v57 - UAA 4.12.0

Do not use

This release introduces an when used in conjunction with UAA Singular that causes a large number of authorization requests to be issued, and an issue where UAA was not honoring custom ports configured to be used as part of the BOSH manifest, which is resolved in v57.1

Informational Notes

• Older database migrations have been updated to introduce primary keys to tables without primary keys. Users deploying UAA using the uaa bosh release should not be impacted by this change. If you were performing custom verification of flyaway migrations, you may encounter errors related to checksums during verification.
• Account Chooser cookies will no longer set cookies when account chooser is disabled. Users can be instructed to clear their browser cookies. Current-User cookies now also only last up to the session max age (or 30 minutes if session max age is not set).

Stories included in release

Features

• Add workarounds for colocation with os-conf ca_certs job for BPM
• UAA route should deregister when UAA app is unresponsive
• cloudfoundry/uaa-release #72: Add workarounds for colocation with os-conf ca_certs job for issue #71†
• Update New Relic agent ahead of SSL cert change
• cloudfoundry/uaa #775: missing cookie switch
• cloudfoundry/uaa #748: User issuer.uri from zone configuration
• cloudfoundry/uaa #776: Saml Provider: ensure username update
• cloudfoundry/uaa #763: Fix the problem with WAS (IBM WebSphere) 9
• cloudfoundry/uaa #733: Extend interface UaaTokenEnhancer
• cloudfoundry/uaa #767: Extend interface UaaTokenEnhancer with a generic enhance
• cloudfoundry/uaa #768: Refactor token enhancer call
• cloudfoundry/uaa #786: Add and update migrations to ensure all tables have a primary key
• cloudfoundry/uaa #769: resolve lower hostnames only
• cloudfoundry/uaa #687: route all errors not explicitly mapped to the sad cloud error page to hide tomcat server information
• Limit count parameter to /Groups endpoint to avoid OOM
• Limit count parameter to /Clients endpoint to avoid OOM
• Limit count parameter to /Users endpoint to avoid OOM
• Invitations should not set verified to true for external users (origin not uaa)
• Request with prompt=login should ask user to re-authenticate
• Requesting ID Token with max_age=1 seconds restriction should enforce max_age parameter
• Updated Spring to 4.3.15
• Updated jackson to 2.9.5

Bug Fixes

• cloudfoundry/uaa #750: Inconsistent terminology for passcode: "One Time Code" and "Temporary Authentication Code"
• cloudfoundry/uaa #726: many SQL requests to identity_provider table
• cloudfoundry/uaa #738: user delete in other zone does not remove members correctly
• authenticationType is part of all log event messages now

Documentation

• cloudfoundry/uaa #707: Correct Markdown headers
• cloudfoundry/uaa #795: fix typo
• cloudfoundry/uaa #791: Updates the meaning of SCIM