Release notes 3.x
3.31.0
Features
- Added possibility to specify the used redirect uri while fetching the Facebook authorization grant when completing the login flow using parameter
used_redirect_uri
.
3.30.0
Bug fixes
- Fixed invalid mapping of Flowtype in email gateway extension implementation
Features
- Changed structure of Delegated User Management person report returned in SAML response
3.29.1
Bug fixes
- Fixed invalid handling of malformed json request in reset password endpoint (400 Bad Request is returned instead of 500 Server Error)
- Facebook coupling extended by possibility to couple with CIM account that has different email than used in facebook
3.29.0
Features
- Added API endpoint for checking migration status of a user (more info Check if user exists in idp or extension)
- Added possibility to refer to user attributes returned by external IDP within templates (more info Templates)
- Added possibility to select IDP language in SAML request
3.28.0
Features
- Added statistics for Facebook
- Extended SAML response with DUM (Delegated User Management) person report if available
- All unmapped user attributes returned by external IdP will be returned as custom attributes in the SAML response
- Added mapping for additional Facebook attributes
- Added support for multi domains in social login based on new property
IDP_REDIRECT_URI
- Added Just-In-Time Signup support for Facebook IdP type
- Added parameter
flow_type
to password reset email - Added HTTP-Redirect binding support for SingleLogout
- Migrated reCAPTCHA to version 2
- Updated mobile authentication APIs to compatible with Token Server 6+
- Added support for custom password transformation
- Unknown authentication level is not returned with SAML response
- Persons API extended by possibility to add alternative email address
- Added possibility to change username while signing up via Facebook
Bug fixes
- Successful SAML LogoutResponse status code does not inherit from urn:oasis:names:tc:SAML:2.0:status:Responder
- Fixed oracle 3.26.00 migration
- Fixed problems related with coupling one social account with two {book.productName}} accounts
- Fixed issue with uncoupling social IdP
3.27.2
Features
- Introduced MariaDB MySQL driver
Bug fixes
- Exposed JDBC's defaultTransactionIsolation property, which can now be controlled by IDP_DATABASE_TRANSACTION_ISOLATION env variable
3.27.1
Bug fixes
- Fixed password reset by api for already migrated users
3.27.0
Features
- Added Just-In-Time Signup support for SAML IdP type
- Added possibility to map person attributes returned by SAML IdP to profile attributes which are specific to Onegini IDP
- All person attributes which have mappings defined will be synchronized when logging in with SAML or LDAP IdP
- Attribute mappings for LDAP IdP has been moved from environmental variables to the admin console (more in upgrade instructions)
- Migration triggered by password reset via api will set custom referenceId as personId when Onegini IDP is properly configured and extension return required data.
3.26.0
- All person attributes which have mappings defined will be synchronized when logging in with SAML or LDAP IdP
- Attribute mappings for LDAP IdP has been moved from environmental variables to the admin console (more in upgrade instructions)
Features
- Property
APPLICATION_ENVIRONMENT
replaced withSPRING_PROFILES_ACTIVE
. (more in upgrade instructions) - Added support for encryption keys up to 256 bits
- Integration tests are now executed against Onegini IDP docker
3.25.0
Features
- Application migrated from war to jar packaging with embedded tomcat
- Property
IDP_LOGGING_LEVEL
replaced with propertieslogging.level.<package-name>
(more in upgrade instructions) - Reworked API documentation which is currently based on Swagger
- Sms related features extended by possibility to retry sending message in case of error (more in properties section)
- Introduced IdentityProvider of SAML type - Onegini IDP can now serve as an SAML ServiceProvider
Bug fixes
- Fixed mobile login state not being set correctly after sign-up
3.24.0
Features
- Added alternative mobile authentication type for mobile login
- Configuration of authentication level specific for mobile login
Bug fixes
- Fixed calculation of expiration date for auth token cleanup cronjob
- Fixed user attribute for mobile authentication after changing ldap configuration
- Fixed hierarchy of sending email notifications
3.23.0
Features
- After choosing an alternative step-up method is saved as preferred
- Introduced possibility to authenticate admin through custom authenticator implemented in extension
- Logout user when cancelling step-up during SAML login or registration flows
- Migrate to Spring Boot 1.5.3.RELEASE
- Mobile-login security improvements
- Use TokenServer API V2 for Mobile-login
- Allow the user to decide whether the Mobile-login should be enabled or not during login flow
Bug fixes
- Removed duplicated
/
from callbackUrl's path provided to the Token Server in Mobile Authentication flows - Corrected
Accepted invitations
statistic and renamed it toCompleted invitations
- Fixed person phone number attribute synchronization on LDAP login
3.22.0
Features
- Introduced API endpoint to initialize password reset flow using email address of the user (more info)
- Email address and phone number attribute will be synchronized with Active Directory when logging in with LDAP IdP
- Multiple LDAP accounts can be coupled with one CIM account based on email address attribute (more info)
Bug fixes
- Fixed issue with validating new types of TLDs for email addresses
- Fixed captcha input validation issue
3.21.0
Features
- Added code to password reset email object parameters
- Added list of origins to which user is allowed to be redirected
- Origin url will be used to determine redirect url after user logout
- Mobile number validation can now be disabled via admin panel
3.20.0
Features
- Added configuration of sending
Welcome message
after migration - Added code to password reset email object parameters
3.19.0
Features
- Limit number of consecutive unsuccessful mobile login attempts
- Changed LDAP password attribute encryption
- Changed the way the LDAP attributes are looked up during mobile login
- Introduce API endpoint to finalize password reset flow
- Providing password for LDAP identity provider is not required in case the configuration is edited
- Mobile login token details are stored in database
3.18.0
Features
- Added support to use externally generated person identifier as internal one.
