IMPORTANT NOTE ON OPENJDK
Unity requires Java VM to be installed (JRE). Minimum supported version is 8. Unity is also tested on Java 11, which become supported since release 3.0 and becomes a default platform from release 3.2.
GENERAL INFORMATION ABOUT THE RELEASE
There are two distribution formats:
- tar.gz bundle which can be unpacked and this way installed in a single directory,
- rpm which can be installed system-wide in the Linux standard locations.
The rpm is build and tested on Centos 8, noarch. It should work flawlessly also on recent Fedora distributions. We may build packages for other distributions in future, however the tar.gz format should be fully portable and is our primary distribution form.
We found couple of issues related to the initial versions of migration (especially the in place DB-based migration) from Unity 2 to 3. Those issues were fixed in version 3.1.1. This post provides more details if you are affected. What is more initial versions of new editors added in Console (authenticators, services and IdPs) caused couple of unintentional changes to the original configuration. Those issues were fixed in 3.1.2 version.
3.5.X RELEASE SERIES
Unity 3.5.0 release brings couple of significant new features.
Important SAML handling enhancements
There were multiple updates to the SAML subsystem:
- proper support for HTTP-Redirect binding signatures (both verification and generation)
- support for validating signatures which do not specify signing key in it, for peers that have multiple trusted keys
- fixes in SOAP-Binding metadata produced by Unity
Login-less support for FIDO/WebAuthn
Login-less support for FIDO means not typing a password, but also… not typing a username. The feature is available only for devices capable to store site data on it and in general is recommended for biometric keys only. Otherwise user needs to provide a PIN – instead of username.
Major logging improvements
In this release we improved Unity logging a lot. Until now it was quite hard to setup decent logging in Unity: default level was too silent, while global DEBUG was way too talkative. We applied numerous changed to improve the situation:
- Default logging levels were adjusted. By default Unity will log much more information, all important facts. Using Unity with default logging configuration should be fine for the most of cases.
- No logging facility logs under the root ‘unity.server’ category directly. All loggers that previously used it were moved to use a more specific sub category (e.g. ”unity.server.audit’). That way ‘unity.server’ root category is only responsible for setting a default for all loggers, and each subsystem logging can be flexible reconfigured.
- Many new logging categories were added, improving granularity of loggers.
- We have added diagnostic context. Client IP, user’s entity id, endpoint name can be logged with every log entry that has those settings set in their context.
MySQL 8 supported
As MySQL 8 reserved one new keyword which was used in Unity’s DB schema a fix was needed to make Unity working on MySQL 8. It is supported since this release.
Upgrade from 3.4
Upgrade from previous release should not be problematic. Internal data migration is not performed in this release. There might be need to update your logging configuration file – details are provided in the Unity manual, in the upgrading chapter.
DETAILED LIST OF CHANGES
This version was skipped due to technical problem in the release automation.
Please go straight to the next version.