OSIAM v3.0.CR1 Release Notes

Release Date: 2016-06-09 // almost 8 years ago
  • ๐Ÿ— CircleCI Build: https://circleci.com/gh/osiam/osiam/478

    ๐Ÿ”„ Changelog

    ๐Ÿ’ฅ Breaking changes!

    ๐Ÿš€ In this release, the auth-server and resource-server have been merged into a
    single application. For a detailed explanation about how to migrate from
    ๐Ÿ‘€ OSIAM 2.5 to OSIAM 3.0, see the migration notes.

    ๐Ÿ”‹ Features

    • โš™ Run as a standalone application using the .war file as an executable, i.e.
      ๐Ÿ’ป just run osiam.war on the command line like you would run any other command.
    • ๐Ÿ‘Œ Support for H2 database has been added and a file-based one is the default
      ๐Ÿ”ง configuration from now on. The usage scenarios are small installations,
      โœ… testing and development.
    • ๐Ÿ”ง Load configuration, files and assets from arbitrary paths in the filesystem.
      Introduce the notion of a home directory that contains all these things. The
      home directory will be automatically initialized on startup. The home
      ๐Ÿ“š directory can also be initialized on the command line. See the documentation for details.
    • ๐Ÿ’ป Migration and initialization of the database can be done from the command line
      ๐Ÿ‘€ with the migrateDb command. See Initialize the Database from the Command Line.
    • ๐Ÿ‘€ Configure SCIM extensions in the configuration file. See
      ๐Ÿ”ง Configuring SCIM Extension.
    • ๐Ÿ‘€ Connections via AJP can be used now. This is disabled by default. See
      ๐Ÿ“„ Enable AJP support.
    • ๐Ÿ”ง Set the logging level with the configuration property osiam.logging.level.
    • It's possible to filter all returned resources returned by request to the /Users
      and /Groups URLs, including searches, by passing a comma separated list of
      attributes to be included in the returned resources.
    • The display attribute of a multi-valued attribute get persisted from now on.

    ๐Ÿ”„ Changes

    • Distribution artifacts have been completely dropped. The .war file contains
      ๐Ÿฑ all needed files and assets now.
    • 0๏ธโƒฃ Use sensible defaults for logging. Default level is now error, Spring stuff
      ๐Ÿ”Š is logging warnings, and OSIAM logs on info level.
    • โœ‚ Remove unneeded attributes from default login template.
    • โœ‚ Remove ability to search by a User's password.
    • ๐Ÿ”ง The configuration file has been changed to YAML format.
    • ๐Ÿ”ง All configuration properties have been moved to a new namespace osiam.
    • Require a Java runtime environment of at least version 8.
    • โœ‚ Remove support for deprecated method-based OAuth scopes.
    • ๐Ÿ‘ Allow colons (:) as field separators for URNs of extensions, since this is
      what the SCIM specification defines. Using periods (.) is still possible,
      โš  but will log a warning message.
    • Fields of the core schemas for user and group can be fully qualified, i.e.
      filter=urn:ietf:params:scim:schemas:core:2.0:User:userName sw "J".
    • Example data will now be created during startup. If there are no clients in
      the database, an example client will be created. If there are no users in the
      database, an initial admin user will be created. The details of the client and
      ๐Ÿšš user will be logged. This removes the creation of initial data during the
      database setup.
    • ๐Ÿ”Š Replace SHA-512 with BCrypt for hashing passwords. When a user logs in, their
      ๐Ÿ‘ password will be automatically migrated to BCrypt. Support for SHA-512
      ๐Ÿšš password hashes will be removed in OSIAM 4.0.

    ๐Ÿ›  Fixes

    • Reply with 400 BAD REQUEST to invalid filters.
    • Reply with 500 INTERNAL SERVER ERROR, instead of 409 CONFLICT, on unexpected
      errors.
    • ๐Ÿ”„ Change URL of service provider configuration resource from
      /ServiceProviderConfigs to /ServiceProviderConfig.
    • Always return the id attribute, when searching for Users.
    • Return a SCIM 2 compliant User when querying /Me. This replaces the old Facebook
      connector.
    • ๐Ÿ‘‰ Use JSON error messages with /token/* endpoints instead of HTML documents.