UAA 3.2.0 Release Notes

New Features

• JDK Update to 1.8.0_73
• Clicking on the App under where to in the Dashboard should open a new tab
• Merged UAA as SAML IDP contributed by GE
• Enforce the WantSignedAssertion and signedRequests in SAML for all Identity Zones
• Implement Session Cookie Config
• Support filter by Member & Requesting specified attributes for Groups
• Expose UAA properties per Identity Zone
• Allow /check_token to perform authorization

Features In Progress

• Revocable Tokens
  • Create revocable token storage
• JWT & SAML Key Persistence & Rotation
  • Changes to secure private key information for SAML & JWT in the Zone
  • Bootstrap legacy jwt keys as part of keypair list for default zone config
  • Generate the verification key based on the Signing key
  • Add validation for SAML Key Pair and Passphrase

Bugs Fixes

• UAA fails to start when upgrading to v2.7.2 & above if LDAP is configured
• SAML Logout does not send a SAML logout request to the IDP (SSO2)
• SiteMinder Login Redirects to /favicon.ico
• SAML IDP Roles Mapping doesn't work
• Deleting a zone should create an audit log
• Accessing any of the client metadata end points without the accept header throws 500
• autocomplete=false does not work, it needs to be autocomplete=off
• Authentication to UAA after disable of internal auth throws 500 instead of 401
• /login with Accept="application/json" redirects to saml provider if there is only one provider and internal user store is disabled.
• Logout Redirect properties are being applied to the zone
• Ignore verificationKey during json serialization/deserialization of TokenPolicy
• Remove implicit grant and autoapprove true from cf client in cf-properties.yml