IMPORTANT NOTE ON OPENJDK
Unity requires Java VM to be installed (JRE). Minimum supported version is 8. Unity is also tested on Java 11, which become supported since release 3.0 and becomes a default platform from release 3.2.
GENERAL INFORMATION ABOUT THE RELEASE
There are two distribution formats:
- tar.gz bundle which can be unpacked and this way installed in a single directory,
- rpm which can be installed system-wide in the Linux standard locations.
The rpm is build and tested on Centos 7, noarch. It should work flawlessly also on SL7 and recent Fedora distributions. We may build packages for other distributions in future, however the tar.gz format should be fully portable and is our primary distribution form.
We found couple of issues related to the initial versions of migration (especially the in place DB-based migration) from Unity 2 to 3. Those issues were fixed in version 3.1.1. This post provides more details if you are affected. What is more initial versions of new editors added in Console (authenticators, services and IdPs) caused couple of unintentional changes to the original configuration. Those issues were fixed in 3.1.2 version.
3.3.X RELEASE SERIES
Unity 3.3.0 release brings a large set of improvements and brand new features. Additionally couple of bugs were fixed, see in the detailed changelog below for details.
Policy documents are a new global concept in Unity. Administrator can define documents covering ToU, SLA, marketing agreements and any other alike. Documents are versioned, can be provided in multiple forms and can be mandatory or optional.
Defined policy documents can be configured as a part of registration, enquiry or sign-in over IdP endpoint flows. Unity will record (as a special user attribute) acceptance or refusal, allowing to re-prompt after document update. It is additionally possible to configure in what way acceptance should be requested.
One time passwords
A new credential type is available: one time codes, technically the popular TOTP variant. It is a credential useful typically as the 2nd factor in two step authentication.
With this credential users can verify their identity with help of Google Authenticator, Microsoft Authenticator, RedHat’s FreeOTP or any other similar app.
Other notable improvements
- Shared translation profiles can be managed in Admin Console now.
- Default appearance of the authentication screen (and all other views) was improved a lot, aligned and unified with general Unity style.
- Authentication screen appearance on narrow mobile screens was improved in case of multiple columns with authentication options.
- Registration form can be configured to deny request using an occupied identity at submission time.
- Credentials editing in Admin Console and HomeUI was reworked and offers much better UX now.
- MFA preference can be controlled with registration form action
- We started to provide a more intuitive contextual help in Admin Console. Only few components use this feature so far, but we will expand it in the next revisions. For examples see Realms or OTP credential definition.
Upgrade from 3.2
Upgrade from previous release should not be problematic. Internal data migration will be performed. As usual, don’t forget to create a backup before upgrade.
There are two aspects to be taken into account when upgrading:
- sidebarTheme, a theme that was internally used for Admin Console and UpMan, was dropped and merged with unityThemeValo, the only style covering Unity appearance from now. The unification, together with general UI cleanup required us to apply rather big changes in styling. If using custom styles test them carefully if nothing got broken.
- we fixed one long lasting bug, related to loading UI configuration of authenticators: this configuration, typically having one displayed name, was ignored. Now it is not. It may happen that errors in the ignored config file will be visible after update. This is most likely in the case of X.509 certificate authenticator – users of this authenticator should verify its “Visual configuration” section and pay attention to server log warnings.
Move to Maven Central
Relevant for developers using Unity only.
Unity libraries from version 3.3.0 are deployed in Maven Central repository. The formerly used FZJ repository is not longer used. FZJ: thank you a lot for many years of support!
What is more the groupId of all maven modules was changed to:
DETAILED LIST OF CHANGES