Changelog History
-
v3.1.Alpha4
November 21, 2016 -
v3.1.Alpha3
October 31, 2016 -
v3.1.Alpha2
October 31, 2016 -
v3.1.Alpha11
December 02, 2016 -
v3.1.Alpha10 Changes
November 23, 2016- ๐ Circle CI build: https://circleci.com/gh/osiam/osiam/544
- Downloads: https://dl.bintray.com/osiam/downloads/osiam/3.1.Alpha10/
-
v3.1.Alpha1
October 24, 2016 -
v3.0 Changes
August 09, 2016๐ฅ Breaking changes!
๐ In this release, the auth-server and resource-server have been merged into a single application. For a detailed explanation about how to migrate from ๐ OSIAM 2.5 to OSIAM 3.0, see the [migration notes](docs/migration.md).
๐ Features
- โ Run as a standalone application using the
.warfile as an executable, i.e. just runosiam.waron the command line like you would run any other command. - ๐ Support for H2 database has been added and a file-based one is the default configuration from now on. The usage scenarios are small installations, testing and development.
- ๐ง Load configuration, files and assets from arbitrary paths in the filesystem. Introduce the notion of a home directory that contains all these things. The home directory will be automatically initialized on startup. The home directory can also be initialized on the command line. See the [documentation] (docs/detailed-reference-installation.md) for details.
- ๐ป Migration and initialization of the database can be done from the command line
with the
migrateDbcommand. See [Initialize the Database from the Command Line] (docs/detailed-reference-installation.md#initialize-the-database-from-the-command-line). - ๐ Configure SCIM extensions in the configuration file. See [Configuring SCIM Extension](docs/detailed-reference-installation.md#configuring-scim-extension).
- ๐ Connections via AJP can be used now. This is disabled by default. See [Enable AJP support](docs/detailed-reference-installation.md#enable-ajp-support).
- ๐ง Set the logging level with the configuration property
osiam.logging.level. - It's possible to filter all returned resources returned by request to the
/Usersand/GroupsURLs, including searches, by passing a comma separated list of attributes to be included in the returned resources. - The display attribute of a multi-valued attribute get persisted from now on.
๐ Changes
- โก๏ธ Updating resources via PATCH was not SCIM compliant and has been removed. Resources can still be updated via PUT. See the migration notes for details.
- Distribution artifacts have been completely dropped. The
.warfile contains all needed files and assets now. - 0๏ธโฃ Use sensible defaults for logging. Default level is now error, Spring stuff is logging warnings, and OSIAM logs on info level.
- โ Remove unneeded attributes from default login template.
- โ Remove ability to search by a
User's password. - ๐ง The configuration file has been changed to YAML format.
- ๐ง All configuration properties have been moved to a new namespace
osiam. - Require a Java runtime environment of at least version 8.
- โ Remove support for deprecated method-based OAuth scopes.
- ๐ Allow colons (:) as field separators for URNs of extensions, since this is what the SCIM specification defines. Using periods (.) is still possible, but will log a warning message.
- Fields of the core schemas for user and group can be fully qualified, i.e.
filter=urn:ietf:params:scim:schemas:core:2.0:User:userName sw "J". - Example data will now be created during startup. If there are no clients in the database, an example client will be created. If there are no users in the database, an initial admin user will be created. The details of the client and user will be logged. This removes the creation of initial data during the database setup.
- ๐ Replace SHA-512 with BCrypt for hashing passwords. When a user logs in, their password will be automatically migrated to BCrypt. Support for SHA-512 password hashes will be removed in OSIAM 4.0.
- ๐ Snapshot builds can now be downloaded from Bintray (GPG Signature).
๐ Fixes
- Reply with 400 BAD REQUEST to invalid filters.
- Reply with 500 INTERNAL SERVER ERROR, instead of 409 CONFLICT, on unexpected errors.
- ๐ Change URL of service provider configuration resource from
/ServiceProviderConfigsto/ServiceProviderConfig. - Always return the
idattribute, when searching forUsers. - Return a SCIM 2 compliant
Userwhen querying/Me. This replaces the old Facebook connector. - ๐ Use JSON error messages with
/token/*endpoints instead of HTML documents.
- โ Run as a standalone application using the
-
v3.0.CR2 Changes
August 09, 2016๐ Circle CI build: https://circleci.com/gh/osiam/osiam/487
-
v3.0.CR1 Changes
June 09, 2016๐ CircleCI Build: https://circleci.com/gh/osiam/osiam/478
๐ Changelog
๐ฅ Breaking changes!
