Skip to content

Latest commit

 

History

History
1372 lines (721 loc) · 49.2 KB

CHANGELOG.adoc

File metadata and controls

1372 lines (721 loc) · 49.2 KB
Raw

Change Log

AM - 2.10.21 (2020-10-20)

Bug fixes

Identity-provider

  • [http] cast issue #4474

AM - 2.10.20 (2020-10-10)

Bug fixes

Gateway

  • Email with special characters are not found during forgot password process #4359

  • Net client is not closed after HTTP health check probe #4384

Improvements

Gateway

  • Users should be found from their IDP during forgot password process #4360

AM - 2.10.19 (2020-09-08)

Bug fixes

Gateway

  • [register] Auto login feature must enable the user #4246

  • [scim] active status is not set while updating a user #4239

AM - 2.10.18 (2020-08-18)

Bug fixes

Gateway

  • Users cannot be updated after first authentication #4176

Management

  • Certificates are not initialized in cluster environment #4183

  • Email templates are not initialized in cluster environment #4182

  • Nimbus dependency is missing #4184

  • Registration confirmation email template expires after field is not working #4186

  • Reporters are not initialized in cluster environment #4177

  • User providers are not initialized in cluster environment #4180

AM - 2.10.17 (2020-07-07)

Bug fixes

Management

  • Attach base64 image to email templates #3984

AM - 2.10.16 (2020-07-01)

Bug fixes

Gateway

  • Keep custom HTML templates when error has occurred #4018

Management

  • Attach base64 image to email templates #3984

  • Pre-registration email not sent if account settings is not set #3966

  • REGISTRATION_CONFIRMATION_* events are not stored #3978

Improvements

Gateway

  • Add consistency to the errors HTML templates #4016

AM - 2.10.15 (2020-06-10)

Improvements

Management

  • Set default IDP for user registration #3910

AM - 2.10.14 (2020-05-25)

Bug fixes

Gateway

  • User groups are missing during custom claims processing #3828

Features

Identity-provider

  • Add generic HTTP identity provider #3289

AM - 2.10.13 (2020-05-07)

Bug fixes

Gateway

  • Account is disabled after reset password (complete user registration option) #3627

AM - 2.10.12 (2020-04-27)

Bug fixes

Management-ui

  • Custom theme is not loaded #3529

Features

Management

  • Dynamic user registration #3399

AM - 2.10.11 (2020-03-26)

Bug fixes

Management-ui

  • Fix default-theme #3373

AM - 2.10.10 (2020-03-25)

Bug fixes

Gateway

  • [identity-provider] OIDC provider - encode the redirect URI #3324

  • [identity-provider] OIDC provider - use the id_token returned by the OpenID Provider when using the code flow AND the option "use ID token for user info" #3270

Management-ui

  • Clients pagination doesn’t work #3309

Features

Management

Management-ui

  • Theme customization #3341

AM - 2.10.9 (2020-02-19)

Bug fixes

Gateway

  • [oauth2] bulk tokens processors are not working after a MongoDB error #3237

Improvements

Repository

  • [mongodb] Upgrade MongoDB Driver #3240

AM - 2.10.8 (2020-02-03)

Bug fixes

Gateway

  • [oauth2] Introspection - synchronize certificates across domains #3147

Improvements

Management-ui

  • [audit] change log date format #3157

AM - 2.10.7 (2020-01-21)

Bug fixes

Gateway

  • [oauth2] remove "aud" claim in the Introspection Endpoint #3111

AM - 2.10.6 (2020-01-20)

Bug fixes

Gateway

  • [oauth2] Introspection - synchronize clients across domains #3076

  • [oauth2] Introspection endpoint response should contain the custom claims #3094

Improvements

Gateway

  • Registration confirmation template password validation #3057

Identity-provider

  • [ldap] add an option to not fetch LDAP groups #3083

AM - 2.10.5 (2020-01-08)

Bug fixes

Gateway

  • [oauth2] introspection endpoint must not search for a user if token was created via the client_credentials flow #3068

