All Versions
10
Latest Version
Avg Release Cycle
52 days
Latest Release
1836 days ago

Changelog History

  • v3.1.Alpha4

    November 21, 2016
  • v3.1.Alpha3

    October 31, 2016
  • v3.1.Alpha2

    October 31, 2016
  • v3.1.Alpha11

    December 02, 2016
  • v3.1.Alpha1

    October 24, 2016
  • v3.0 Changes

    August 09, 2016

    ๐Ÿ’ฅ Breaking changes!

    ๐Ÿš€ In this release, the auth-server and resource-server have been merged into a single application. For a detailed explanation about how to migrate from ๐Ÿ‘€ OSIAM 2.5 to OSIAM 3.0, see the [migration notes](docs/migration.md).

    ๐Ÿ”‹ Features

    • โš™ Run as a standalone application using the .war file as an executable, i.e. just run osiam.war on the command line like you would run any other command.
    • ๐Ÿ‘Œ Support for H2 database has been added and a file-based one is the default configuration from now on. The usage scenarios are small installations, testing and development.
    • ๐Ÿ”ง Load configuration, files and assets from arbitrary paths in the filesystem. Introduce the notion of a home directory that contains all these things. The home directory will be automatically initialized on startup. The home directory can also be initialized on the command line. See the [documentation] (docs/detailed-reference-installation.md) for details.
    • ๐Ÿ’ป Migration and initialization of the database can be done from the command line with the migrateDb command. See [Initialize the Database from the Command Line] (docs/detailed-reference-installation.md#initialize-the-database-from-the-command-line).
    • ๐Ÿ‘€ Configure SCIM extensions in the configuration file. See [Configuring SCIM Extension](docs/detailed-reference-installation.md#configuring-scim-extension).
    • ๐Ÿ‘€ Connections via AJP can be used now. This is disabled by default. See [Enable AJP support](docs/detailed-reference-installation.md#enable-ajp-support).
    • ๐Ÿ”ง Set the logging level with the configuration property osiam.logging.level.
    • It's possible to filter all returned resources returned by request to the /Users and /Groups URLs, including searches, by passing a comma separated list of attributes to be included in the returned resources.
    • The display attribute of a multi-valued attribute get persisted from now on.

    ๐Ÿ”„ Changes

    • โšก๏ธ Updating resources via PATCH was not SCIM compliant and has been removed. Resources can still be updated via PUT. See the migration notes for details.
    • Distribution artifacts have been completely dropped. The .war file contains all needed files and assets now.
    • 0๏ธโƒฃ Use sensible defaults for logging. Default level is now error, Spring stuff is logging warnings, and OSIAM logs on info level.
    • โœ‚ Remove unneeded attributes from default login template.
    • โœ‚ Remove ability to search by a User's password.
    • ๐Ÿ”ง The configuration file has been changed to YAML format.
    • ๐Ÿ”ง All configuration properties have been moved to a new namespace osiam.
    • Require a Java runtime environment of at least version 8.
    • โœ‚ Remove support for deprecated method-based OAuth scopes.
    • ๐Ÿ‘ Allow colons (:) as field separators for URNs of extensions, since this is what the SCIM specification defines. Using periods (.) is still possible, but will log a warning message.
    • Fields of the core schemas for user and group can be fully qualified, i.e. filter=urn:ietf:params:scim:schemas:core:2.0:User:userName sw "J".
    • Example data will now be created during startup. If there are no clients in the database, an example client will be created. If there are no users in the database, an initial admin user will be created. The details of the client and user will be logged. This removes the creation of initial data during the database setup.
    • ๐Ÿ”Š Replace SHA-512 with BCrypt for hashing passwords. When a user logs in, their password will be automatically migrated to BCrypt. Support for SHA-512 password hashes will be removed in OSIAM 4.0.
    • ๐Ÿ— Snapshot builds can now be downloaded from Bintray (GPG Signature).

