UAA Release Notes 4.12.0

Do not use

This release introduces an issue when used in conjunction with UAA Singular that causes a large number of authorization requests to be issued, which is resolved in 4.12.1

Informational Notes

• Older database migrations have been updated to introduce primary keys to tables without primary keys. Users deploying UAA using the uaa bosh release should not be impacted by this change. If you were performing custom verification of flyaway migrations, you may encounter errors related to checksums during verification.
• Account Chooser cookies will no longer set cookies when account chooser is disabled. Users can be instructed to clear their browser cookies.

Stories included in release

Features

• cloudfoundry/uaa #775: missing cookie switch
• cloudfoundry/uaa #748: User issuer.uri from zone configuration
• cloudfoundry/uaa #776: Saml Provider: ensure username update
• cloudfoundry/uaa #763: Fix the problem with WAS (IBM WebSphere) 9
• cloudfoundry/uaa #733: Extend interface UaaTokenEnhancer
• cloudfoundry/uaa #767: Extend interface UaaTokenEnhancer with a generic enhance
• cloudfoundry/uaa #768: Refactor token enhancer call
• cloudfoundry/uaa #786: Add and update migrations to ensure all tables have a primary key
• cloudfoundry/uaa #769: resolve lower hostnames only
• cloudfoundry/uaa #687: route all errors not explicitly mapped to the sad cloud error page to hide tomcat server information
• Limit count parameter to /Groups endpoint to avoid OOM
• Limit count parameter to /Clients endpoint to avoid OOM
• Limit count parameter to /Users endpoint to avoid OOM
• Invitations should not set verified to true for external users (origin not uaa)
• Request with prompt=login should ask user to re-authenticate
• Requesting ID Token with max_age=1 seconds restriction should enforce max_age parameter
• Updated Spring to 4.3.15
• Updated jackson to 2.9.5

Bug Fixes

• cloudfoundry/uaa #750: Inconsistent terminology for passcode: "One Time Code" and "Temporary Authentication Code"
• cloudfoundry/uaa #726: many SQL requests to identity_provider table
• cloudfoundry/uaa #738: user delete in other zone does not remove members correctly
• authenticationType is part of all log event messages now

Documentation

• cloudfoundry/uaa #707: Correct Markdown headers
• cloudfoundry/uaa #795: fix typo
• cloudfoundry/uaa #791: Updates the meaning of SCIM