Management

  • Login process must loop through all identity providers #3008

  • [gateway] First start fail with official docker-compose #3064

Management-api

  • Pagination of results in users search endpoint of management API not working. #2994

Improvements

Gateway

  • [oauth2] Migration issue with scope AM v1 to v2 #3059

AM - 2.10.4 (2019-12-06)

Bug fixes

Gateway

  • [oauth2] Scopes should be enhanced also when the user requires some specific scopes #2958

Management

  • Apply new sync process to the management part #2953

  • Search audits for a specific user #2925

Improvements

Management

  • [Audit] add timeframe for the audit logs #2748

AM - 2.10.3 (2019-11-20)

Bug fixes

Gateway

  • [oidc] Propagate initial Authorization Request #2848

  • [SSO] Clients with different identity providers on same domain, can log in users via SSO #2675

  • [oidc] UserInfo with POST method returns 401 #2865

  • [oidc] [dcr] Reject registration where a redirect_uri has a fragment #2866

  • [oidc] auth_time should be a long value #2867

Oauth2

  • Redirect_uri matching act as a wildcard by default #2190

Features

Gateway

  • Deny access for disabled users with current HTTP session #2563

  • [logout] be able to revoke all user tokens after logout #2879

Improvements

Gateway

  • Propagate request parameters to the login page #2904

AM - 2.10.2 (2019-11-07)

Bug fixes

Gateway

  • [Autologin] fetch all user information after registration and reset password #2847

AM - 2.10.0 (2019-11-05)

Features

Gateway

  • Auto login after registration #2756

  • Auto login after reset password #2757

  • [Oidc] retrieve groups and roles on userinfo endpoint #2544

Management

  • Group Member Management #1923

Improvements

Gateway

  • [Oauth2] Allow to keep custom claim when refreshing token #2715

  • [Oidc] handle roles and groups for OIDC social authentification #2773

AM - 2.9.3 (2019-10-25)

Bug fixes

Gateway

  • [Oidc] social authentification with OIDC Provider is not working anymore #2772

Management

  • Extension grant grant_type missing for update operation #2761

AM - 2.9.2 (2019-10-18)

Bug fixes

Management

  • Be able to create multiple jwt-bearer grant type #2678

AM - 2.8.6 (2019-10-17)

Bug fixes

Management

  • Cannot unlock user if he has never been authenticated #2736

AM - 2.8.5 (2019-10-12)

Improvements

Gateway

  • [Identity Provider] use pooled connections for LDAP identity provider #2691

AM - 2.9.1 (2019-10-03)

Bug fixes

Gateway

  • Manage preflight requests for token and revoke endpoints #2679

  • [Oidc] ID Token is not propagated anymore #2633

Management

  • Global admin "Domain [null] can not be found." #2677

Management-ui

  • Error updating client with metadata #2685

AM - 2.9.0 (2019-09-18)

Bug fixes

Gateway

  • Client initialized with empty identity providers #2568

  • Generate token - password credentials - CORS issue #2535

Features

Gateway

  • [Consent] be able to force consent page #2416

  • [Extension-point] retrieve user consent technical id from the POST_CONSENT step #2582

  • Store contextual information about the current authentication transaction #1933

Identity-provider

  • Role mapping for "external" providers #2505

Management

  • Add metadata to a client #2342

  • Role management #2464

Improvements

Docker

  • Manage protocol within nginx #2560

AM - 2.8.4 (2019-09-18)

Bug fixes

Event

  • Some events are not published on the good domain #2561

Management

  • Cannot reset password or finalize user registration if user has no external id #2602

Improvements

Gateway

  • Remove technical error messages to avoid potential fraudulent access attempt #2614

AM - 2.8.3 (2019-08-15)

Bug fixes

Gateway

  • [Sync] all domains handle events for other domains #2532

AM - 2.8.2 (2019-08-05)

Bug fixes

Audits

  • Duplicate authentication events #2501

Extension-grant

  • Username claim is wrong after case-sensitivity feature #2482

Management

  • Social identity providers not working for admin domain #2500

Management-ui

  • One hour Account Blocked Duration is not displayed #2493

AM - 2.8.1 (2019-07-22)

