Skip to content

Release Notes#

Notice#

This document, also known as the Gluu Release Note, relates to the Gluu Server Release versioned 4.1. The work is licensed under “The Apache 2.0 License” allowing the use, copy, modify, merge, publish, distribute, sub-license and sale without limitation and liability. This document extends only to the aforementioned release version in the heading.

UNLESS IT HAS BEEN EXPRESSLY AGREED UPON BY ANY WRITTEN AGREEMENT BEFOREHAND, THE WORK/RELEASE IS PROVIDED “AS IS”, WITHOUT ANY WARRANTY OR GUARANTEE OF ANY KIND EXPRESS OR IMPLIED. UNDER NO CIRCUMSTANCE, THE AUTHOR, OR GLUU SHALL BE LIABLE FOR ANY CLAIMS OR DAMAGES CAUSED DIRECTLY OR INDIRECTLY TO ANY PROPERTY OR LIFE WHILE INSTALLING OR USING THE RELEASE.

Purpose#

The document is released with the Version 4.1 of the Gluu Software. The purpose of this document is to provide the changes made/new features included in this release of the Gluu Software. The list is not exhaustive and there might be some omission of negligible issues, but the noteworthy features, enhancements and fixes are covered.

Background#

The Gluu Server is a free open source identity and access management (IAM) platform. The Gluu Server is a container distribution composed of software written by Gluu and incorporated from other open source projects.

The most common use cases for the Gluu Server include single sign-on (SSO), mobile authentication, API access management, two-factor authentication, customer identity and access management (CIAM) and identity federation.

Documentation#

Please visit the Gluu Documentation Page for the complete documentation and administrative guide.

Available components in Gluu Server 4.1#

  • oxAuth, oxTrust, oxCore v4.1
  • Gluu OpenDJ v3.0.1
  • Shibboleth v3.4.4
  • Passport v4.1
  • Java v1.8.0_112
  • Node.js v9.9.0
  • Jetty-distribution-9.4.12.v20180830
  • Jython v2.7.2a
  • Weld 3.0.0
  • FluentD 3.5
  • Redis

Version 4.1.1#

GluuFederation/community-edition-setup#

  1. Allow post-install RADIUS.
  2. Remove del, exp indexes in gluu_cache and gluu_token Couchbase buckets
  3. Fix database connections issues in Casa/SAML scripts
  4. Add missing exp index (LDAP only)
  5. Fix IDP3 idp-metadata.xml template
  6. Fix OpenDJ schema

GluuFederation/oxCore#

  1. Couchbase TTL support.
  2. Use TTL in Native Cache (Couchbase only)
  3. Don't try to delete expired cache entry in Native Cache on get operation (Couchbase only)
  4. Document store support: Local/JCA
  5. Introduce more connection parameters for jedis client to get better performance #182
  6. Fix bind connection creation when LDAP server not requires password
  7. Fix scan consistency check if filter uses LOWER keyword
  8. Use Jython 2.7.2

GluuFederation/Casa#

  1. Fix DB connections issue

GluuFederation/oxidp#

  1. Fix Gluu cache entry update.

GluuFederation/oxTrust#

  1. SAML metadata validation issue in all 4.x instances #1928
  2. Added new redis configuration properties to UI (oxCore #182)
  3. Fix custom script properties scope
  4. Added provisional code for attributes cache clearing #1934
  5. Added jwksAlgorithmsSupported oxAuth json conf property #1933
  6. Update unsecure uri error message in client form
  7. GUI for Store IDP/SP files in configurable document store #1939
  8. Fix custom script SAML ACR selection

GluuFederation/oxAuth#

  1. Remove bootfaces on default login page.
  2. Add JSON Configuration properties to control JWKS endpoint algorithms #1292
  3. Fixed bug with keyRegenerationInterval which did not work if value is more then 595 (due to type overflow) #1299

4.1#

GluuFederation/oxAuth#

  • #1237 Overlap in QR code scanning for super gluu authentication

  • #1233 Don't insert ou=pairwiseIdentifiers tree node into DB which not supports tree model

  • #1232 Support localel with - instead of _ in the name

  • #1231 Cluster: CM rotates keys but oxauth is not aware of it. Keystore is loaded only at start up.

  • #1229 After some time oxauth running keys idToken can't be issued due to keys problem

  • #1221 During MTLS authentication session user is not re-configured which leads to infinite loop between authorization action and endpoint

  • #1218 Store extra parameters after final authnetication step

  • #1217 Front-channel logout breaks when cache type is set to redis or memcached.

  • #1214 Fix oidc session change detection

  • #1210 JWT signature fails when using algorithms other than RSA

  • #1209 Support domain cookie option in session cookies

  • #1208 Fix native cache random errors which led to 3% AuthZ flow failures

  • #1207 Failed to render updates in oxAuthRP

  • #1201 Allow to change cleaner interval without restarting oxAuth

  • #1200 "sub" claim is absent from id_token and userinfo response when certain attributes are used as source for it

  • #1199 Registered clients disappear one day after created regardless of client expiration value ?

  • #1189 Issued session_id claim in RO grant type

  • #1188 Add new method to ROPC scritp to allow modify token response

  • #1147 Use new delete method with filter in clean up jobs

  • #1078 Check expiration of JWT encoded profile used in passport flows

GluuFederation/oxTrust#

  • #1905 Allow to specify inum in API calls

  • #1904 Few Fido2 JSON parameter are missing in GUI

  • #1897 Keeping client's 'change secret' blank removing existing clientSecret

  • #1896 redis password is not mandatory

  • #1895 Remove sentinelMasterGroupName in redisConfiguration

  • #1893 Name change: "Custom Attributes" to something else

  • #1892 Enforce https scheme for redirect_uri in web UI

  • #1888 Hide "Manage Saml Acrs" menu if SAML is not installed

  • #1885 Make username field readonly while editing person

  • #1884 Make inum field readonly while editing person

  • #1882 Inaccurate description of scim field in attribute form

  • #1880 Enable/Disable OpenDJ mail uniqueness

  • #1878 Unable to create unexpired client

  • #1877 Wrong time in client form

  • #1876 Test Cache Provider

  • #1875 Show warning when gluuCustomperson attributes list is empty on User Form

  • #1874 Store server stats in separate entry

  • #1872 Fix defaultScope checkbox in scope form

  • #1871 Client Attributes can't be persisted from web UI

  • #1728 Implement SCIM change log and expose API to get changes from certain date

GluuFederation/oxShibboleth#

GluuFederation/gluu-passport#

  • #73 Encrypt profile data

  • #66 Sending data other than profile data from passport to custom script?

  • #65 Support logout for IDPs

GluuFederation/community-edition-setup#

  • #634 add oxd and casa for post setup installation

  • #629 Change ownership on oxauth.xml and identity.xml during setup

  • #613 Preisntall memcached int ochroot

GluuFederation/oxcore#

  • #177 Cache should supports mehods hasKey and allow to put data without expiration

  • #176 findEntries defect

  • #175 Support LDAP configuration update via EntryManager API

  • #173 Fix random user authentication test failure after user auto-enrollment in oxAuth Person auth Script

  • #172 Fix Native cache clean up

  • #171 Add In Memory local cache to cache small data sets

  • #168 Server do wrong redirects when oxAuth/oxTrust is behind LB

GluuFederation/SCIM-Client#