

  A warning was thrown when the user session is already terminated on logout. This was handled such that the Single Logout is not performed once the user session is already terminated.

• 
    
  Advanced Role Mapping Addon Compatibility:

  Fixes were done to make the SSO Plugin compatible with the Advanced Role Mapping addon.

• 
    
  Updated all CSS and JS Libraries:

  Updated the versions of all external libraries used in the plugin.

• 
    
  Updated .htaccess rules for the root folder:

  Added .htaccess file to restrict license file for the plugin.

• 
    
  Updated cookie creation with a secure parameter:

  Added the secure parameter for cookies created by the plugin.

• 
    
  Redirection behavior after logout for a non-SSO user:

  A non-SSO user would be redirected to the WP login page after logout from WordPress (this is the default behavior of WordPress).

• 
    
  Sending additional parameters with SAML Request:

  Any additional parameters appended to the SSO endpoint will now be relayed with the SAML Request to the Identity Provider.

• 
    
  Metadata Sync Settings:

  Added an option for enabling metadata sync in the Service Provider Setup tab. An option to add the Metadata URL as well as to choose the sync interval was also provided.

• 
    
  Error message on Encryption Certificate Mismatch:

  Added a proper error message during test configuration as well as SSO if the Encryption Certificate in the plugin and SAML Response mismatches.

  August 16, 2023

• 
    
  Compatibility with WP 6.3:

  Tested the plugin with WP 6.3 for compatibility.

• 
    
  Free Plugin File Configuration Import Error:

  Importing a configuration file from the free plugin version ( > 5.0.0 ) used to cause a fatal error. Free Plugin Configuration File can now be imported without errors.

• 
    
  License verification via WP CLI Error:

  An Invalid JSON Error was returned when verifying the plugin license via WP CLI. This was fixed and proper data checks were added.

• 
    
  SiteGround Hosting Provider Compatibility:

  SiteGround was pointing out the plugin files as malicious due to obfuscated code. Changes were made to remedy this.

• 
    
  Removed unused JQuery:

  Plugin was including an older version of JQuery which was not required.

• 
    
  Not Deleting License Options when plugin deactivated from a subsite:

  Plugin deleted license related information from all subsites (where plugin was activated) when the premium single site plugin was deactivated from a subsite in a multisite network. This was modifed for a better user experience. Now the options delete only on the subsite where the plugin was deactivated.

• 
    
  License Admin Notice Design:

  The admin dashboard widget as well as admin notice for license expiry includes a link to navigate to plugin settings.

• 
    
  License Expiry Date Updation:

  Plugin would now update the License Expiry Date automatically once in 30 days for a improved user experience.

• 
    
  File Inclusion Method:

  Improved how the plugin includes the files required for functioning. All file paths are included in the plugin using constants now.

• 
    
  Adding data type checks for validation:

  Added validation checks for multiple environments configurations.

  May 22, 2023

• 
    
  Compatibility with WP 6.2:

  Rolled out fixes for compatibility with WP 6.2.

• 
    
  Redesigned Account Info tab:

  Implemented a new and improved design of the Account Info tab for easier navigation and showing information.

• 
    
  Added Error Codes Submenu:

  Implemented Error Code in the SSO flow, which will be listed in the plugin’s submenu.

• 
    
  Updates in Licensing Framework:

  Fixes and improvements for the plugin licensing.

• 
    
  Added Admin Dashboard Widget:

  Added a dashboard widget that shows the miniOrange account’s email address and license expiry date.

• 
    
  Added notices in the plugin:

  Implemented notices for easier understanding of the plugin’s framework.

  Febuary 23, 2023

• 
    
  Bootstrap Version:

  Updated the Bootstrap Version to 5.2.2.

  January 11, 2023

• 
    

  Fix for license file.

  January 10, 2023

• 
    

  WordPress 6.1 Compatibility.

• 
    
  PHP 8.1 fixes:

  Fixed PHP TypeError arising due to passing non-array values in PHP Array functions.

• 
    
  Import / Export fixes:
  
  

  • Fixed error while Importing Environment configurations.

  • SSO Login span and Domain restriction configurations importing successfully.

  November 14, 2022

• 
    

  Compatibilty with WordPress Scanner.

  November 14, 2022

• 
    

  Security fixes for Open Redirect Vulnerability.

• 
    

  Added proper escaping fixes.

  August 30, 2023

• 
    

  Added New Certificates.

• 
    

  Added Trial Frameworks.

  January 09,2024

• 
    

  Added Compatibility with miniOrange SSO Add-on Integrator.

• 
    

  Added Compatibility with WordPress version 6.7

  November 12,2024

• 
    

  Added functionality to exclude specific roles from being updated for existing users.

• 
    

  Fixes for Logout Relay State URL.

