v7.10-beta.13

v7.10-beta.13

• Issue #5047 : Replace the property stroom.security.authentication.openid.validateAudience with stroom.security.authentication.openid.allowedAudiences (defaults to empty) and stroom.security.authentication.openid.audienceClaimRequired (defaults to false). If the IDP is known to provide the aud claim (often populated with the clientId) then set allowedAudiences to contain that value and set audienceClaimRequired to true.

• Issue #5068 : Add the config prop stroom.security.authentication.openId.fullNameClaimTemplate to allow the user's full name to be formed from a template containing a mixture of static text and claim variables, e.g. ${firstName} ${lastName}. Unknown variables are replaced with an empty string. Default is ${name}.

• Issue #5066 : Change template syntax of openid.publicKeyUriPattern prop from positional variables ({}) to named variables (${awsRegion}). Default value has changed to https://public-keys.auth.elb.${awsRegion}.amazonaws.com/${keyId}. If this prop has been explicitly set, its value will need to be changed to named variables.

• Issue #5073 : Trim the unique identity, display name and full name values for a user to ensure no leading/trailing spaces are stored. Includes DB migration V07_10_00_005__trim_user_identities.sql that trims existing values in the name, display_name and full_name columns of the stroom_user table.