IMPORTANT NOTE ON OPENJDK
Unity requires Java VM to be installed (JRE).
- Unity version up to 3.7.x can run on Java 8 to 11. Running on version 11 is recommended since version 3.2.0
- Unity version 3.8.0 and above will require Java 11 to run. Support for higher versions will be experimental and official support for Java version 17 can be expected in the course of 2022.
GENERAL INFORMATION ABOUT THE RELEASE
There are two distribution formats:
- tar.gz bundle which can be unpacked and this way installed in a single directory,
- rpm which can be installed system-wide in the Linux standard locations.
The rpm is build and tested on Centos 8, noarch. It should work flawlessly also on recent Fedora distributions. We may build packages for other distributions in future, however the tar.gz format should be fully portable and is our primary distribution form.
We found couple of issues related to the initial versions of migration (especially the in place DB-based migration) from Unity 2 to 3. Those issues were fixed in version 3.1.1. This post provides more details if you are affected. What is more initial versions of new editors added in Console (authenticators, services and IdPs) caused couple of unintentional changes to the original configuration. Those issues were fixed in 3.1.2 version.
3.7.X RELEASE SERIES
Unity 3.7.0 is another major milestone in Unity development. This release brings a large number small and medium size improvements in various areas.
Enhanced attribute statements, group properties and MVEL editor
We have added several features, that put together form a significant upgrade of attribute statements capabilities and how MVEL expressions are created.
First of all, admin can configure a custom group properties. The properties are simple key – value pairs set on group and only pertain to the group itself. We used the term ‘property’ not to introduce confusion with group attribute statements. Group properties can be used in Unity integrations (as are visible on the REST API) as well as can be used in dynamic formulas used in Unity itself, generated by MVEL expressions.
Use of MVEL statements was improved by adding a new, dedicated MVEL editor. It is launched with the gear icon next to the regular text field holding an MVEL expression. The editor which is opened not only provides a bigger space for typing, but also shows all variables available in the context of the expression.
Last but not least the group attribute statement context has now access to groupObj variable (access to complete group object with all metadata), so can match the power of output profile rules.
Easier configuration of registration with remote IdP
So far Unity required quite specific settings of a remote authenticator used in a registration form: all identity mapping rules in the input profile of such authenticator could not have the CREATE effect. That was especially problematic as the default translation profiles provided by Unity all use that effect, making default authenticators unusable for registration forms.
With this release we have eliminated this issue. Any remote authenticator is now good for direct use on registration form, regardless of its input profile settings.
IdP endpoint usage statistics
Since this release, client access to both OAuth AS and SAML IdP endpoints is subject to usage metering. Endpoint usage statistics can be seen under Maintenance menu entry in admin console, as well as retrieved from the REST API.
Data is broken down by status (success or failure) and can be natively grouped in typical time buckets.
- In case an invitation to an enquiry resolves to multiple user accounts (i.e. entities sharing the same email), user can select the account to which the submitted form shall be applied.
- OAuth token revocation endpoint was revised and made fully compliant with RFC 7009. Sending token_hint is optional, client_id is only required in case of public clients, authentication is required for confidential clients. This last feature is configurable, not to break existing setups.
- In console it is possible to to trigger endpoint configuration reload from file. Of course only for endpoints configured from files.
Upgrade from 3.6
This upgrade will perform a data migration. It is advised to take a backup.