Skip to content

@LEDfan LEDfan released this Mar 2, 2021

  • add support for exposing Prometheus metrics
  • add support for SAML Logout (using the /saml/logout endpoint), contributed by @DefensePoint
  • add support for SAML Single Logout (using the /saml/SingleLogout endpoint)
  • add option to log SAML attributes whenever a user authenticates using SAML (proxy.saml.log-attributes)
  • expose SAML metadata on /saml/metadata endpoint
  • properly handle receiving expired SAML credentials by redirecting the user to /auth-error and logging a warning message.
  • add option to configure the max authentication age of SAML credentials (proxy.saml.max-authentication-age).
  • allow to specify the Same Site policy for Cookies (proxy.same-site-cookie).
  • add load balancer support for SAML authentication, contributed by @johannestang.
  • provide the SHINYPROXY_PUBLIC_PATH environment variable to app containers in order to allow compatibility with Dash 1.3 and RStudio. [
  • refactor label and annotations of application containers. These labels and annotations can be processed by monitoring software, such as Grafana Loki.
  • allow to specify the query parameter sp_hide_navbar=true on app pages in order to hide the navbar.
  • Docker image was improved in order to reduce the image size (~300MB vs ~800MB). Note: the /etc/shinyproxy config directory no longer exists. Configuration files should be placed inside the /opt/shinyproxy/application.yml directory. [
  • Fix: ensure SHINYPROXY_OIDC_ACCESS_TOKEN is always set when using OIDC and Redis for session storage
  • Fix: ensure clicking back button after authenticating does not cause errors when using SAML with (Azure) Active Directory
  • Fix: do not hardcode JS and CSS versions inside templates to allow easier upgrade
  • Fix: prevent redirect-loop when using OIDC and email is missing in attributes
  • Fix: handle stale session cookies and state when using OIDC (and Keycloak). This prevents errors when the user keeps an OIDC login page open for too long or using stale bookmarks.
  • Fix: username not shown when using OIDC, SAML ...

See the full release notes (with pointers to the documentation) at https://shinyproxy.io/downloads/#250

Assets 5

@LEDfan LEDfan released this Jan 8, 2021

  • use GitHub Actions to test ShinyProxy against multiple Java and Kubernetes versions
  • Fix: properly cleanup proxies at shutdown
  • Fix: include health of Redis into readiness probe (but only when Redis is used)
  • Fix: fix SAML and Kerberos authentication (since 2.4.2 it would throw an Exception at startup)
  • Fix: take server context-path into account when redirecting to/auth-error
Assets 5

@LEDfan LEDfan released this Dec 17, 2020

  • support any JDBC compatible database for storing usage statistics
  • use database connection pooling for usage statistics (improves the performance and reliability of it)
  • allow to use Spring Expression Language inside the kubernetes-pod-patches and kubernetes-additional-manifests configuration properties
  • add proxy.kubernetes.pod-wait-time property to configure the time ShinyProxy waits for a Kubernetes pod to become ready
  • add warning when using the removed server.use-forward-headers property
  • Fix: do not throw StackOverflowException when OpenID Connect throws an exception (e.g., when there is a configuration issue)
  • Fix: do not cause a redirect loop when ShinyProxy cannot verify an OpenID Connect token, but the user is correctly logged in (e.g., when there is a configuration issue)
  • Fix: disable debug log level for org.springframework.web.servlet.DispatcherServlet since it interfere with requests being proxied to the app
  • Fix: POST requests don't work when using OpenID Connect
  • Fix: make heartbeat mechanism less intrusive such that it doesn't break the websockets connection. Especially useful on slow connections and when using Shiny apps with large plots.
Assets 5

@LEDfan LEDfan released this Oct 21, 2020

  • Fix: rebuild JAR packages using OpenJDK 8 so that they can be run using OpenJDK 8
Assets 5

@LEDfan LEDfan released this Oct 12, 2020

  • support arbitrary settings at app level for the Kubernetes backend using pod patches
  • support for creating additional Kubernetes resources when an app starts and removing these when the app stops
  • instrument ShinyProxy for deployment using a Kubernetes operator
  • support Kubernetes liveness and readiness probes
  • improved handling of concurrent users of a proxied resource (increase proxy client's queue size to 100)
  • include version of ShinyProxy in startup messsage
  • support logout redirection for SAML authentication (proxy.saml.logout-url)
  • Fix: support compilation with both OpenJDK and Oracle JDK
  • Fix: POST requests to apps a.o. large file uploads
  • Fix: correct checksums generated by builds
  • Fix: build snapshot Docker images and push to Docker Hub
  • Fix: update dependencies so that Google Social Login is supported
Assets 5

@tverbeke tverbeke released this Jun 18, 2020

  • support hosting of Zeppelin notebooks on ShinyProxy (by using non-greedy pattern matching to get app name)
  • possibility to set secure flag on cookies (server.secureCookies)
  • set HttpOnly on cookies set by ShinyProxy
  • set X-Frame-Options header using server.frameOptions
  • perform CSRF check on the login form and set X-Content-Type-Options header to nosniff
  • allow to set a forceAuthN flag when using SAML authentication (proxy.saml.force-authn)
  • improved parsing of custom OIDC role claims
  • improved support for the 'emails' claim in OIDC
  • Fix: AJAX error when using Keycloak
  • Fix: 'Error: 200' page in case of login expiration
  • Fix: 404 when a user makes concurrent /app_direct calls;
  • Fix: error when stopping containers in a different namespace;
  • Fix: documentation for web service authentication
Assets 5

@tverbeke tverbeke released this Jun 21, 2019

  • support for (encrypted) SAML 2.0 based authentication and authorization;
  • support for writing application logs to S3 buckets;
  • additional logging for OpenID Connect based authentication and authorization
Assets 5

@tverbeke tverbeke released this May 10, 2019

  • fine-grained control on container runtime constraints with new fields container-memory-request, container-memory-limit, container-cpu-request and container-cpu-limit; this works both for a plain Docker back-end (except for container-cpu-request) and for a Kubernetes backend (all fields);
  • support for providing Kubernetes secrets to apps (using secret key refs)
  • additional documentation on request dumping (logging.requestdump)
  • app_direct URLs require a trailing slash, so /app_direct/myapp now redirects to
    /app_direct/myapp/ for convenience
  • fix: global privileged flag was no longer working
  • fix: proxy could take a long time to start on Kubernetes pods
Assets 5

@tverbeke tverbeke released this Mar 29, 2019

  • landing-page can now be used to redirect the user to a single Shiny app (/app/<app-name> or /app_direct/<app-name>) instead of the list of Shiny apps (default; /)
  • fix: enable proxying of other request methods beside GET
  • fix: re-enable basic auth for API usage when OAuth2 is not being used
Assets 5

@tverbeke tverbeke released this Mar 23, 2019

  • added new OAuth2 compliant security mechanism for the ShinyProxy API to allow for secured embedding of Shiny apps in broader applications or platforms
  • replaced endpoint URLs with user-friendly URLs based on app name i.e. /app/<app-name> (standard ShinyProxy interface) and /app_direct/<app-name> (direct access to the Shiny app)
  • moved configuration of authentication method webservice to proxy.webservice
  • new setting logging.requestdump to enable full request dump
  • fix: ShinyProxy will now throw an exception if specs are defined with the same id
  • fix: uptime field in admin interface now displays 0 for initializing apps
  • fix: influxdb now records non-ASCII usernames correctly
  • fix: 400 bad request when launching proxy via api without body
  • fix: error when setting proxy.openid.roles-claim is miss-spelled or missing in the id token
Assets 5