    ๐Ÿ›  Fixes

    • Reply with 400 BAD REQUEST to invalid filters.
    • Reply with 500 INTERNAL SERVER ERROR, instead of 409 CONFLICT, on unexpected errors.
    • ๐Ÿ”„ Change URL of service provider configuration resource from /ServiceProviderConfigs to /ServiceProviderConfig.
    • Always return the id attribute, when searching for Users.
    • Return a SCIM 2 compliant User when querying /Me. This replaces the old Facebook connector.
    • ๐Ÿ‘‰ Use JSON error messages with /token/* endpoints instead of HTML documents.
  • v3.0.CR2 Changes

    August 09, 2016

    ๐Ÿ— Circle CI build: https://circleci.com/gh/osiam/osiam/487

  • v3.0.CR1 Changes

    June 09, 2016

    ๐Ÿ— CircleCI Build: https://circleci.com/gh/osiam/osiam/478

    ๐Ÿ”„ Changelog

    ๐Ÿ’ฅ Breaking changes!

    ๐Ÿš€ In this release, the auth-server and resource-server have been merged into a
    single application. For a detailed explanation about how to migrate from
    ๐Ÿ‘€ OSIAM 2.5 to OSIAM 3.0, see the migration notes.

    ๐Ÿ”‹ Features

    • โš™ Run as a standalone application using the .war file as an executable, i.e.
      ๐Ÿ’ป just run osiam.war on the command line like you would run any other command.
    • ๐Ÿ‘Œ Support for H2 database has been added and a file-based one is the default
      ๐Ÿ”ง configuration from now on. The usage scenarios are small installations,
      โœ… testing and development.
    • ๐Ÿ”ง Load configuration, files and assets from arbitrary paths in the filesystem.
      Introduce the notion of a home directory that contains all these things. The
      home directory will be automatically initialized on startup. The home
      ๐Ÿ“š directory can also be initialized on the command line. See the documentation for details.
    • ๐Ÿ’ป Migration and initialization of the database can be done from the command line
      ๐Ÿ‘€ with the migrateDb command. See Initialize the Database from the Command Line.
    • ๐Ÿ‘€ Configure SCIM extensions in the configuration file. See
      ๐Ÿ”ง Configuring SCIM Extension.
    • ๐Ÿ‘€ Connections via AJP can be used now. This is disabled by default. See
      ๐Ÿ“„ Enable AJP support.
    • ๐Ÿ”ง Set the logging level with the configuration property osiam.logging.level.
    • It's possible to filter all returned resources returned by request to the /Users
      and /Groups URLs, including searches, by passing a comma separated list of
      attributes to be included in the returned resources.
    • The display attribute of a multi-valued attribute get persisted from now on.

    ๐Ÿ”„ Changes

    • Distribution artifacts have been completely dropped. The .war file contains
      ๐Ÿฑ all needed files and assets now.
    • 0๏ธโƒฃ Use sensible defaults for logging. Default level is now error, Spring stuff
      ๐Ÿ”Š is logging warnings, and OSIAM logs on info level.
    • โœ‚ Remove unneeded attributes from default login template.
    • โœ‚ Remove ability to search by a User's password.
    • ๐Ÿ”ง The configuration file has been changed to YAML format.
    • ๐Ÿ”ง All configuration properties have been moved to a new namespace osiam.
    • Require a Java runtime environment of at least version 8.
    • โœ‚ Remove support for deprecated method-based OAuth scopes.
    • ๐Ÿ‘ Allow colons (:) as field separators for URNs of extensions, since this is
      what the SCIM specification defines. Using periods (.) is still possible,
      โš  but will log a warning message.
    • Fields of the core schemas for user and group can be fully qualified, i.e.
      filter=urn:ietf:params:scim:schemas:core:2.0:User:userName sw "J".
    • Example data will now be created during startup. If there are no clients in
      the database, an example client will be created. If there are no users in the
      database, an initial admin user will be created. The details of the client and
      ๐Ÿšš user will be logged. This removes the creation of initial data during the
      database setup.
    • ๐Ÿ”Š Replace SHA-512 with BCrypt for hashing passwords. When a user logs in, their
      ๐Ÿ‘ password will be automatically migrated to BCrypt. Support for SHA-512
      ๐Ÿšš password hashes will be removed in OSIAM 4.0.

