Release notes 3.x

3.31.0

Features

  • Added possibility to specify the used redirect uri while fetching the Facebook authorization grant when completing the login flow using parameter used_redirect_uri.

3.30.0

Bug fixes

  • Fixed invalid mapping of Flowtype in email gateway extension implementation

Features

  • Changed structure of Delegated User Management person report returned in SAML response

3.29.1

Bug fixes

  • Fixed invalid handling of malformed json request in reset password endpoint (400 Bad Request is returned instead of 500 Server Error)
  • Facebook coupling extended by possibility to couple with CIM account that has different email than used in facebook

3.29.0

Features

  • Added API endpoint for checking migration status of a user (more info Check if user exists in idp or extension)
  • Added possibility to refer to user attributes returned by external IDP within templates (more info Templates)
  • Added possibility to select IDP language in SAML request

3.28.0

Features

  • Added statistics for Facebook
  • Extended SAML response with DUM (Delegated User Management) person report if available
  • All unmapped user attributes returned by external IdP will be returned as custom attributes in the SAML response
  • Added mapping for additional Facebook attributes
  • Added support for multi domains in social login based on new property IDP_REDIRECT_URI
  • Added Just-In-Time Signup support for Facebook IdP type
  • Added parameter flow_type to password reset email
  • Added HTTP-Redirect binding support for SingleLogout
  • Migrated reCAPTCHA to version 2
  • Updated mobile authentication APIs to compatible with Token Server 6+
  • Added support for custom password transformation
  • Unknown authentication level is not returned with SAML response
  • Persons API extended by possibility to add alternative email address
  • Added possibility to change username while signing up via Facebook

Bug fixes

  • Successful SAML LogoutResponse status code does not inherit from urn:oasis:names:tc:SAML:2.0:status:Responder
  • Fixed oracle 3.26.00 migration
  • Fixed problems related with coupling one social account with two {book.productName}} accounts
  • Fixed issue with uncoupling social IdP

3.27.2

Features

  • Introduced MariaDB MySQL driver

Bug fixes

  • Exposed JDBC's defaultTransactionIsolation property, which can now be controlled by IDP_DATABASE_TRANSACTION_ISOLATION env variable

3.27.1

Bug fixes

  • Fixed password reset by api for already migrated users

3.27.0

Features

  • Added Just-In-Time Signup support for SAML IdP type
  • Added possibility to map person attributes returned by SAML IdP to profile attributes which are specific to Onegini IdP
  • All person attributes which have mappings defined will be synchronized when logging in with SAML or LDAP IdP
  • Attribute mappings for LDAP IdP has been moved from environmental variables to the admin console (more in upgrade instructions)
  • Migration triggered by password reset via api will set custom referenceId as personId when Onegini IdP is properly configured and extension return required data.

3.26.0

  • All person attributes which have mappings defined will be synchronized when logging in with SAML or LDAP IdP
  • Attribute mappings for LDAP IdP has been moved from environmental variables to the admin console (more in upgrade instructions)

Features

  • Property APPLICATION_ENVIRONMENT replaced with SPRING_PROFILES_ACTIVE. (more in upgrade instructions)
  • Added support for encryption keys up to 256 bits
  • Integration tests are now executed against Onegini IdP docker

3.25.0

Features

  • Application migrated from war to jar packaging with embedded tomcat
  • Property IDP_LOGGING_LEVEL replaced with properties logging.level.<package-name> (more in upgrade instructions)
  • Reworked API documentation which is currently based on Swagger
  • Sms related features extended by possibility to retry sending message in case of error (more in properties section)
  • Introduced IdentityProvider of SAML type - Onegini IdP can now serve as an SAML ServiceProvider

Bug fixes

  • Fixed mobile login state not being set correctly after sign-up

3.24.0

Features

  • Added alternative mobile authentication type for mobile login
  • Configuration of authentication level specific for mobile login

Bug fixes

  • Fixed calculation of expiration date for auth token cleanup cronjob
  • Fixed user attribute for mobile authentication after changing ldap configuration
  • Fixed hierarchy of sending email notifications

3.23.0

Features

  • After choosing an alternative step-up method is saved as preferred
  • Introduced possibility to authenticate admin through custom authenticator implemented in extension
  • Logout user when cancelling step-up during SAML login or registration flows
  • Migrate to Spring Boot 1.5.3.RELEASE
  • Mobile login security improvements
  • Use TokenServer API V2 for Mobile login
  • Allow the user to decide whether the Mobile login should be enabled or not during login flow

Bug fixes

  • Removed duplicated / from callbackUrl's path provided to the Token Server in Mobile Authentication flows
  • Corrected Accepted invitations statistic and renamed it to Completed invitations
  • Fixed person phone number attribute synchronization on LDAP login

3.22.0

Features

  • Introduced API endpoint to initialize password reset flow using email address of the user (more info)
  • Email address and phone number attribute will be synchronized with Active Directory when logging in with LDAP IdP
  • Multiple LDAP accounts can be coupled with one CIM account based on email address attribute (more info)

Bug fixes

  • Fixed issue with validating new types of TLDs for email addresses
  • Fixed captcha input validation issue

3.21.0

Features

  • Added code to password reset email object parameters
  • Added list of origins to which user is allowed to be redirected
  • Origin url will be used to determine redirect url after user logout
  • Mobile number validation can now be disabled via admin panel

3.20.0

Features

  • Added configuration of sending Welcome message after migration
  • Added code to password reset email object parameters

3.19.0

Features

  • Limit number of consecutive unsuccessful mobile login attempts
  • Changed LDAP password attribute encryption
  • Changed the way the LDAP attributes are looked up during mobile login
  • Introduce API endpoint to finalize password reset flow
  • Providing password for LDAP identity provider is not required in case the configuration is edited
  • Mobile login token details are stored in database

3.18.0

Features

  • Added support to use externally generated person identifier as internal one.
  • Added possibility to enable email verification notifications when sign-up is triggered via persons API.
  • Removed Mobile login Identity Provider type and introduced a separate section which allows to configure Mobile login as a login method.
  • The Mobile login functionality can now work with Identity Providers of other than LDAP types.

