2.7.X RELEASE

THE LATEST RELEASE

2.7.5 was published on 07.01.2019

DOCUMENTATION OF THE RELEASE

can be read from:

IMPORTANT NOTE ON OPENJDK

with introduction of latest Jetty HTTP server (used by Unity) it was observed that Firefox browser have troubles connecting to Unity launched on some of the OpenJDK distributions (e.g. Fedora). This is due to disabling EC TLS ciphers in affected OpenJDK. In case of troubles please use Oracle Java RE.

GENERAL INFORMATION ABOUT THE RELEASE

There are two distribution formats:

tar.gz bundle which can be unpacked and this way installed in a single directory,
rpm which can be installed system-wide in the Linux standard locations.

The rpm is build and tested on Centos 7, noarch. It should work flawlessly also on SL7 and recent Fedora distributions. We may build packages for other distributions in future, however the tar.gz format should be fully portable. Java 8 JRE is the primary installation prerequisite. For more detailed installation information please check the Unity manual.

2.7.X RELEASE SERIES

Release 2.7.0 is a subsequent important Unity milestone completing huge change around end-user facing UI improvements. The main focus of this release was on registration: both in terms of UI, UX and core features.

When installing this release as an update a migration will be performed and some configuration changes may be necessary. Make sure to make backup and read update instructions in the documentation!

The highlights are:

There is a completely new registration path possible: a registration form may allow for selecting a remote signup, with any of enabled external authentication options (like Google, FB, other OAuth providers, or SAML Idps). So far this was only possible in effect of failed authentication try, what was not working well with typical use cases.
- User may be given a choice to use remote credential for registered account or a local one, stored in Unity.
- Local registration form may be rendered on a starting screen, or be presented only after selecting the local registration path.
- After external registration still a registration form may be rendered – if any of the required information was not provided by external IdP.
Enrolment to groups is now way more flexible: instead of setting a static list of available groups for the form, admin may configure a wildcard: the actual groups to be offered are established at runtime. This feature supports enrolment to projects/tenant/organization unit groups which are changing over time.
- What is more, form attributes may be configured to be set in the group selected by the user on the same form.
A new finalization feature was added in registration subsystem. Finalization allows for specifying details of behavior in effect of all final states of registration process: from successful submission, to all kinds of errors.
- Note: this feature deprecates the former partial support for controlling some of such behaviors in registration form profile. Please update your form if you used such, the actions will be preserved after upgrade for your reference.
Rendering of the registration form, UX of individual elements was greatly improved and refactored to be streamlined with how authentication UI works. Password setup offers nice hints, fields are validated during typing, layout was improved.
Credential reset flow UI as well as UI of outdated credential change was improved and simplified.
Custom and invitation message templates allow for using arbitrary, custom parameters. Those parameters can be filled when preparing a personalized invitation or sending an email with a REST API.

Other, smaller changes:

Invitation can preset identity for remote OAuth registration. This preset identity may be also mandatory, so that user can not register with different one.
Registration form configuration UI was refactored. Forms may be only inspected after opening.
AdminUI -> Contents management is not showing group attribute classes (still can be inspected from the group’s context menu). Instead basic group stats are shown.
New registration profile action allows to process all pending invitations for the same user, when the user registers. This may work regardless if the registration is made by invitation or not.
Plus many smaller improvements and bugfixes, see detailed changelog below.

DETAILED LIST OF CHANGES

RELEASE 2.7.5

New features:

Bugs fixed:

UY-841 Performance bug: Check authz role only for provided group, not in all groups user is member of.
UY-842 The ‘validCode’ MVEL variable not present for registration automation

RELEASE 2.7.4

New features:

Bugs fixed:

UY-833 Workaround for missing migration of TriggeringMode.afterRemoteLogin
UY-834 When no scopes are requested upon OAuth refresh then original scopes should be assumed
UY-835 No expires_in field in issued OAuth tokens
UY-836 Do not show consent screen UI when it is auto accepted
UY-838 It should be possible to set infinite refresh token lifetime

RELEASE 2.7.3

New features:

UY-455 Login the user after automatically accepted registration
UY-817 Do not require password reset after changing password storage policy
UY-820 Case insensitive sorting in IdPs selection grid
UY-823 Improve detection of session expiration
UY-824 Refactor password reset not to use pop up
UY-826 Allow to inspect credential status in users table in AdminUI
UY-827 Inspecting storage ratio factor quality
UY-829 Add cancel on outdated credential screen
UY-830 Create general persistent id identity together with entity

Bugs fixed:

UY-819 Bulk resolving of group members is missing some of dynamic attributes

RELEASE 2.7.2

New features:

Bugs fixed:

UY-816 Race condition in RDBMS cache flushing

RELEASE 2.7.1

New features:

UY-790 Faster entities loading in AdminUI
UY-793 More flexible OAuth trusted URL matching
UY-794 Option to reload (update) message templates from config
UY-795 Subject text field in template editor should be 100% wide
UY-813 Allow to configure a custom link for signup on authentication screen
UY-814 Enable Norwegian locale

Bugs fixed:

UY-812 Fix sorting and searching on authN screen

RELEASE 2.7.0

New features:

UY-769 Support for requiring an invitation-preset remote identity and login_hint
UY-773 Remove viewer of registration form
UY-775 Update of issued invitation
UY-778 Improve registration form rendering
UY-779 Refactor registration at login to use standalone view
UY-782 Do not skip UI loading when skipConsent=true but enquiry is waiting
UY-784 Simplify outdated credential handling
UY-787 Improve credential reset UX
UY-789 Show basic group stats instead of attribute classes
UY-755 Possibility of filling out registration form based on output from external IdP
UY-760 Flexible configuration of registration form content.
UY-761 Registration form layout configuration.
UY-762 Dynamic selection of configured group on registration form.
UY-763 Contextual selection of attributes group on registration form.
UY-764 Auto processing of invitations of given registration form.
UY-765 Custom parameters in invitation, used in invitation email
UY-774 Support alternative template variable delimiter for loading from properties file
UY-777 EndpointDIsplayname by default set as page title, for registration forms view configurable

Bugs fixed:

UY-751 Remember me token not removed when LogoutMode == internalOnly
UY-767 Drop feature allowing to have attribute in a group without being a member
UY-768 DB dump is not updated after first download (FF only?)
UY-770 It is not possible to manually add preferences entry for OAuth/SAML SP
UY-772 Confirmation state of identities/attributes prefilled by invitation is always overriden
UY-780 Fix and test unicore/PAM module
UY-781 Increased memory usage for external SAML fed authN
UY-783 Password score not taken into account when checking existing password validity at login
UY-785 Composite password credential breaks re-authn
UY-786 Outdated credential not shown if triggered by 1st factor of 2FA
UY-788 Managing custom attribute columns broken in some edge cases

OLDER REVISIONS

Here you can download previous versions from the series and read their documentation: