1.3.X RELEASE - Unity IdM

1.3.1 RELEASE

THE RELEASE

The release 1.3.1 was published on ??

DOWNLOAD

DOCUMENTATION OF THE RELEASE:

Read documentation of 1.3.1 release:

READ

GENERAL INFORMATION ABOUT RELEASE

There are two distribution formats:

tar.gz bundle which can be unpacked and this way installed in a single directory,
rpm which can be installed system-wide in the Linux standard locations.

The rpm is build and tested on Centos 6, noarch. It should work flawlessly also on SL6 and recent Fedora distributions. We may build packages for other distributions in future, however the tar.gz format should be fully portable. Java 8 JRE is the primary installation prerequisite. For more detailed installation information please check the Unity manual.

1.3.X RELEASE SERIES

The release 1.3.0 a lot of new features it also fixes couple of bugs found in the previous releases. The most important changes:

Unity was updated to use latest web framework release what should improve login experience a lot:
- page address doesn’t change on the authentication screen,
- remote authentication has no lag after returning to Unity,
- rare hangs of the remote authentication were eliminated.
A new endpoint supporting SAML ECP protocol was added. The endpoint allows for using Unity to bootstrap the ECP login (i.e. Unity is a SP).
A new RESTful endpoint was added, allowing to query the Unity database in a simple way.
OAuth2 and OpenID Connect remote authentication is possible now. Tested with Google, Microsoft Live and Facebook providers.
Dynamic, automatically created identities framework was refactored fixing several bugs. Additionally it is possible to inspect automatically created identities in the Admin UI and even to manually clean them.
Translation profiles were greatly enhanced and improved. There two kinds of translation profiles now: input and output. The input profiles have the same purpose as the former translation profiles, but the actions were refactored so their creation is much simpler, intuitive and at the same time much more flexible. The output profiles are a new concept, allowing to dynamically change the data which is returned via the IdP endpoints. The new functionality of translation profiles allows for creating ad-hoc identities and attributes with complex contents. What is also very important the documentation was greatly improved, contains many examples and the Admin UI offer a greater help during edit.
It is possible to configure remote SAML authenticator with a SAML metadata, what allows to set its trust in a simple way. It is also possible to use metadata of several federations and to override some of the automatically imported manually.
There is a number of smaller Admin UI improvements:
- simple identities search
- it is possible to see source IdP, profile and timestamps of identities and attributes obtained remotely.
- it is possible to remove many rows of tables at once.
Registration forms can be configured to be automatically accepted when custom conditions are fulfilled.
There is a new JWT authentication method, useful for keeping login sessions for RESTful interface.

DETAILED LIST OF CHANGES

RELEASE 1.3.1

Bugs fixed:

406 The confirmation UI broken
415 Attribute statements flushed upon group update
403 It is not possible to disable credential expiration
407 Credential reset doesn’t work for the email identities
408 Email identity is not used as contact email
409 Should not be possible to re-registter with the existing identity
410 Refresh button causes error when identities management is disabled for user’s account page.
411 Do not show empty line with credentials on HomeUI
412 Hide entity id in HomeUI
413 Attribute classes UI shouldn’t scroll to bottom on load
414 Update MVEL documentation links
418 Flickering popup animation
419 Group rename should not be possible
421 Fix doc and UI of registration form condition
422 Remotely obtained identity and attribute metadata is lost when processed via registration form
423 Creation of identities via REST ignores identity metadata
427 Registration requests cannot be deleted

New features:

417 Variable in output profile with id of IdP used for authN
420 Implement scheduled entity operations in the REST API

RELEASE 1.3.0

Bugs fixed:

Resolving of dynamic identities doesn’t work for 3rd party queries
Persistent identity type (untargeted) has target set
Translation profiles overwritten with file-configured profiles always
Remote authentication which takes well over 30s fails
SAML SOAP attribute query supports only entity and DN identity types
Reload of authenticator without retrieval config set fails
RelayState encoding is wrong (again)
Remote authentication sometimes stops at the final stage
NPE when searching for email attribute in registration request
Invalid values merging of automatic attributes
Authorization exception occurs while redirecting to SAML SP, after authentication

New features:

Fixes for Vaadin 7.1/7.2
Support for SAML ECP
Create REST integration module
Create output translation profile engine
Support for external OAuth IdP
Add support for configuring identity types mapping in SAML IdP endpoints
Provide support for configuration of the SAML SP part from SAML metdata
UI for inspecting and resetting dynamic identities
New translation actions: add to fixed group and and add attribute
Universal remote IdP selection component
Refactoring of the input translation profiles
Add support for authentication with JWT
Add feature to automatically accept a registration request
Provide RESTful API
Refactor authentication logic to use servlet’s forward instead of redirect
Add UI for outdating credentials
Enhance attributes and identities metadata
User friendly editing of translation profile
Update ProgressIndicator to ProgressBar + Vaadin 7.1 style
Admin UI should allow for bulk delete
Simple serach for identities table

OLDER REVISION

Here you can download previous versions from the series and read their documentation:

RELEASE 1.3.0: DOWNLOAD DOCUMENTATION