Releases · indigo-iam/iam

27 Sep 09:01

enricovianello

v1.10.2.rc.20240927

30284b9

INDIGO Identity and Access Management Service v1.10.2 Pre-release

Pre-release

What's Changed

Add devcontainer configuration by @darcato in #835
Track refresh tokens in access token AUDIT logs by @rmiccoli in #838
Combine CERN HR logic with internal life-cycle by @enricovianello in #844

Contributors

enricovianello, darcato, and rmiccoli

Assets 2

22 Aug 10:21

enricovianello

v1.10.1

ada2c24

INDIGO Identity and Access Management Service v1.10.1 Latest

Latest

What's Fixed

Fix repeated suspensions by @enricovianello in #831
Fix typo in AUDIT log for suspended accounts by @federicaagostini in #832
Upgrade AngularJS version by @SteDev2 in #820
Fix AUP signature validity by @rmiccoli in #834

Contributors

enricovianello, SteDev2, and 2 other contributors

Assets 2

05 Aug 13:13

enricovianello

v1.10.0

621570f

INDIGO Identity and Access Management Service v1.10.0

What's Changed

Send an email when client status changes by @rmiccoli in #802
Add a statistical anonymous endpoint by @rmiccoli in #790
PATCH to change AUP signature time works also for client credentials by @rmiccoli in #804
Add AUP and user's lifecycle missing email notifications by @rmiccoli in #787
Add groups enrollment logic to be applied after users registration by @garaimanoj in #793
Add the organization name in all email notifications subjects by @rmiccoli in #810
Improve password quality check by @SteDev2 in #719
Allow to totally disable cache by @federicaagostini in #778

Bug Fixes

Refresh token flow not allowed for suspended clients by @rmiccoli in #814
Update angular-jwt script link by @SteDev2 in #822
Fix error 500 on old mitreId user interface by @SteDev2 in #808

Configuration Fixes

Prefix all necessary env variables with IAM_ by @federicaagostini in #807
- As described into #807, the environment variables DEFAULT_ACCESS_TOKEN_VALIDITY_SECONDS, DEFAULT_DEVICE_CODE_VALIDITY_SECONDS, DEFAULT_ID_TOKEN_VALIDITY_SECONDS and DEFAULT_REFRESH_TOKEN_VALIDITY_SECONDS have been renamed with IAM_ prefix.
Fix client track-last-used setting location in .yaml by @enricovianello in #795
- The client's "last-used" tracking has been disabled by default. You can turn it on by setting IAM_CLIENT_TRACK_LAST_USED as true. This feature allows administrators to see how many days have last since last token was issued for each client.
The redis-cache.enabled property has been moved to cache.redis.enabled. This property is set by the same environment variable IAM_REDIS_CACHE_ENABLED so configurations that relies on this variable are not affected.

Documentation Fixes

VOMS-AA replica deployment example provided by @darcato in #729

Contributors

enricovianello, SteDev2, and 4 other contributors

Assets 2

06 Jun 15:16

enricovianello

v1.9.0

7d0c523

INDIGO Identity and Access Management Service v1.9.0

What's Changed

Show unrestricted scopes into well-known endpoint by @federicaagostini in #628
Fix account lifecycle workflow by @rmiccoli in #746
Administrators can disable a client by @garaimanoj in #747
Change VOMS warning message when requesting a too long proxy by @federicaagostini in #756
VO members can re-sign the AUP at any time by @garaimanoj in #757
Add delete signature and sign on behalf by @enricovianello in #777
Increase SAML response skew from 60 to 300 secs by @enricovianello in #780
Multiplatform docker by @jacogasp in #761
(Experimental*) Fix audit log for issued access tokens and add refresh token event by @federicaagostini in #774
Fix authorization on SCIM me endpoint by @enricovianello in #764
(Experimental*) Add attributes and managed groups to the SCIM user by @enricovianello in #764
(Experimental*) Add authorities list to SCIM user by @enricovianello in #788
Add last used property to clients by @darcato in #675
Display how much time is left to AUP expiry by @garaimanoj in #783
Allow to add nickname as attribute during a registration request by @federicaagostini in #789

