3.0.X RELEASE

THE LATEST RELEASE

3.0.0 was published on 18.10.2019

DOCUMENTATION OF THE RELEASE

can be read from:

IMPORTANT NOTE ON OPENJDK

Unity requires Java VM to be installed (JRE). Minimum supported version is 8. Unity is also tested on Java 11, which become supported since release 3.0 and becomes a default platform from release 3.1.

GENERAL INFORMATION ABOUT THE RELEASE

There are two distribution formats:

  • tar.gz bundle which can be unpacked and this way installed in a single directory,
  • rpm which can be installed system-wide in the Linux standard locations.

The rpm is build and tested on Centos 7, noarch. It should work flawlessly also on SL7 and recent Fedora distributions. We may build packages for other distributions in future, however the tar.gz format should be fully portable and is our primary distribution form.

3.0.X RELEASE SERIES

Please welcome Admin Console!

The biggest change in Unity 3 is a new administrative web UI: Admin Console (or Console for short). It completely replaces the legacy Admin UI.

The grand goal of adding Console was to expose all functionalities Unity has, over a web interface. Previously Unity administrator was forced to follow a hybrid approach: directory was managed with web interface, but many other settings like authenticators were only reachable from config files. Now almost everything is exposed within the Console.

It is hard to enumerate all improvements it has, the best is to give it a try. The most notable items are:

  • Complete management:
    • realms, authenticators, authentication flows
    • all endpoints (note that in console are now broken into two sections: IdPs and Services)
    • trusted certificates
    • all features of Admin UI
  • Many of existing views were refreshed to offer a better UX
    • better use of screen size, no more vertically split panels (besides directory browser, but see below)
    • sorting and filtering in all relevant places
    • small improvements in many places (e.g. on realms view you can check which endpoints are using it)
    • refreshed directory browser: some things still to come, but its UX is greatly improved already now. For instance attribute values are instantly visible for each selected entity, groups can be searched, and multiselected, attribute statements presentation is more compact.
  • New main layout with left bar navigation
  • Lightweight, faster loading, compared to AdminUI
  • Input and Output profiles are now 1-1 bound with their corresponding authenticator or endpoint (respectively). No more “global” view of profiles, e.g. editing of an input profile is now a part of authenticator editing.
  • Deep linking: you can login instantly to a specific part of Admin Console.

 

Audit log available

In Console you can now browse Audit log. Unity from version 3.0 stores audit traces of most important operations that were performed on the directory. That’s an initial version of this subsystem with certain gaps, but it is already now very functional and provides valuable insights into history of Unity deployment.

Audit log can be queried using simple but flexible filters bar, providing information on all changed attributes, groups, and entities.

 

Remaining notable improvements

  • Java 11 is finally supported. Java 8 can still be used. In close future we are going to deprecate Java 8. Java 12 & 13 should work too, but was not tested.
  • It is possible to outsource message templates management and message sending to an external service. Admins can integrate Unity with dedicated mail systems or marketing/CMS software and manage all organization communication from one place.
  • RFC 7662 support was added, i.e. a standard OAuth token introspection endpoint. (the proprietary one is still available for backwards compatibility).
  • Smarter checking of dependencies when updating credential definitions. Changes which can’t make stored passwords invalid are now neither blocked nor constrained.

 

Upgrade from 2.x

The upgrade from 2.8 should be easy. The biggest configuration change is related to turned off by default reloading of configuration changes from configuration files upon restart. This can be however reconfigured to have Unity 2 behavior.

Upgrade from older 2.x versions may be more problematic, so we advise to first perform a successful update to 2.8 and then to 3.0. However, technically it is fully possible to upgrade from any 2.x version to 3.0. The only problem are all incompatible configuration changes that were introduce in 2.x releases.

In any case make sure to read upgrade instruction in manual. While easy there are important facts to understand, as introduction of Admin Console changed default startup behavior.

DETAILED LIST OF CHANGES

New features:
  • UY-30 Implement auditing
  • UY-847 Authentication flows management in console UI
  • UY-851 Registration forms control in Console
  • UY-852 Local credentials controls in Console
  • UY-853 Input Translation Profiles in Console
  • UY-854 Trusted certificates management in console UI
  • UY-855 Output Translation Profiles control in Console
  • UY-856 External Identity Providers management in Console
  • UY-857 Authentication > Setup main page in Console
  • UY-858 Create/update oauth2 authenticator in Console
  • UY-859 Create/update oauth-rp authenticator in Console
  • UY-860 Create/update password authenticator in Console
  • UY-861 Create/update composite-password authenticator in Console
  • UY-862 Create/update sms authenticator in Console
  • UY-863 Create/update jwt authenticator in Console
  • UY-864 Create/update pam authenticator in Console
  • UY-868 Create/update ldap or ldap-cert authenticator in Console
  • UY-872 Prepare Unity for Java 11 support
  • UY-873 SAML authenticator configuration in Console
  • UY-874 Option to outsource message templates to notification service provider
  • UY-876 Registration requests control in Console
  • UY-877 Invitations control in Console
  • UY-878 Message templates in console
  • UY-879 Backup and restore in console
  • UY-880 Users processing automation in console
  • UY-882 Credential requirements in console
  • UY-883 Attribute classes in console
  • UY-884 Identity types in console
  • UY-885 Attribute types in console
  • UY-888 Create/update cert authenticator in Console
  • UY-891 Support for safe control of uploadable contents from console
  • UY-892 Directory browser in console
  • UY-897 Enable French locale
  • UY-898 Precise checking when credential update may break dependent objects
  • UY-901 Create Services view with REST Admin endpoint support
  • UY-902 Admin console management view with web endpoint authentication
  • UY-903 Upman service management
  • UY-904 WellKnownLinks service management
  • UY-905 HomeUI endpoint management
  • UY-906 JWT service management
  • UY-910 OAuth IdP Management
  • UY-911 Standard token introspection endpoint for OAuth (RFC 7662)
  • UY-915 SAML IdP Management
  • UY-921 Prepare 3.0 optimized default configuration and update notes
  • UY-821 Enrich realms
  • UY-728 New task oriented admin Vaddin endpoint
  • UY-729 Introduce new left side menu.
  • UY-730 Implement deep linking
  • UY-731 Left side menu should be toggleable
  • UY-742 Introduce Realms management in admin console UI.
  • UY-809 Improve left side menu look and feel
  • UY-815 Minimalized version of left side menu
Bugs fixed:
  • UY-907 at_hash and c_hash missing in case of oidc hybrid and implicit flows
  • UY-909 Empty registration request editor when form does not use any signup methods

OLDER REVISIONS

Here you can download previous versions from the series and read their documentation:

nothing so far on 3.0.x branch