๐ In this release, the auth-server and resource-server have been merged into a
single application. For a detailed explanation about how to migrate from
๐ OSIAM 2.5 to OSIAM 3.0, see the migration notes.๐ Features
- โ Run as a standalone application using the
.warfile as an executable, i.e.
๐ป just runosiam.waron the command line like you would run any other command. - ๐ Support for H2 database has been added and a file-based one is the default
๐ง configuration from now on. The usage scenarios are small installations,
โ testing and development. - ๐ง Load configuration, files and assets from arbitrary paths in the filesystem.
Introduce the notion of a home directory that contains all these things. The
home directory will be automatically initialized on startup. The home
๐ directory can also be initialized on the command line. See the documentation for details. - ๐ป Migration and initialization of the database can be done from the command line
๐ with themigrateDbcommand. See Initialize the Database from the Command Line. - ๐ Configure SCIM extensions in the configuration file. See
๐ง Configuring SCIM Extension. - ๐ Connections via AJP can be used now. This is disabled by default. See
๐ Enable AJP support. - ๐ง Set the logging level with the configuration property
osiam.logging.level. - It's possible to filter all returned resources returned by request to the
/Users
and/GroupsURLs, including searches, by passing a comma separated list of
attributes to be included in the returned resources. - The display attribute of a multi-valued attribute get persisted from now on.
๐ Changes
- Distribution artifacts have been completely dropped. The
.warfile contains
๐ฑ all needed files and assets now. - 0๏ธโฃ Use sensible defaults for logging. Default level is now error, Spring stuff
๐ is logging warnings, and OSIAM logs on info level. - โ Remove unneeded attributes from default login template.
- โ Remove ability to search by a
User's password. - ๐ง The configuration file has been changed to YAML format.
- ๐ง All configuration properties have been moved to a new namespace
osiam. - Require a Java runtime environment of at least version 8.
- โ Remove support for deprecated method-based OAuth scopes.
- ๐ Allow colons (:) as field separators for URNs of extensions, since this is
what the SCIM specification defines. Using periods (.) is still possible,
โ but will log a warning message. - Fields of the core schemas for user and group can be fully qualified, i.e.
filter=urn:ietf:params:scim:schemas:core:2.0:User:userName sw "J". - Example data will now be created during startup. If there are no clients in
the database, an example client will be created. If there are no users in the
database, an initial admin user will be created. The details of the client and
๐ user will be logged. This removes the creation of initial data during the
database setup. - ๐ Replace SHA-512 with BCrypt for hashing passwords. When a user logs in, their
๐ password will be automatically migrated to BCrypt. Support for SHA-512
๐ password hashes will be removed in OSIAM 4.0.
๐ Fixes
- Reply with 400 BAD REQUEST to invalid filters.
- Reply with 500 INTERNAL SERVER ERROR, instead of 409 CONFLICT, on unexpected
errors. - ๐ Change URL of service provider configuration resource from
/ServiceProviderConfigsto/ServiceProviderConfig. - Always return the
idattribute, when searching forUsers. - Return a SCIM 2 compliant
Userwhen querying/Me. This replaces the old Facebook
connector. - ๐ Use JSON error messages with
/token/*endpoints instead of HTML documents.
- โ Run as a standalone application using the
-
v2.5 Changes
December 22, 2015๐ Changelog
OSIAM Auth Server 2.5
๐ Features
๐ Use JDBC connection pooling
0๏ธโฃ By default the pool has a size of 10 and a timeout of 30s to acquire a connection.
๐ง These settings can be changed with the following configuration properties:org.osiam.auth-server.db.maximum-pool-size
-
org.osiam.auth-server.db.connection-timeout-ms๐ Support retrieving list of clients
๐ Use the resource endpoint
/ClientwithGET.๐ง Make number of parallel connections to the auth-server configurable
๐ง The default is 40 and can be changed with the following configuration property:
-
org.osiam.resource-server.connector.max-connections๐ง Make timeouts of connections to auth-server configurable
0๏ธโฃ By default the read timeout is set to 10000ms and the connect timeout to 5000ms.
๐ง These settings can be changed with the following configuration properties:org.osiam.resource-server.connector.read-timeout-msorg.osiam.resource-server.connector.connect-timeout-ms
๐ Changes
โ Add Flyway migration to replace method-based scopes
๐ The migration removes all method-based scopes from the auth-server client and adds the scope
ADMIN.0๏ธโฃ Increase default timeouts for connections to resource-server
0๏ธโฃ By default the read timeout is set to 10000ms and the connect timeout to 5000ms.
0๏ธโฃ Increase default maximum number of parallel connections to resource-server
0๏ธโฃ The default is 40.