* The introduced AUDIT messages and info to the SCIM user must be considered as experimental and they may be changed in next RC/releases in a backward incompatible way

New Contributors

@garaimanoj made his first contribution in #757
@jacogasp made his first contribution in #761

Notes

SCIM users response can now be extended in order to list also:

user's attributes
user's authorities
user's managed groups

In order to include authorities and|or managed groups into SCIM users details you need to enable them through the following properties:

scim:
  include_authorities: true
  include_managed_groups: true

or through the environment variables:

IAM_SCIM_INCLUDE_AUTHORITIES=true
IAM_SCIM_INCLUDE_MANAGED_GROUPS=true

Attributes can be included into SCIM user response in the same way the labels are:

scim.include_attributes[0].name=attribute-name
scim.include_attributes[1].name=another-attribute-name

Full Changelog: v1.8.4...v1.9.0

Contributors

enricovianello, jacogasp, and 4 other contributors

Assets 2

25 Mar 16:45

federicaagostini

v1.8.4

0714724

INDIGO Identity and Access Management Service v1.8.4

v1.8.4 (2024-03-25)

Added

Add property to show SQL queries (default to false) #702
Add refresh token value index on database #722
Add support for admin to customize login layout #668

Fixed

Encode/decode token value hash with Charset UTF-8 to match the MySQL algorithm #694
Update the email address/username without needs to refresh the web UI #686
Allow Chinese characters to be shown on user's info column #701
Update login form display strategy #669

Changed

Only registered users can get client credentials grant type #683
Remove possibility to add a client logo URI #697
Disable client editing through MitreID endpoint (/api/clients/*) #703
Request for an optional "Apply for an account with eduGAIN" button #665

Assets 2

20 Dec 10:18

enricovianello

v1.8.3

07b5dd4

INDIGO Identity and Access Management Service v1.8.3

Recommendations

It is strongly recommended to make a backup of your database before upgrading to v1.8.3 because several migrations are planned. Also, remember that for updates from versions prior to v1.7.2 you must first upgrade to v1.7.2.
The migration to v1.8.3 will take an amount of time which will be proportional to the amount of currently active access tokens. This means that if you are deploying IAM with some kind of liveness and readiness probes, it's probably better to switch them off before upgrading. This migration may take a long time.

Changed

Save access token value as an hash in order to use lighter db indexes and avoid conflicts by @rmiccoli in #613
Avoid upper case characters into VO names by @SteDev2 in #616
Enable Redis scope matchers and well-known endpoint caching by @federicaagostini in #633
Consider scope matcher based on string equality for custom scopes by @rmiccoli in #642

Added

Add SCIM endpoint entry to well-known endpoint by @federicaagostini in #631
Update account AUP signature time via API by @rmiccoli in #608
Add new JWT profile that rename 'groups' claim with 'roles' by @enricovianello in #637
Add support for displaying specific language name in federation Metadata by @Sae126V in #640
Add missing "Reuse refresh token" box within client management page by @rmiccoli in #650
Add missing foreign keys to the database by @enricovianello, @rmiccoli in #632, #659
Add OpenID Connect standard claims in ATs for WLCG JWT profile by @rmiccoli in #651

Fixed

Allow to add certificates with the same subject DN by @rmiccoli in #624
Delete unsupported response types by @rmiccoli in #610
Fix management of tokens lifetime following RFC9068 by @federicaagostini in #620
Fix CERN Restore workflow by @hannahshort in #645
Fix authz code flow with PKCE for IAM test client application by @rmiccoli in #653
Fix authorization on IAM APIs such to avoid cases where access is granted to already approved scopes instead of effective token scopes by @enricovianello in #664