Skip to content

Releases: georchestra/georchestra-gateway

1.1.0

19 Aug 09:24
Compare
Choose a tag to compare

What's Changed

  • Upgrade to Java 21 and update dependencies by @groldan in #134
  • Removed CORS proxy by @emmdurin in #135
  • Use a GatewayFilter to redirect to the login page when given a login query parameter by @groldan in #133
  • Preserve response headers when redirecting application error to gateway error pages by @groldan in #136

Full Changelog: 1.0.0...1.1.0

1.0.0

27 Jun 12:56
Compare
Choose a tag to compare

What's Changed

  • adding languages support to Gateway by @marwanehcine in #43
  • Proxy to external URLs by @emmdurin in #49
  • Adding path customization for messages translation files by @marwanehcine in #51
  • local account creation for user connected with external identity provider by @marwanehcine in #45
  • Allowing users to login with email in addition of UID by @marwanehcine in #50
  • Fix OAuth2 authentication issues after spring boot upgrade by @marwanehcine in #52
  • Fixed startup crash when OAuth2 is disabled by @emmdurin in #55
  • Inform admins when new oauth2 account is created using spring rabbit events (gateway) by @marwanehcine in #54
  • Documentation custom error pages by @edevosc2c in #64
  • making Rabbitmq optional for gateway - deactivated by default by @marwanehcine in #62
  • Fix rabbitHealthIndicator issue when rabbitmq is disabled by @marwanehcine in #66
  • remove cors/csrf java code configuration, in favor of regular spring-cloud-gateway configuration by @pmauduit in #59
  • Fixed whoami crash when IDP returns null claims by @emmdurin in #65
  • Upgrade git-commit-id-maven-plugin:5.0.0->7.0.0 by @groldan in #67
  • Remove georchestra submodule by @groldan in #69
  • Remove datadir submodule, replace by minimal copy required for Gateway tests by @groldan in #71
  • Refactor LDAP account creation functionality for better separation of concerns by @groldan in #72
  • Disable CSRF protections by @pmauduit in #73
  • push to docker hub github actions per commit by @edevosc2c in #74
  • simplify configuration override from the georchestra datadir by @pmauduit in #77
  • Add pre-auth header authentication to Gateway for trusted proxy by @groldan in #63
  • LdapAccountsManager - skip organization creation of org is empty by @pmauduit in #80
  • fix: geOrchestra json headers - organization as json payload is not transmitted by @pmauduit in #82
  • preauth - making sure the authenticated flag on the token is set to true by @pmauduit in #87
  • whoami - avoid revealing sensitive info (password) in the output by @pmauduit in #88
  • preauth - being able to receive base64-encoded headers by @pmauduit in #90
  • Roles loading from LDAP for OAuth2 users by @emmdurin in #84
  • Adding Optional Default Org for OAuth2 users by @marwanehcine in #85
  • Allow building with a Java 21 JDK by @groldan in #92
  • Implement editable logout redirection url by @f-necas in #95
  • Updated OAuth2 provider and organization fields in account creation e-mails by @emmdurin in #91
  • Refactored OAuth2 accounts in LDAP by @emmdurin in #96
  • Rabbitmq - Fix event sending process by @marwanehcine in #81
  • Set logout redirection with oidc too by @f-necas in #97
  • Map connection exceptions to HTTP 503 status code instead of 500 by @groldan in #98
  • Fixed OAuth2 account deletion by @emmdurin in #100
  • Adds Docker-hub documentation by @f-necas in #99
  • Preserve host header and pass x-forwarded headers by @edevosc2c in #104
  • Removed logout confirmation page by @emmdurin in #106
  • adding customized error pages with a specific api for error handling by @marwanehcine in #107
  • maven/build - adds a debian packaging profile by @pmauduit in #111
  • Fixed issue for authenticated by email users who change their email by @emmdurin in #115
  • Fixed proxy when PreserveHost filter is enabled and blocked local URLs by @emmdurin in #119
  • Show error message to OAuth2 user when a matching local account already exists by @emmdurin in #116
  • Returns ExtendedGeorchestraUser object when createUserInLdap set to true by @pmauduit in #114
  • login - fix thymeleaf integration (reverts a modification from #114) by @pmauduit in #121
  • Catch application errors to display standardized error page by @emmdurin in #122
  • Fix truncated response body when catching application errors to display standardized error page by @groldan in #124
  • preserve host header + set forward-headers-strategy FRAMEWORK by @edevosc2c in #109
  • Fixed exception when a user has no organization by @emmdurin in #123
  • Introducing a sec-external-authentication flag http header to identify local vs remote users by @marwanehcine in #101
  • preauth - http header names are case insensitive (#125) by @pmauduit in #126
  • Bump org.springframework.security:spring-security-oauth2-client from 5.6.2 to 5.6.9 by @dependabot in #70
  • Added documentation for general OAuth2 and specific FranceConnect configuration by @emmdurin in #130
  • login - do not hardcode header's script url (#117) by @pmauduit in #118
  • Adds preauth external provider header by @f-necas in #131