Bug fixes

Am

  • [ui] minor bug client selection component #2471

Management-ui

  • LDAP identity provider form CSS overlapping issue #2477

Oauth

  • Typo in error_description #2470

Features

Am

  • [dcr] Manage templating (UI/UX enhancements) #2454

AM - 2.8.0 (2019-07-17)

Bug fixes

Audits

  • E11000 duplicate key error #2368

Gateway

  • [Management] logback gravitee.am.log.dir_IS_UNDEFINED #2430

Identityprovider

  • [Ldap] unable to use complex searchFilter #2428

Idp

  • [Role-mapper] invalid grant if group has no member #2073

Features

Dcr

  • Discovery & default scopes #2326

  • Manage templating #2454

Management

  • Tokens claims mapper #2409

  • Username/Email case-sensitivity #2445

Improvements

Docker

  • Remove gravitee user for openshift support #2438

Gateway

  • Add a X-Transaction-Id when hitting AM Gateway #2450

Management

  • Add a warning message if JWT secret is the default one #2451

AM - 2.7.1 (2019-06-27)

Bug fixes

Management

  • Jetty server becomes unresponsive after being idle #2411

  • Multiple Vertx instances #2410

AM - 2.7.0 (2019-06-15)

Bug fixes

Gateway

  • [Dcr] A redirect_uri is required even if the client is created for the client_credentials flow #2297

Management

  • Check client while setting it to a user #2335

  • Dashboard top clients doesn’t work #2362

  • Enable/Disable users not working with external identity providers #2361

  • OAuth 2.0 scope keys should be case sensitive #2343

  • [OIDC Provider] Client secret value should be optional #2344

Features

Gateway

  • Add extension point for more granular OAuth2 scope save/check #1849

  • Manage policies at root level #2356

Management

  • Add an option to complete an account during reset password #2345

  • Handle custom error page #2312

  • [am] I should be able to search user by username using management API #2120

Oidc

  • [Dcr] implement renew secret #2323

Improvements

Management-ui

AM - 2.6.0 (2019-05-24)

Bug fixes

Gateway

  • [forms] Custom client forms are not used after redirection #2285

  • [scim] Configure CORS #2262

Oidc

  • [dcr] Missing openid response_type #2178

Features

Gateway

  • Brute force authentication attempt #2216

  • Internal refactoring - protocols are now plugins #2185

  • OpenID Connect Identity Provider #1848

Global

  • Manage security domains deployment #2017

Management

  • Create default certificate per domain #2146

Improvements

Oidc

  • [dcr] Manage userinfo encryption #2180

  • [dcr] Manage id_token encryption #2174

AM - 2.5.0 (2019-04-24)

Bug fixes

Oidc

  • [dcr] subject_type not checked #2135

  • [jwks] JWKS keys endpoint seems to load all domains certificates #2126

  • [dcr] update through PUT request #2134

Features

Gateway

  • [jwt] generate 'issuer' claim per domain #2015

Management

  • Create audit logs for the platform #2065

  • Delete scope approval #1851

Management-api

  • Add a service to generate a new client secret #2063

Oidc

  • [dcr] Manage id_token_signed_response_alg #2154

  • [dcr] Manage userinfo_signed_response_alg #2136

Platform

Improvements

Oidc

  • [dcr] One time Token #2133

AM - 2.4.0 (2019-03-20)

Bug fixes

Gateway

  • Return a refresh_token when getting an access_token using extension grant #1978

General

  • SSL problems when connecting with MongoDB ReplicaSet #1983

Features

Management

  • Cusomizable scope expiry (per single scope) #1850

  • [Users] Select IDP when creating a user #2018

Improvements

Gateway

  • Stronger client_secret (and other tokens) #1847

Management

  • Add the prometheus configuration #2036

AM - 2.3.0 (2019-02-25)

Bug fixes

Email

  • Do not try to load local image resources if src tag is an absolute http link #1970