Bug fixes

  • Step-Up will be triggered in case person account is created with JIT sign-up functionality and used IDP has lower authentication level than requested by the Service Provider.
  • User is being redirect back to service provider when cancelling step-up during a SAML login.

3.17.0

Features

  • Added support for custom SAML Authentication Contexts which allows to log in with predefined social identity provider (more info).
  • Captcha configuration has been moved to administration panel (more info in upgrade instructions).
  • Added possibility to disable captcha.
  • Added possibility to enable welcome email notifications when sign-up is triggered via persons API.

3.16.2

Bug fixes

  • Fixed attribute validation in Jit-signup

3.16.0

Features

  • Added possibility to enable/disable email notifications via admin panel
  • Facebook graph API updated to version 2.9

Bug fixes

  • Fixed possible NPE in kerberos configuration when IDP_KERBEROS_SERVER_KEYTAB_PATH variable not set

3.15.0

Features

  • Extension can discover device type and serve appropriate messages for for mobiles and tablets

Bug fixes

  • Fixed Persistable Properties functionality when IDP is started within Docker
  • Fixed Kerberos Authentication when IDP is started within Docker

3.14.0

Features

  • Just-in-time migration extended by filling user's profile with LDAP mobile phone number (more info).

3.13.1

Bug fixes

  • AD user attribute will be used instead of personId when communicating with Token Server

3.13.0

Features

  • Added support for Microsoft SQL Server database
  • Added just-in-time sign-up feature which can be used to perform automatic sign-up when logging in with LDAP identity provider
  • Added Mobile login functionality
  • Removed exclusive login page for Logging in with identity provider of LDAP type, it is done using standard (Username and Password) login form

Bug fixes

  • LDAP authentication possible by providing query like specified in documentation.

3.12.0

Features

  • LDAP account attributes are returned with SAML login response

Bug fixes

  • Fixed showing message box in the dashboard

Since this version the component versioning scheme does not contain leading zeros in the version numbers

3.11.00

Features

  • Remote cache provider changed to Redis
  • Added possibility to define multiple LDAP identity providers with configuration provided via admin panel

Bug fixes

  • Fixed cache replication

3.10.02

Bug fixes

  • Fixed issue with validating new types of TLDs for email addresses

3.10.01

Features

  • Added possibility to map SAML attributes name on Organisation and Service Provider level (more information in documentation
  • IDP will validate the SDK API version and log appropriate error in case of mismatch

Bug fixes

  • Fixed NPE in statistics module when IDP is started within a docker container and the DB is empty

3.09.00

  • Enhanced Client Proxy SAML (ECP) flow support added to IDP

3.08.00

Features

3.07.00

Compatibility

  • Compatiblity with idp-extension-sdk v3 dropped, please use v4. More information available in idp-extension-sdk documentation

Bug fixes

  • Fixed Infinispan cache replication

3.06.00

Features

Bug fixes

  • Corrected a bug where email_address request parameter was ignored unless include_fileds was provided in search API call

3.05.00

Features

  • Introduced additional parameters for person search api (last_modified and include_fields). Please read person search api documentation for more details.
  • Introduced api to create and automatically signup of users
  • Introduced api to set user password without current on verification

3.04.02

Bug fixes

  • SAML Artifact Binding wrong protocol error fixed by introducing additional properties (more in upgrade instructions)

3.04.01

Bug fixes

  • SAML Single Logout error fixed when custom subject name id is used

3.04.00

Features

  • Added support for LDAP authentication (more on properties page)
  • SAML artifacts replication enabled after introducting infinispan replicated cache (more information available at properties section and jgroups page for more information).
  • SAML Artifact Resolution Service is served on port together with API
  • SAML Subject Name value configurable via admin panel

3.03.00

Features

  • Added support for SAML Artifact Bindings

Bug fixes

  • Read X-Forwarded-[Proto, Host, Port] headers on each redirect
  • Properties name format fixed (more in upgrade instructions)

3.02.00

Features

  • Switch from xml to env properties configuration
  • Introduce an option to configure HTTP-headers for responses
  • Password reset pages template reworked

3.02.01

Bug fixes

  • Fix missing custom headers in some responses

3.01.00

Features

  • Optional SAML Authentication
  • Previous successful authentication attempt time returned in SAML attributes
  • Introduce headless integration tests driver PhantomJs

3.00.00

Features

  • Overlays support removed
  • Added cleaning crone scheduler tasks on application shutdown
  • Automate documentation publishing
  • Number of dependencies updated
  • Login page template reworked

Bug fixes

  • Fixed email validation to include external services
  • Fixed unable to modify custom messages defined only in extension in administration panel