Skip to content

Release Notes#

Notice#

This document, also known as the Gluu Release Note, relates to the Gluu Server Release versioned 3.1.3. The work is licensed under “The MIT License” allowing the use, copy, modify, merge, publish, distribute, sub-license and sale without limitation and liability. This document extends only to the aforementioned release version in the heading.

UNLESS IT HAS BEEN EXPRESSLY AGREED UPON BY ANY WRITTEN AGREEMENT BEFOREHAND, THE WORK/RELEASE IS PROVIDED “AS IS”, WITHOUT ANY WARRANTY OR GUARANTEE OF ANY KIND EXPRESS OR IMPLIED. UNDER NO CIRCUMSTANCE, THE AUTHOR, OR GLUU SHALL BE LIABLE FOR ANY CLAIMS OR DAMAGES CAUSED DIRECTLY OR INDIRECTLY TO ANY PROPERTY OR LIFE WHILE INSTALLING OR USING THE RELEASE.

Lifecycle#

Status: Active Release

Released Community EOL Enterprise EOL
May 2018 April 2020 April 2021

Purpose#

The document is released with the Version 3.1.3 of the Gluu Software. The purpose of this document is to provide the changes made/new features included in this release of the Gluu Software. The list is not exhaustive and there might be some omission of negligible issues, but the noteworthy features, enhancements and fixes are covered.

Background#

The Gluu Server is a free open source identity and access management (IAM) platform. The Gluu Server is a container distribution composed of software written by Gluu and incorporated from other open source projects.

The most common use cases for the Gluu Server include single sign-on (SSO), mobile authentication, API access management, two-factor authentication, customer identity and access management (CIAM) and identity federation.

Documentation#

Please visit the Gluu Documentation Page for the complete documentation and administrative guide.

Available components in Gluu Server 3.1.3#

  • oxAuth, oxTrust, oxCore v3.1.2
  • Gluu OpenLDAP v2.4.44-5
  • Gluu OpenDJ v3.0
  • Shibboleth v3.2.1
  • Asimba forked from v1.3.0 + v1.3.1 snapshot changes (v1.3.1 was never released)
  • Passport v0.3.2
  • Java v1.8.0_112
  • Node.js v6.9.1
  • Jetty-distribution-9.3.15.v20161220
  • Jython v2.7.0
  • Weld 3.0.0
  • FluentD 3.5
  • Redis

New features#

Fixes / Enhancements#

GluuFederation/oxAuth#

  • #785 Add support for CacheProvider/Redis authentication

  • #780 Use of SHA-1 in JweEncrypterImpl.java and JweDecrypterImpl.java

  • #779 OpenID configuration: frontchannel_logout_supportedreturns value as string, not boolean

  • #777 Misnomers in passport icons prevents usage of certain social strategies of passport

  • #772 UMA Introspection endpoint throw NPE when access sub claim

  • #770 Fields don't match in userinfo and entrospection endpoints' responses

  • #768 oxAuth showing error when trying to SSO using SAML SP

  • #763 Allow to provide list of possible claims bound to a specific dynamic scope in corresponding OP's metadata elements

  • #762 Multi LDAP basic authenticaton script should update authentication metrics

  • #758 FIDO U2F application id should be either IP/DNS

  • #755 Add creation and expiration dates to UMA resource entry

  • #754 Add description and oxdID to client metadata

  • #752 It seems oxAuth doesn't return claims in id_token when "response_type=id_token" is used

  • #749 Enable client to restrict javascript origin

  • #747 RPT introspection : we must keep it compatible with OAuth2 introspection and return seconds in exp

  • #746 add client_id to RPT introspection

  • #743 Add JSON property to enable admin to turn off authz for openid scope

  • #739 Fix the list of scopes in the authorization page

  • #738 Subject controlled scope

  • #735 Allow to customize messages.properties

  • #725 UmaRptIntrospectionService returning expiration time different than umaRptLifetime

  • #664 Support extra parameters sent during UMA permission ticket request

  • #519 Dynamic scope should contains list of allowed claims

GluuFederation/oxTrust#

  • #968 Added Custom custom script don't behave as expected when the script name contains some character.

  • #908 Return 404 or 200 instead of 400 for SCIM fido search if user has no devices attached

  • #907 In Add Person form user is not able to navigate to next input field by pressing the [Tab] button in keyboard

  • #906 Selected Entity ID name and Change Entity ID link showing as a single link

  • #903 Improve password reset functionality

  • #877 Some meta information not retrieved via SCIM if user was not created or updated with the API itself

  • #876 Increase upper limit on max_count for scim json property and adjust descriptive text

  • #874 No certificate upload button available

  • #872 Show Clients using UMA Scope

  • #871 UMA scope Download/Link is 404

  • #870 Make oxTrust Favicon standard Gluu transparent icosahedron

  • #869 Re-login instead of displaying oops Page

  • #868 Avoid execution of sorting if no sortBy param is specified in SCIM searches

  • #866 'Add custom script configuration' drop down box

  • #864 Display Resource creation date and associated RS

  • #861 Overall user experience for adding a person by using the Add person form

  • #860 GUI problems in Manage Authentication

  • #858 Different lists on OIDC-related pages has remove controls' column skewed

  • #857 Add 'server:port' instead of 'server' in Cache Refresh

  • #854 Redirect URI delete icons don't line up

  • #853 'Inbound' button available though 'Asimba' is false

  • #850 AuthorizationProcessingFilter should check to which API client make an call

  • #847 "SAML-> Configure Custom NameId" page uses confusing names for its controls

  • #846 NameId form should update "saml-nameid.xml" too

  • #845 SCIM interceptor script should implement postAddUser/postUpdateUser/postDeleteUser

  • #844 UMA Resource Registration : Scope and Scope expression are mutually exclusive

  • #842 Unable to remove multivalue attribute value in person form

  • #841 Person form should display attribute mandatory correctly

  • #818 Multi value Gluu Person attribute delete clears all value

  • #787 oxTrust need to display and log explicit warnings about email non-uniqueness

  • #748 Change data type "Photo" to "binary"

GluuFederation/oxShibboleth#

  • #42 generate ZIP file - attribute-map.xml - released attribute strings are not replaced

  • #40 Error in relying-party.xml when "encryptNameIDs" set to "conditional"

  • #39 Delete custom NameID from the GUI

  • #38 Scope should use domain, not hostname

  • #37 Shib configuration is trying to load 'openldap.crt' in 'gluu-openDJ' setup

  • #36 Federated metadata is not loading in metadata-providers.xml

GluuFederation/gluu-passport#

  • #10 Readability of passport log

GluuFederation/community-edition-setup#

  • #419 Rebuild 3.1.2 RC2 with OpenDJ/Jython/Binaries update

  • #418 Upgrade: permission of Shibb metadata after upgrade

  • #417 Create tmpfile.d conf for jetty configuration

GluuFederation/oxcore#

  • #76 Update java libs to latest versions. Upgrade 3rd party components

  • #75 Fix redirect to app_script.log file after update Jython to 2.7.1

  • #68 Sorting in operations facade is operating upon an empty list, not actual result set

GluuFederation/SCIM-Client#

  • #68 Scim client - test source resources references UMA1 instead of uma2 discovery

GluuFederation/gluu-asimba#