General

  • NullPointerException with unknown client #1895

Idp

  • Role Mapper does not handle attribute value with '=' #1936

Management

  • Cannot reset client certificate #1960

  • Dashboard tokens doesn’t work #1959

Oidc

  • Missing SubjectTypesSupported in oidc/.well-known/openid-configuration response #1928

Scim

  • Org.bson.codecs.configuration.CodecConfigurationExceptionCan’t find a codec for class io.gravitee.am.gateway.handler.scim.model.Attribute #1953

Features

Certificate

Idp

  • Ldap] enable compare password authentication #1912

Management

  • Custom HTML templates per client #1910

  • Custom email templates #1909

  • Password Complexity policy #1921

Oauth2

  • [extension-grant] Exchange APIM API-Key for token #1911

Improvements

General

  • [jwt] Check that the user identified by sub is existing #1900

2.2.0 (2019-01-24)

Bug fixes

Management

  • Change auth cookie name to avoid potential cookies collision #489

  • Sometimes the /admin context is not well deployed #488

Oauth2

  • Authorization request is not retrieved from session when available. #472

Features

Global

  • User management #145

Oauth2

  • Add claims mapping to the JWT Bearer extension grant #491

Openid

  • Dynamic client registration #191

Improvements

Oidc

  • Set default "sub" claim for LDAP Provider if custom mapping is enable #479

2.1.1 (2018-12-05)

Bug fixes

Gateway

  • HTTP Error 503 after scope approvals #467

Oauth2

  • Null value while retrieving social user #463

Improvements

Gateway

  • Do not reload the entire domain context for "inner" changes #465

2.1.0 (2018-11-28)

Bug fixes

Certificate

  • Save certificate binary data into database #295

  • Unable to disable client’s certificate #309

Gateway

  • Gateway should not load master domains #427

  • Rely on "X-Forwarded-Path" header to handle 302 redirection #433

  • Rely on X-Forwarded-Prefix to set Session domain cookie path #436

Identityprovider

  • Mongo] handle complex user claims #441

  • [ldap] Use a password field for the LDAP password property #438

Management

  • Scopes are still present when a security domain is deleted. #346

Oauth2

  • A refresh_token is provided even for a client without this grant type #338

  • Access token additional parameters #341

  • Access token after Implicit/Hybrid flow is the same as Resource Owner Flow #446

  • Authorization codemissing client_id #343

  • Authorization server must throw invalid request exception if request includes a parameter more than once #363

  • Client can ask for any scope, even if scope are not defined from domain settings #337

  • Different behaviors between no scope and empty scope #340

  • Flow with redirect_uri (auth_code / implicit) #371

  • Gateway returns a 500 when providing an invalid Basic auth header #339

  • Invalid set-cookie value #352

  • Scope approvals are never removed #362

  • Unsupported response_type with authorize endpoint #342

  • Wrong "sub" claim for resource owner password grant flow #374

  • [authorization code] An unknown client / invalid client must not be redirected to login form #353

  • [authorization code] Login form must not be accessed directly #358

  • [authorization code] No redirect_uri must result on an error #357

  • [revocation] No error / error_description when the client_id is not the one used to generate token #385

  • [revocation] No error and error_description when the client is unknown #384

Oidc

  • At_hash ID Token claim is required for Implicit and Hybrid flow #396

  • Client cannot be found in case of failure #408

  • Handle nonce parameter for existing tokens #316

  • Hybrid Flow - response type code+token should not have an id_token in response even with scope openid #439

  • Hybrid flow Authorization Error Response must be return in the fragment component of the Redirection URI #413

  • Implicit flow should use fragment in redirection uri instead of query-param #400

  • Mismatch redirect_uri should end up with default AM error page #409

  • No error_description when calling UserInfo endpoint #378

  • Nonce parameter is required for implicit flow #395

  • OpenIDScopeUpgrader - ScopeAlreadyExistsException for newly created database #418