    ๐Ÿ›  Fixes

    • Reply with 400 BAD REQUEST to invalid filters.
    • Reply with 500 INTERNAL SERVER ERROR, instead of 409 CONFLICT, on unexpected
      errors.
    • ๐Ÿ”„ Change URL of service provider configuration resource from
      /ServiceProviderConfigs to /ServiceProviderConfig.
    • Always return the id attribute, when searching for Users.
    • Return a SCIM 2 compliant User when querying /Me. This replaces the old Facebook
      connector.
    • ๐Ÿ‘‰ Use JSON error messages with /token/* endpoints instead of HTML documents.
  • v2.5 Changes

    December 22, 2015

    ๐Ÿ”„ Changelog

    OSIAM Auth Server 2.5

    ๐Ÿ”‹ Features

    ๐Ÿ‘‰ Use JDBC connection pooling

    0๏ธโƒฃ By default the pool has a size of 10 and a timeout of 30s to acquire a connection.
    ๐Ÿ”ง These settings can be changed with the following configuration properties:

    • org.osiam.auth-server.db.maximum-pool-size

    - org.osiam.auth-server.db.connection-timeout-ms

    ๐Ÿ‘Œ Support retrieving list of clients

    ๐Ÿ‘‰ Use the resource endpoint /Client with GET.

    ๐Ÿ”ง Make number of parallel connections to the auth-server configurable

    ๐Ÿ”ง The default is 40 and can be changed with the following configuration property:

    - org.osiam.resource-server.connector.max-connections

    ๐Ÿ”ง Make timeouts of connections to auth-server configurable

    0๏ธโƒฃ By default the read timeout is set to 10000ms and the connect timeout to 5000ms.
    ๐Ÿ”ง These settings can be changed with the following configuration properties:

    • org.osiam.resource-server.connector.read-timeout-ms
    • org.osiam.resource-server.connector.connect-timeout-ms

    ๐Ÿ”„ Changes

    โž• Add Flyway migration to replace method-based scopes

    ๐Ÿšš The migration removes all method-based scopes from the auth-server client and adds the scope ADMIN.

    0๏ธโƒฃ Increase default timeouts for connections to resource-server

    0๏ธโƒฃ By default the read timeout is set to 10000ms and the connect timeout to 5000ms.

    0๏ธโƒฃ Increase default maximum number of parallel connections to resource-server

    0๏ธโƒฃ The default is 40.

    Switch to Spring Boot

    โ™ป๏ธ Refactor database schema

    Note: Some fields in table osiam_client have been renamed:

    • accesstokenvalidityseconds becomes access_token_validity_seconds
    • refreshtokenvalidityseconds becomes refresh_token_validity_seconds
    • validityinseconds becomes validity_in_seconds

    โšก๏ธ Update your SQL scripts, if you add OAuth 2 clients via direct database manipulation.
    It's recommended to use the RESTful endpoints under /Client to manage Clients.

    ๐Ÿ›  Fixes

    Make sure access_token, refresh_token and token_type are added only
    ๐Ÿ›  once to the returned Access Token (Fixes #42).

    โœ‚ Remove scopes from the Access Token (Fixes #51).