Switch to Spring Boot
๐จ Refactor database schema
Note: Some fields in table
osiam_clienthave been renamed:accesstokenvaliditysecondsbecomesaccess_token_validity_secondsrefreshtokenvaliditysecondsbecomesrefresh_token_validity_secondsvalidityinsecondsbecomesvalidity_in_seconds
โก๏ธ Update your SQL scripts, if you add OAuth 2 clients via direct database manipulation.
It's recommended to use the RESTful endpoints under/Clientto manage Clients.๐ Fixes
Make sure
access_token,refresh_tokenandtoken_typeare added only
๐ once to the returned Access Token (Fixes #42).โ Remove
scopesfrom the Access Token (Fixes #51).Prevent NPE when
User#activeis null๐ Handle duplicate client creation error on application level
Respond with Conflict 409 when a client with a requested client id already
existsโก๏ธ Updates
- OSIAM connector4java 1.8
- MySQL JDBC driver 5.1.37
- PostgreSQL JDBC driver 9.4-1205
- ๐ OAuth2 for Spring Security 2.0.8
OSIAM Resource Server 2.5
๐ Features
๐ Use JDBC connection pooling
0๏ธโฃ By default the pool has a size of 10 and a timeout of 30s to acquire a connection.
๐ง These settings can be changed with the following configuration properties:org.osiam.resource-server.db.maximum-pool-size
-
org.osiam.resource-server.db.connection-timeout-msPopulate the
typefield of aGroup's membersMembers of a
Grouphave theirtypefield set to eitherUserorGroup.๐ง Make number of parallel connections to the auth-server configurable
๐ง The default is 40 and can be changed with the following configuration property:
-
org.osiam.auth-server.connector.max-connections๐ง Make timeouts of connections to auth-server configurable
0๏ธโฃ By default the read timeout is set to 10000ms and the connect timeout to 5000ms.
๐ง These settings can be changed with the following configuration properties:org.osiam.auth-server.connector.read-timeout-msorg.osiam.auth-server.connector.connect-timeout-ms
๐ Changes
0๏ธโฃ Increase default timeouts for connections to auth-server
0๏ธโฃ By default the read timeout is set to 10000ms and the connect timeout to 5000ms.
0๏ธโฃ Increase default maximum number of parallel connections to auth-server
0๏ธโฃ The default is 40.
Switch to Spring Boot
๐จ Refactor database schema
Note: Some fields in table
scim_extension_fieldhave been renamed:extension_internal_idbecomesextension;is_requiredbecomesrequired;
โก๏ธ Update your SQL scripts, if you add SCIM 2 extensions via direct database
manipulation.๐ฒ Produce a meaningful log message and respond with
503 TEMPORARILY UNAVAILABLE
instead of409 CONFLICTif the auth-server cannot be reached to validate or
revoke an access token.All invalid search queries now respond with a
400 BAD REQUESTinstead of
409 CONFLICTstatus code.Respond with
401 UNAUTHORIZEDwhen revoking or validating an access token
fails because of invalid access token.โ Remove configuration property
org.osiam.resource-server.db.dialectโ Remove self written profiling solution since we now use the Metrics
๐ง framework. This removes the configuration propertyorg.osiam.resource-server.profiling๐ Make the generated errors SCIM compliant
Error responses look like this according to Scim 2:
{ "schemas": ["urn:ietf:params:scim:api:messages:2.0:Error"], "detail": "Resource 2819c223-7f76-453a-919d-413861904646 not found", "status": "404" }๐ Fixes
Only set
UserEntity#activeif value is not nullPrevents a NPE when storing users that have no value for the
activefield.๐ Use correct schema for Scim resources
Affected resources and the changes are:
User:urn:scim:schemas:core:2.0:Userbecomesurn:ietf:params:scim:schemas:core:2.0:UserGroup:urn:scim:schemas:core:2.0:Groupbecomesurn:ietf:params:scim:schemas:core:2.0:GroupListResponse:urn:scim:schemas:core:2.0:User/urn:scim:schemas:core:2.0:Groupbecomesurn:ietf:params:scim:api:messages:2.0:ListResponseServiceProviderConfig:urn:scim:schemas:core:2.0:ServiceProviderConfigbecomesurn:ietf:params:scim:schemas:core:2.0:ServiceProviderConfig
โก๏ธ Updates
- OSIAM connector4java 1.8
- MySQL JDBC driver 5.1.37
- PostgreSQL JDBC driver 9.4-1205
- AspectJ 1.8.7
- Metrics Spring Integration 3.1.2