  • Some Location HTTP redirect_uri are not absolute #415

  • Sub claim must be an internal identifier #376

  • UserInfo Response 'sub' claim mismatch ID Token 'sub' claim #394

  • [implicit] redirect_uri is required #402

Plugins

  • PluginContextFactoryImpl - Unable to refresh plugin context #430

Features

Gateway

  • Management] add healthcheck probes #453

Idp

  • Add "email" field for inline provider #391

  • Enable user mapper for inline provider #390

Oauth2

  • Allow cross domains tokens introspection #457

  • Rethink the way to store tokens #451

Oidc

  • Complete OpenID Provider Metadata #330

  • Hybrid Flow handle multiple response type #332

  • Implicit flow handle id_token response type #334

  • Not the same nonce in the ID Token as in the authorization request #299

  • Request with prompt=login when user logged in #319

  • Request with prompt=none when not logged in #300

  • Requesting Claims using Scope Values #380

  • Requesting Claims using the "claims" Request Parameter #325

  • Requesting ID Token with max_age=1 seconds restriction #301

  • Requesting ID Token with max_age=10000 seconds restriction #302

  • Revoke tokens issued from an code using twice #328

  • Signed ID Token has no kid #298

  • UserInfo Endpoint access with POST and bearer body #317

Openid

  • OpenID Connect support #1

  • Well-known endpoint #182

Improvements

Gateway

  • Improve logging #424

Management

  • Better support for X-Forward-* headers #419

Oauth2

  • Default login page should display domain’s name instead of domain’s description #445

  • Update extension grants for 2.1 version #455

Repository

  • [mongodb] TLS support #443

2.0.5 (2018-10-25)

Bug fixes

Oauth2

  • Unable to create extension grants with identity provider #405

2.0.4 (2018-07-27)

Bug fixes

Oidc

  • UserInfo endpoint for social provider does not seem to work #285

  • Userinfo Endpoint path #286

Improvements

Identity

  • [ldap] No enough log #287

  • [ldap] set connection and response timeout #291

2.0.3 (2018-07-25)

Bug fixes

Gateway

  • Fix NPE for UriBuilder #279

  • Handle proxy request for login callback #281

Management

  • Cookies clearing not working during logout process #283

2.0.2 (2018-07-24)

Bug fixes

Gateway

  • No content-type for HTML pages #274

Oauth2

  • Handle proxy context-path for redirect_uri query param #273

  • Unable enhance scopes option #277

2.0.1 (2018-07-23)

Bug fixes

OIDC

  • Unable CORS for UserInfo Endpoint #264

  • UserInfo endpoint 400 Bad Request for the implicit flow #263

Oauth2

  • Add additional parameters to the redirect_uri implicit response #268

  • Handle proxy requests for social redirect callback #267

Improvements

Gateway

  • Rename session cookie name to avoid potential security leaks #271

2.0.0 (2018-07-13)

Features

Gateway

  • Moving to Vert.x reactive version #261

Management-api

  • Externalize rest api #204

1.6.4 (2018-06-25)

Bug fixes

Dashboard

  • Do not fetch all access and refresh token information for "count" analytics #249

1.6.3 (2018-06-18)

Bug fixes

Idp

  • [Ldap][user-mappers] cast exception for array attributes #245

Oauth2

  • Chain providers during user authentication #240

  • Change redirect strategy for error login redirect callback #242

Features

General

  • Add the "client_credentials" grant type to the default admin client #244 (Thanks to pletessier)

Global

  • Enable SSL/HTTPS at gateway level #247

1.6.2 (2018-02-16)

Bug fixes

Oauth2

  • Enhance scopes are missing #229

1.6.1 (2018-02-14)

Bug fixes

Oauth2

  • Fix assets paths for login and oauth confirmation/error pages #225

Features

Oauth2

  • Update InitializeUpgrader to be consistent with the new scopes management system #227

1.6.0 (2018-02-14)