    Prevent NPE when User#active is null

    ๐Ÿ– Handle duplicate client creation error on application level

    Respond with Conflict 409 when a client with a requested client id already
    exists

    โšก๏ธ Updates

    • OSIAM connector4java 1.8
    • MySQL JDBC driver 5.1.37
    • PostgreSQL JDBC driver 9.4-1205
    • ๐Ÿ”’ OAuth2 for Spring Security 2.0.8

    OSIAM Resource Server 2.5

    ๐Ÿ”‹ Features

    ๐Ÿ‘‰ Use JDBC connection pooling

    0๏ธโƒฃ By default the pool has a size of 10 and a timeout of 30s to acquire a connection.
    ๐Ÿ”ง These settings can be changed with the following configuration properties:

    • org.osiam.resource-server.db.maximum-pool-size

    - org.osiam.resource-server.db.connection-timeout-ms

    Populate the type field of a Group's members

    Members of a Group have their type field set to either User or Group.

    ๐Ÿ”ง Make number of parallel connections to the auth-server configurable

    ๐Ÿ”ง The default is 40 and can be changed with the following configuration property:

    - org.osiam.auth-server.connector.max-connections

    ๐Ÿ”ง Make timeouts of connections to auth-server configurable

    0๏ธโƒฃ By default the read timeout is set to 10000ms and the connect timeout to 5000ms.
    ๐Ÿ”ง These settings can be changed with the following configuration properties:

    • org.osiam.auth-server.connector.read-timeout-ms
    • org.osiam.auth-server.connector.connect-timeout-ms

    ๐Ÿ”„ Changes

    0๏ธโƒฃ Increase default timeouts for connections to auth-server

    0๏ธโƒฃ By default the read timeout is set to 10000ms and the connect timeout to 5000ms.

    0๏ธโƒฃ Increase default maximum number of parallel connections to auth-server

    0๏ธโƒฃ The default is 40.

    Switch to Spring Boot

    โ™ป๏ธ Refactor database schema

    Note: Some fields in table scim_extension_field have been renamed:

    • extension_internal_id becomes extension;
    • is_required becomes required;

    โšก๏ธ Update your SQL scripts, if you add SCIM 2 extensions via direct database
    manipulation.

    ๐ŸŒฒ Produce a meaningful log message and respond with 503 TEMPORARILY UNAVAILABLE
    instead of 409 CONFLICT if the auth-server cannot be reached to validate or
    revoke an access token.

    All invalid search queries now respond with a 400 BAD REQUEST instead of
    409 CONFLICT status code.

    Respond with 401 UNAUTHORIZED when revoking or validating an access token
    fails because of invalid access token.

    โœ‚ Remove configuration property org.osiam.resource-server.db.dialect

    โœ‚ Remove self written profiling solution since we now use the Metrics
    ๐Ÿ”ง framework. This removes the configuration property org.osiam.resource-server.profiling

    ๐Ÿ‘‰ Make the generated errors SCIM compliant

    Error responses look like this according to Scim 2:

    {
      "schemas": ["urn:ietf:params:scim:api:messages:2.0:Error"],
      "detail": "Resource 2819c223-7f76-453a-919d-413861904646 not found",
      "status": "404"
    }
    

    ๐Ÿ›  Fixes

    Only set UserEntity#active if value is not null

    Prevents a NPE when storing users that have no value for the active field.

    ๐Ÿ‘‰ Use correct schema for Scim resources

    Affected resources and the changes are:

    • User: urn:scim:schemas:core:2.0:User becomes urn:ietf:params:scim:schemas:core:2.0:User
    • Group: urn:scim:schemas:core:2.0:Group becomes urn:ietf:params:scim:schemas:core:2.0:Group
    • ListResponse: urn:scim:schemas:core:2.0:User/urn:scim:schemas:core:2.0:Group becomes urn:ietf:params:scim:api:messages:2.0:ListResponse
    • ServiceProviderConfig: urn:scim:schemas:core:2.0:ServiceProviderConfig becomes urn:ietf:params:scim:schemas:core:2.0:ServiceProviderConfig

    โšก๏ธ Updates

    • OSIAM connector4java 1.8
    • MySQL JDBC driver 5.1.37
    • PostgreSQL JDBC driver 9.4-1205
    • AspectJ 1.8.7
    • Metrics Spring Integration 3.1.2