New Contributors

Full Changelog: v23.1-RC1...1.0.0

Release 23.1-RC1

26 Jun 02:58
v23.1-RC1
d5974b7
Compare
Choose a tag to compare

What's Changed

  • License file in #1
  • trying to implement proxy configuration for the oauth2 client by @pmauduit in #3
  • Prototype applying georchestra access rules by @pmauduit in #4
  • Package refactoring, load and apply service access rules by @groldan in #5
  • Oauth2 User Service class should also be configured against a proxy, if provided (#8) by @pmauduit in #9
  • Build improvements by @groldan in #10
  • Install maven wrapper and update README and github workflow accordingly by @groldan in #13
  • Support appending sec-* headers as configured, resolved from authenticated user by @groldan in #12
  • Remove authenticated config prop from RoleBasedAccessRule, anonymous=false is enough by @groldan in #15
  • Fix access rules order and add integration tests by @groldan in #16
  • Allow OpenID Connect authentication to go through HTTP proxy by @groldan in #17
  • Use JSONPath to map OpenIDConnect claims to roles and org name by @groldan in #18
  • Feature/auth with multiple ldap dbs by @groldan in #19
  • Add support for LDAP Active Directory authentication. by @groldan in #20
  • AD - changing strategy for authenticating users via Active Directory by @pmauduit in #21
  • Add liveness and readiness management probes end points by @groldan in #22
  • Allow to specify LDAP's user search returned attributes by @groldan in #23
  • Support multiple jsonpath expressions to extract roles from OIDC claims by @groldan in #24
  • Gateway user roles feature (sync from DT gitlab) by @emmdurin in #25
  • Added customizable login and logout pages by @emmdurin in #26
  • Add configuration to extract the user id from an OpenID Connect non-standard claim by @groldan in #31
  • custom login page - dynamically iterates over the oauth2 registered clients by @pmauduit in #27
  • Login: rework ui by @tkohr in #29
  • Fix for OAuth2 providers using HS256 token algorithm by @emmdurin in #30
  • add condition to print oauth section by @jeanmi151 in #33
  • Fixed condition for showing LDAP section of login page by @emmdurin in #34
  • Make all requests having a ?login param to be authenticated by @jahow in #32
  • Fixed OAuth2 support of all MAC algorithm and short client secrets by @emmdurin in #38
  • password rotation for gateway by @marwanehcine in #37
  • Gateway update to handle login errors by @marwanehcine in #42
  • Added cookie affinity filter by @emmdurin in #41
  • Use the OAuth2 registration name if client name is not provided for the login page by @groldan in #46
  • Allow to disable the georchestra header by @groldan in #47
  • Add filters used by GeoServer Cloud by @groldan in #48

New Contributors

Full Changelog: https://github.com/georchestra/georchestra-gateway/commits/v23.1-RC1