Bug fixes

Oauth2

  • Error redirect after login process #212

  • Internal server error when doing authorization_code #183

  • Scope not take in account while asking for an access_token #189

Openid

  • Fix ID token custom claims user mapping #208

Features

Identity-provider

  • Handle external oauth2/social provider #198

  • MongoDB support #193

  • OAuth 2.0 generic server support #216

Oauth2

  • Default user approval page #106

  • Remove jwt format for access and refresh tokens #222

Improvements

Management-ui

  • The settings menu is difficult to understand #201

  • The way to activate a domain is totally hidden #202

Portal

  • Add stepper for providers/certificates/extension grants creation components #220

1.5.3 (2018-01-12)

Bug fixes

Oauth2

  • Encoded redirect uri mistmatch #186

Improvements

Oauth2

  • Extension grants allow to save user in database #184

1.5.2 (2017-12-20)

Improvements

Docker

  • Allow to configure nginx port #179

1.5.1 (2017-11-14)

Bug fixes

General

  • LDAP userSearchBase field must not be null #177

Oauth2

  • Fix token generation since extension grants feature #175

1.5.0 (2017-11-13)

Features

Oauth2

  • Add possibility to generate access token per request #169

1.4.2 (2017-10-09)

Bug fixes

Oauth2

  • Set default user for refresh token grant type #167

1.4.0 (2017-09-05)

Bug fixes

Management-api

  • delete all data related to a security domain #148

Webui

  • Not able to create a new certificate #151

Features

Global

  • Create AM docker images #124

  • Create PID file for Gravitee.AM Gateway process #121

Oauth2

  • Better handle Refresh token grant flow #120

Improvements

Management-api

  • do not display top clients without access tokens #159

Management-ui

  • Re-order administration pages #156

  • Update angular2-json-schema-form #146

Portal

  • Upgrade dependencies #126

1.3.1 (2017-08-17)

Bug fixes

Oauth2

  • Access/Refresh token created/updated date not set #128

Openid-connect

  • Set a default ID token expiry time #134

Portal

  • Fail to update identity provider definition #130

Features

Global

  • Role mapper for in-line identity provider #140

Improvements

Management-ui

  • New design for administration screens #141

1.3.0 (2017-07-12)

Features

Global

  • Role management #116

1.2.1 (2017-06-22)

Bug fixes

Admin

  • No logo top-left corner if behind a reverse-proxy #108

Oauth2

  • Approval page behind a reverse-proxy #114

  • Default scopes for the admin client #105

  • Do not fetch remote icon fonts for default login page #112

  • Refresh token is null at second call #107

1.2.0 (2017-06-19)

Bug fixes

Management-ui

  • Sandbox login preview page #95

Oauth2

  • Ensure backward compatibility #90

  • Login form action is relative #101

Features

Identity-provider

  • override default identity provider user attributes #75

Management-ui

  • map user attributes from identity provider #74

  • Self hosting material design icons #82

Oauth2

  • Signing JWTs with Domain cryptographic algorithms #94

Improvements

Management-ui

  • Create breadcrumb #84

Openid

  • Remove default openid scope registered with the client #92

1.1.0 (2017-05-29)

Bug fixes

Management-api

  • Update domain when modify identity provider #72

Features

Global

  • add mongodb repository configuration #73

1.0.0 (2017-05-15)

Bug fixes

Management-api

  • Browser error when a client has no grant types #14

Management-ui

  • Fix splash screen image flickering #44

Oauth2

  • Access token collision #8

  • CORS header not settled for /oauth/token #9

  • Display authenticated user during token validation #32

  • Error when generating an access token using application/xml #25

  • HTTP Error 500 when client_id does not exist #36

  • Not able to authenticate user using inline identity provider #29

  • Refresh token does not work as expected #7

Features

General

  • JWT support #3

Management-api

  • Delete a client #38

  • Delete identity provider #46

  • Initial implementation of rest-api #2

  • Secure the management rest-api #18

Management-ui

  • initial implementation of the web-ui #10

  • Custom login page per domain #20

  • Handle oauth2 client logout #50

  • Secure the management UI #22

Oauth2

  • Token revocationaccess_token and refresh_token #27

Improvements

Global

  • Initialize the repository to be able to connect to AM after first start. #51

Oauth2

  • Custom global login form #34

  • Default content-type to JSON #23