IMPORTANT NOTE ON OPENJDK
with introduction of latest Jetty HTTP server (used by Unity) it was observed that Firefox browser have troubles connecting to Unity launched on some of the OpenJDK distributions (e.g. Fedora). This is due to disabling EC TLS ciphers in affected OpenJDK. In case of troubles please use Oracle Java RE.
GENERAL INFORMATION ABOUT THE RELEASE
There are two distribution formats:
- tar.gz bundle which can be unpacked and this way installed in a single directory,
- rpm which can be installed system-wide in the Linux standard locations.
The rpm is build and tested on Centos 7, noarch. It should work flawlessly also on SL7 and recent Fedora distributions. We may build packages for other distributions in future, however the tar.gz format should be fully portable. Java 8 JRE is the primary installation prerequisite. For more detailed installation information please check the Unity manual.
2.7.X RELEASE SERIES
Release 2.7.0 is a subsequent important Unity milestone completing huge change around end-user facing UI improvements. The main focus of this release was on registration: both in terms of UI, UX and core features.
When installing this release as an update a migration will be performed and some configuration changes may be necessary. Make sure to make backup and read update instructions in the documentation!
The highlights are:
- There is a completely new registration path possible: a registration form may allow for selecting a remote signup, with any of enabled external authentication options (like Google, FB, other OAuth providers, or SAML Idps). So far this was only possible in effect of failed authentication try, what was not working well with typical use cases.
- User may be given a choice to use remote credential for registered account or a local one, stored in Unity.
- Local registration form may be rendered on a starting screen, or be presented only after selecting the local registration path.
- After external registration still a registration form may be rendered – if any of the required information was not provided by external IdP.
- Enrolment to groups is now way more flexible: instead of setting a static list of available groups for the form, admin may configure a wildcard: the actual groups to be offered are established at runtime. This feature supports enrolment to projects/tenant/organization unit groups which are changing over time.
- What is more, form attributes may be configured to be set in the group selected by the user on the same form.
- A new finalization feature was added in registration subsystem. Finalization allows for specifying details of behavior in effect of all final states of registration process: from successful submission, to all kinds of errors.
- Note: this feature deprecates the former partial support for controlling some of such behaviors in registration form profile. Please update your form if you used such, the actions will be preserved after upgrade for your reference.
- Rendering of the registration form, UX of individual elements was greatly improved and refactored to be streamlined with how authentication UI works. Password setup offers nice hints, fields are validated during typing, layout was improved.
- Credential reset flow UI as well as UI of outdated credential change was improved and simplified.
- Custom and invitation message templates allow for using arbitrary, custom parameters. Those parameters can be filled when preparing a personalized invitation or sending an email with a REST API.
Other, smaller changes:
- Invitation can preset identity for remote OAuth registration. This preset identity may be also mandatory, so that user can not register with different one.
- Registration form configuration UI was refactored. Forms may be only inspected after opening.
- AdminUI -> Contents management is not showing group attribute classes (still can be inspected from the group’s context menu). Instead basic group stats are shown.
- New registration profile action allows to process all pending invitations for the same user, when the user registers. This may work regardless if the registration is made by invitation or not.
- Plus many smaller improvements and bugfixes, see detailed changelog below.
DETAILED LIST OF CHANGES