• 
    

  Fixes for loading css files for domain mapping functionality.

  September 19,2024

• 
    

  Added the plugin documentation near the plugin heading.

  August 05,2024

• 
    

  Added the filter hook to modify the custom attributes data format.

• 
    

  Added the redirect_to parameter for the Redirection & Shortcode flows.

• 
    

  Added the plugin documentation near the plugin heading.

• 
    

  Optimized the code of the customer verification flow.

• 
    

  Optimized the code of licensing plans and redirection tab.

  July 08, 2024

• 
    

  Added the feature to add an unlimited number of IDPs and kept the limit on activated IDPs.

• 
    

  Created 2 separate sub-tabs for redirection settings & SSO links, buttons settings.

• 
    

  Added domain mapping feature with redirection settings of the wp-login page.

• 
    

  Added two distinct flows for the role mapping feature to address scenarios where role mapping is not applicable for new or existing users.

• 
    

  Improved the UI of Service Provider Setup tab.

• 
    

  Added the FAQ page link to clarify the purpose of the default IDP plugin.

• 
    

  Fixed the relay state flow to handle query parameters present in the relay state.

• 
    

  Fixed the sync metadata settings respective to the environment.

• 
    

  Fixed the warning issue in the upgrade framework flow.

  July 08, 2024

• 
    

  New and improved design of Attribute/Role Mapping Tab.

• 
    

  New and improved design of the Service Provider Setup tab.

• 
    

  Added logout response url option in the Service Provider Setup tab.

• 
    

  Added WPCLI functionality to update, activate, and import configurations into the plugin.

• 
    

  Added a form for syncing metadata in Service Provider Setup tab.

• 
    

  Added custom metadata fields to configuration file while exporting the configuration.

• 
    

  Added a button for Attribute Mapping Configuration in Test Configuration window.

• 
    

  Added an option to edit the IDP Name.

• 
    

  Added a hook to get complete SAML Assertion.

• 
    

  Added an option to configure Nickname.

• 
    

  Added default Public Page URL.

• 
    

  Added Test Configuration button below IDP Configuration.

• 
    

  Added an SSO User Tag for users logging in via SSO.

• 
    

  Updated .htaccess rules for compatibity with Apache 2.4.59 and upwords.

• 
    

  Fix for Error codes text formats.

• 
    

  Compatibility with salesforce community addon.

• 
    

  Updated all CSS and JS Libraries.

• 
    

  Updated all font-awesome icons to svg.

• 
    

  Updated all images to webp format.

• 
    

  Minor bug fixes and UI improvements.

  May 10, 2024

• 
    

  Fix for file path issue

  May 08, 2024

• 
    

  Added the compatibility with WordPress 6.5.

• 
    

  Added the compatibility with Guest User login Add-on.

• 
    

  Added the warnings for required PHP extensions.

• 
    

  Added the option to validate the assertion time of the SAML Response.

• 
    

  Added the option to have IDP-specific Login relay state and Logout relay state.

• 
    

  Added the certificate sync option from the IDP Metadata.

• 
    

  Added the error codes for the case of failed SSO.

• 
    

  Added the filter for the Role Mapping flow.

• 
    

  Added the version number with the plugin heading.

• 
    

  Fixed the import-export feature for the Multiple Environment Configuration.

• 
    

  Fixed the displayed warning on invalid metadata file import.

• 
    

  Fixed the redirection flow for users after the logout.

• 
    

  Improved customization of the Single Sign-On (SSO) Button displayed on the login page.

• 
    

  Improved the UI of the SSO Links Section.

• 
    

  Removed non-admin user access from the test configuration endpoint.

  March 29, 2024

• 
    

  Added Multiple Environment Feature for configuring plugin settings for all environments (dev, test, production).

• 
    

  Added Metadata customization feature allowing admin to input Organization Name, Email Address, and Organization URL in the Service Provider Metadata.

• 
    

  Added compatibility for the IP based Redirection to IDP feature.

• 
    

  Fixed the compatibility issues with WP Smart Manager plugin.


  

Fixed invalid trigger of email updated notifications to users during SAML Authentication.

• 
    

  Fixed the base64_Decode issue of the Wordfence scanner.


  

Fixed the compatibility issues with 3rd party plugins or themes which use Utilites class name.

  February 20, 2024

• 
    

  Added compatibility fixes for PHP 8.2.

• 
    

  Added confirmation screen for resetting mapping configuration.

• 
    

  Fixed HTTP Post binding issue with RSS feed.

• 
    

  Fixed Validations issues through out the plugin.

• 
    

  Fixed support email address through out the plugin.

• 
    

  Fixed Domain Mapping issues.

• 
    

  Fixed incorrect warning messages while configuring Service Provider Setup tab.