- Added possibility to enable email verification notifications when sign-up is triggered via persons API.
- Removed Mobile-login Idenity Provider type and introduced a separate section which allows to configure Mobile-login as a login method.
- The Mobile-login functionality can now work with Identity Providers of other than LDAP types.
Bug fixes
- Step-Up will be triggered in case person account is created with JIT sign-up functionality and used IDP has lower authentication level than requested by the Service Provider.
- User is being redirect back to service provider when cancelling step-up during a SAML login.
3.17.0
Features
- Added support for custom SAML Authentication Contexts which allows to log in with predefined social identity provider (more info).
- Captcha configuration has been moved to administration panel (more info).
- Added possibility to disable captcha.
- Added possibility to enable welcome email notifications when sign-up is triggered via persons API.
3.16.2
Bug fixes
- Fixed attribute validation in Jit-signup
3.16.0
Features
- Added possibility to enable/disable email notifications via admin panel
- Facebook graph API updated to version 2.9
Bug fixes
- Fixed possible NPE in kerberos configuration when
IDP_KERBEROS_SERVER_KEYTAB_PATH
variable not set
3.15.0
Features
- Extension can discover device type and serve appropriate messages for for mobiles and tablets
Bug fixes
- Fixed Persistable Properties functionality when IDP is started within Docker
- Fixed Kerberos Authentication when IDP is started within Docker
3.14.0
Features
- Just-in-time migration extended by filling user's profile with LDAP mobile phone number (more info).
3.13.1
Bug fixes
- AD user attribute will be used instead of personId when communicating with Token Server
3.13.0
Features
- Added support for Microsoft SQL Server database
- Added just-in-time sign-up feature which can be used to perform automatic sign-up when logging in with LDAP identity provider
- Added Mobile-login functionality
- Removed exclusive login page for Logging in with identity provider of LDAP type, it is done using standard (Username and Password) login form
Bug fixes
- LDAP authentication possible by providing query like specified in documentation.
3.12.0
Features
- LDAP account attributes are returned with SAML login response
Bug fixes
- Fixed showing message box in the dashboard
Since this version the component versioning scheme does not contain leading zeros in the version numbers
3.11.00
Features
- Remote cache provider changed to Redis
- Added possibility to define multiple LDAP identity providers with configuration provided via admin panel
Bug fixes
- Fixed cache replication
3.10.02
Bug fixes
- Fixed issue with validating new types of TLDs for email addresses
3.10.01
Features
- Added possibility to map SAML attributes name on Organisation and Service Provider level (more information in documentation
- IDP will validate the SDK API version and log appropriate error in case of mismatch
Bug fixes
- Fixed NPE in statistics module when IDP is started within a docker container and the DB is empty
3.09.00
- Enhanced Client Proxy SAML (ECP) flow support added to IDP
3.08.00
Features
- Person API extended by new api for coupling account with external idp (more info in person api documentation)
3.07.00
Compatibility
- Compatiblity with
idp-extension-sdk
v3 dropped, please use v4. More information available inidp-extension-sdk
documentation
Bug fixes
- Fixed Infinispan cache replication
3.06.00
Features
- Added support for authentication over Kerberos protocol
- Added persistable properties functionality
Bug fixes
- Corrected a bug where
email_address
request parameter was ignored unlessinclude_fileds
was provided in search API call
3.05.00
Features
- Introduced additional parameters for person search api (
last_modified
andinclude_fields
). Please read person search api documentation for more details. - Introduced api to create and automatically signup of users
- Introduced api to set user password without current on verification
3.04.02
Bug fixes
- SAML Artifact Binding wrong protocol error fixed by introducing additional properties (more in upgrade instructions).
3.04.01
Bug fixes
- SAML Single Logout error fixed when custom subject name id is used.
3.04.00
Features
- Added support for LDAP authentication (more on properties page).
- SAML artifacts replication enabled after introducting infinispan replicated cache (more information available at properties section and jgroups page for more information).
- SAML Artifact Resolution Service is served on port together with API
- SAML Subject Name value configurable via admin panel
3.03.00
Features
- Added support for SAML Artifact Bindings
Bug fixes
- Read X-Forwarded-[Proto, Host, Port] headers on each redirect
- Properties name format fixed (more in upgrade instructions)
3.02.00
Features
- Switch from
xml
toenv
properties configuration - Introduce an option to configure HTTP-headers for responses
- Password reset pages template reworked
3.02.01
Bug fixes
- Fix missing custom headers in some responses
3.01.00
Features
- Optional SAML Authentication
- Previous successful authentication attempt time returned in SAML attributes
- Introduce headless integration tests driver PhantomJs
3.00.00
Features
- Overlays support removed
- Added cleaning crone scheduler tasks on application shutdown
- Automate documentation publishing
- Number of dependencies updated
- Login page template reworked
Bug fixes
- Fixed email validation to include external services
- Fixed unable to modify custom messages defined only in extension in administration panel