GENERAL INFORMATION ABOUT RELEASE
There are two distribution formats:
- tar.gz bundle which can be unpacked and this way installed in a single directory,
- rpm which can be installed system-wide in the Linux standard locations.
The rpm is build and tested on Centos 6, noarch. It should work flawlessly also on SL6 and recent Fedora distributions. We may build packages for other distributions in future, however the tar.gz format should be fully portable. Java 8 JRE is the primary installation prerequisite. For more detailed installation information please check the Unity manual.
Java 8 JRE is the primary installation prerequisite. For more detailed installation information please check the Unity manual.
1.4.X RELEASE SERIES
Unity 1.4.0 is so far the biggest update, with exactly 200 commits, 47 solved tickets and several big features.
The release highlights are:
- OAuth2 & OpenID Connect endpoint is now available, i.e. Unity can act as a standalone OAuth 2 Authorization Server with support for OpenID Connect specification. The current implementation is fully functional, however its configuration requires some manual work in Admin UI (setting attributes, adding clients to groups) as there is no dedicated OAuth management UI. This will be improved in future.
- The SAML subsystem received all the most important missing features:
- support for encryption (and decryption) of assertions
- SAML IdP can be configured with SAML metadata in the similar way as it was already possible to configure SAMl authenticator. The trusted SPs are can be automaticly extracted from the federation’s metadata and updated at runtime.
- SAML Single Logout protocol is fully supported. This is a giant feature, as Unity can now logout all session participants: the upstream SAML IdP (if was used) and the SPs logged via Unity SAML IdP endpoint. The logout can be initiated via HTTP POST, Redirect and SOAP bindings, as well as by logging out from any of the Unity web UIs. As Single Logout may bring some problems level of its implementation is configurable. See the SAML Howto for details.
- LDAP authenticator was greatly enhanced:
- it is possible to use a predefined system user to obtain information about logged user
- it is possible to define custom, additional searches
- There is a new OAuth authenticator available, where Unity takes OAuth Resource Server role, checking provided OAuth Access Token against a configured 3rd party OAuth AS.
- Unity was subject to an extensive security audit. Implementation of audit recommendations hardened Unity’s security.
Big thanks to all our contributors, testers and auditors (in alphabetical order, people first): Bernd, Piotr, Rafał, Roman Krysiński, Shiraz, ICM, Wrocław Center For Networking and Supercomputing, ICM and PL-Grid guys!
Unfortunately one of big planned features – translation profile wizard and debugger – is not included in this release due to one lately found issue. This great feature will be made available in the next release.
DETAILED LIST OF CHANGES