• 
    

  Minor fixes related to components text and placement.

• 
    

  Improved default IDP assignment flow.

• 
    

  Modified allowed characters for adding Identity Provider name.

• 
    

  Updated metadata contact information.

  January 24, 2024

• 
    

  Fixed backdoor URL issue.

• 
    

  Fixed Single Logout Request using POST binding.

• 
    

  Fixed Vulnerabilities for XML parsing, insecure cookie creation, replay attack, exposed license file and SAML Request/Response jQuery.

• 
    

  Fixed iconv warning on Linux Environments.

• 
    

  Fixed metadata sync issue for default values.

• 
    

  Fixed redirection loop issue from WordPress login page.

• 
    

  Fixed invalid license issue on WordPress multisite environment.

  January 05, 2024

• 
    

  Fixes in the Upgrade Notice.

• 
    

  Updates in the Licensing Framework.

  January 01, 2024

• 
    

  Fixes for Shortcode functionality.

• 
    

  Fixes for Auto-Redirection functionality when users are logged-ins.

  December 15, 2023

• 
    

  Added Error Codes Submenu.

• 
    

  Added Admin Dashboard Widget.

• 
    

  Added notices in the plugin.

• 
    

  WordPress 6.4 Compatibility.

• 
    

  Redesigned Account Info tab.

• 
    

  Updates in Licensing Framework.

  October 18, 2023

• 
    

  Added proper error messages on failed domain mapping.

• 
    

  Added error handling for max execution time on metadata upload.

• 
    

  WordPress 6.3 Compatibility.

• 
    

  Fixed multiple roles assignment bug.

• 
    

  Fixed attribute key assigned if value attribute empty.

• 
    

  Modified the order of wp_login hook in the plugin.

• 
    

  Removed extra Identity Provider Name field in plugin settings.

• 
    

  Compatibility fixes for SiteGround hosting provider.

  July 14, 2023

• 
    

  Bug fix for encrypted SAML Responses.

• 
    

  Fixes for auto-redirect functionality.

  July 12, 2023

• 
    

  Added IDP specific shortcode.

• 
    

  WordPress 6.2 Compatibility.

• 
    

  PHP 8.1 Fixes.

• 
    

  UI and Bug fixes.

  November 25, 2022

• 
    

  Added RSS feed feature.

• 
    

  Added IDP selector UI.

• 
    

  Added Azure multitenant compatibility.

• 
    

  Added Password Reset flow for Azure B2C.

• 
    

  WordPress 6.1 Compatibility.

• 
    

  Updated bootstrap version to 5.1.3.

• 
    

  Updated the Licensing Plan Page.

• 
    

  Fixed Single Logout for all WordPress versions.

• 
    

  Fixed issue with IDP-initiated SLO.

• 
    

  Fixed the redirect to Wordpress login page feature.

• 
    

  Fixed the redirect-loop issue for public page url.

• 
    

  Fixed issue with displaying custom attributes in user menu for a new user after SSO.

• 
    

  Fixed RelayState URL for SSO links.

• 
    

  Fixed issue in color picker and position of SSO login button.

• 
    

  Fixed the auto-selection of default idp.

• 
    

  Some bug fixes.

  September 22, 2022

• 
    

  XSS Vulnerability fixes for malformed SAML Response in Test Configuration flow.

• 
    

  Wordfence Compatibility Fixes.

  September 17, 2022

• 
    

  Added compatibility fixes with WP SAML IDP plugin.

• 
    

  Minor bug fix.

  August 04, 2022

• 
    

  Compatibility with WordPress 6.0.

• 
    

  Fixed Domain Mapping issue for Disabled IDPs.

• 
    

  Updated SAML handbook links.

  February 09, 2022

• 
    

  Compatibility with WordPress 5.9.

  November 23, 2021

• 
    

  Compatibility with WordPress 5.8.

• 
    

  Minor UI Fixes.

  November 12, 2021

• 
    

  Added new Certificate for Signing and Encryption.

• 
    

  Bug fixes.

  July 16, 2021

• 
    

  Fixed XSS Vulnerability (CVE-2020-6850).

• 
    

  Updated xmlseclibs(Added support for Shibboleth encryption algorithm).

• 
    
  Bug fixes:

  Cron fixes for blank IDP bug.

• 
    

  Fixed upload metadata issues with Federated Identities(Haka).

• 
    

  Compatibility with WordPress 5.8.

  November 26, 2020

• 
    

  Updated SP Certificate.

• 
    

  Compatibility with WordPress 5.6.

• 
    

  Bug fixes.

  January 03, 2025

• 
    

  Added the subsite details for a non-current environment if the details are available in the database.

• 
    

  Added Wordfence compatibility fixes.

• 
    

  Added the import-export feature for the Multiple Environment Configuration.

• 
    

  Custom attributes are now shown on subsites as well.

• 
    

  Fixed vulnerabilities related to XML parsing, insecure cookie creation, and replay attacks.

• 
    

  Fixed duplicate expiry notices when the license is expired.

• 
    

  Fixed XSS vulnerabilities for malformed SAML responses in the Test Configuration flow and attributes received from the IDP.

• 
    

  Made minor bug fixes and UI improvements.

  November 26, 2024

• 
    

  Added Multiple Environment Feature for configuring plugin settings for all environments (dev, test, production).

• 
    

  Added form validations throughout the plugin when SP is not configured.

• 
    

  Added the plugin documentation link near the plugin heading.

• 
    

  Added Metadata customization feature allowing admin to input Organization Name, Email Address, and Organization URL in the Service Provider Metadata.

• 
    

  Optimized API calls for account and license key verification.

• 
    

  Fixed cached SAML request issue during SSO.

• 
    

  Fixed the issue with displaying custom attributes in users menu.

• 
    

  Fixed admin notices while importing metadata file.

• 
    

  Minor bug fixes and UI improvements.

  October 10, 2024

• 
    

  New and improved design of Attribute/Role Mapping Tab.

• 
    

  Added an SSO User Tag for users logging in via SSO.

• 
    

  Added the warnings for required PHP extensions.

• 
    

  Added frontend validations for Backdoor URL.

• 
    

  Fixed the displayed warning on invalid metadata file import.

• 
    

  Minor bug fixes and improvements.

  August 05, 2024

• 
    

  Added reset login button setting for SSO button.

• 
    

  Added Logout relay state in Redirection & SSO Links tab.

• 
    

  Added a form for syncing metadata in the Service Provider Setup tab.

• 
    

  Added the option to validate the assertion time of the SAML Response.

• 
    

  Added the version number with the plugin heading.

• 
    

  Added copy button for Shortcode in SSO links section.

• 
    

  Added validations on the Redirection & SSO Links tab when IDP is not configured.

• 
    

  Minor bug fixes and UI improvements.

  July 04, 2024

• 
    

  Fixed a login redirect loop issue on subdomains.

  May 16, 2024

• 
    

  Compatibility with WP 6.5.

• 
    

  Updates in Licensing Framework.

• 
    

  Fixed an XSS Vulnerability.

• 
    

  Fixed an issue with the subsites SSO for subdomain multisite installation.

  January 01, 2024

• 
    

  Added Admin Dashboard Widget.

• 
    

  Added Error Codes Submenu.

• 
    

  Added notices in the plugin.

• 
    

  Compatibility with WP 6.4.

• 
    

  Redesigned Account Info tab.

• 
    

  Updates in Licensing Framework.

  July 24, 2023

• 
    

  Compatibility with siteground hosting.

• 
    

  Compatibility with WP 6.2.

  July 24, 2023

• 
    

  Updated XML Security Library.

• 
    

  Compatibility with WP 6.1.

• 
    

  Fixes for PHP 8.1.

• 
    

  Fixes in Single Logout flow.

  November 14, 2022

• 
    

  Compatibility with Wordfence Scanner.

  september 29, 2022

• 
    

  Vulnerability fix for malformed SAML Response.

• 
    

  Security fix for open redirect vulnerability.

• 
    

  Modified .htaccess rules.

• 
    

  Updated handbook links.

• 
    

  Fixed an issue with the subsites list for more than 500 subsites.

• 
    

  Fixed apply certificate button.

  June 22, 2022

• 
    

  Added IDP selector UI.

• 
    

  Added Add-ons tabs.

• 
    

  Added check for archived and deleted subsites for license verification.

• 
    

  Added Compatibility with WordPress 6.0.

• 
    

  Updated licensing plans.

• 
    

  Updated bootstrap version to 5.1.3

• 
    

  Fixed Single Logout for different WordPress versions.

• 
    

  Fixed an issue with color picker for the Custom login button.

• 
    

  Fixed access restriction for the resource files.

  February 08, 2022

• 
    

  Compatibility fixes for WordPress 5.9.

  November 23, 2021

• 
    

  Compatibility fixes for WordPress 5.8.

• 
    

  Minor UI Fixes.

  November 16, 2021

• 
    

  Added new x509 certifcate for Signing and Encryption.

• 
    

  Minor bug fixes.

  April 09, 2021

• 
    

  Compatible with PHP8.

• 
    

  Compatible with WordPress 5.7.

• 
    

  Import Metadata Fix.

• 
    

  Vulnerability fixes.

  November 26, 2020

• 
    

  New Certificate for Signing and Encryption.

• 
    

  Compatible with WordPress 5.6.

• 
    

  Vulnerability fixes.