Dec 2, 2016
Release version 3.1.Alpha11
Pre-release

@tkrille tkrille released this Aug 9, 2016 · 97 commits to master since this release

Assets 2
Pre-release

@tkrille tkrille released this Jun 9, 2016 · 105 commits to master since this release

Assets 4

CircleCI Build: https://circleci.com/gh/osiam/osiam/478

Changelog

Breaking changes!

In this release, the auth-server and resource-server have been merged into a
single application. For a detailed explanation about how to migrate from
OSIAM 2.5 to OSIAM 3.0, see the migration notes.

Features

  • Run as a standalone application using the .war file as an executable, i.e.
    just run osiam.war on the command line like you would run any other command.
  • Support for H2 database has been added and a file-based one is the default
    configuration from now on. The usage scenarios are small installations,
    testing and development.
  • Load configuration, files and assets from arbitrary paths in the filesystem.
    Introduce the notion of a home directory that contains all these things. The
    home directory will be automatically initialized on startup. The home
    directory can also be initialized on the command line. See the documentation for details.
  • Migration and initialization of the database can be done from the command line
    with the migrateDb command. See Initialize the Database from the Command Line.
  • Configure SCIM extensions in the configuration file. See
    Configuring SCIM Extension.
  • Connections via AJP can be used now. This is disabled by default. See
    Enable AJP support.
  • Set the logging level with the configuration property osiam.logging.level.
  • It's possible to filter all returned resources returned by request to the /Users
    and /Groups URLs, including searches, by passing a comma separated list of
    attributes to be included in the returned resources.
  • The display attribute of a multi-valued attribute get persisted from now on.

Changes

  • Distribution artifacts have been completely dropped. The .war file contains
    all needed files and assets now.
  • Use sensible defaults for logging. Default level is now error, Spring stuff
    is logging warnings, and OSIAM logs on info level.
  • Remove unneeded attributes from default login template.
  • Remove ability to search by a User's password.
  • The configuration file has been changed to YAML format.
  • All configuration properties have been moved to a new namespace osiam.
  • Require a Java runtime environment of at least version 8.
  • Remove support for deprecated method-based OAuth scopes.
  • Allow colons (:) as field separators for URNs of extensions, since this is
    what the SCIM specification defines. Using periods (.) is still possible,
    but will log a warning message.
  • Fields of the core schemas for user and group can be fully qualified, i.e.
    filter=urn:ietf:params:scim:schemas:core:2.0:User:userName sw "J".
  • Example data will now be created during startup. If there are no clients in
    the database, an example client will be created. If there are no users in the
    database, an initial admin user will be created. The details of the client and
    user will be logged. This removes the creation of initial data during the
    database setup.
  • Replace SHA-512 with BCrypt for hashing passwords. When a user logs in, their
    password will be automatically migrated to BCrypt. Support for SHA-512
    password hashes will be removed in OSIAM 4.0.

Fixes

  • Reply with 400 BAD REQUEST to invalid filters.
  • Reply with 500 INTERNAL SERVER ERROR, instead of 409 CONFLICT, on unexpected
    errors.
  • Change URL of service provider configuration resource from
    /ServiceProviderConfigs to /ServiceProviderConfig.
  • Always return the id attribute, when searching for Users.
  • Return a SCIM 2 compliant User when querying /Me. This replaces the old Facebook
    connector.
  • Use JSON error messages with /token/* endpoints instead of HTML documents.

@tkrille tkrille released this Dec 22, 2015 · 1607 commits to master since this release

Assets 8

Changelog

OSIAM Auth Server 2.5

Features

  • Use JDBC connection pooling

    By default the pool has a size of 10 and a timeout of 30s to acquire a connection.
    These settings can be changed with the following configuration properties:

    • org.osiam.auth-server.db.maximum-pool-size
    • org.osiam.auth-server.db.connection-timeout-ms
  • Support retrieving list of clients

    Use the resource endpoint /Client with GET.

  • Make number of parallel connections to the auth-server configurable

    The default is 40 and can be changed with the following configuration property:

    • org.osiam.resource-server.connector.max-connections
  • Make timeouts of connections to auth-server configurable

    By default the read timeout is set to 10000ms and the connect timeout to 5000ms.
    These settings can be changed with the following configuration properties:

    • org.osiam.resource-server.connector.read-timeout-ms
    • org.osiam.resource-server.connector.connect-timeout-ms

Changes

  • Add Flyway migration to replace method-based scopes

    The migration removes all method-based scopes from the auth-server client and adds the scope ADMIN.

  • Increase default timeouts for connections to resource-server

    By default the read timeout is set to 10000ms and the connect timeout to 5000ms.

  • Increase default maximum number of parallel connections to resource-server

    The default is 40.

  • Switch to Spring Boot

  • Refactor database schema

    Note: Some fields in table osiam_client have been renamed:

    • accesstokenvalidityseconds becomes access_token_validity_seconds
    • refreshtokenvalidityseconds becomes refresh_token_validity_seconds
    • validityinseconds becomes validity_in_seconds

    Update your SQL scripts, if you add OAuth 2 clients via direct database manipulation.
    It's recommended to use the RESTful endpoints under /Client to manage Clients.

Fixes

  • Make sure access_token, refresh_token and token_type are added only
    once to the returned Access Token (Fixes #42).

  • Remove scopes from the Access Token (Fixes #51).

  • Prevent NPE when User#active is null

  • Handle duplicate client creation error on application level

    Respond with Conflict 409 when a client with a requested client id already
    exists

Updates

  • OSIAM connector4java 1.8
  • MySQL JDBC driver 5.1.37
  • PostgreSQL JDBC driver 9.4-1205
  • OAuth2 for Spring Security 2.0.8

OSIAM Resource Server 2.5

Features

  • Use JDBC connection pooling

    By default the pool has a size of 10 and a timeout of 30s to acquire a connection.
    These settings can be changed with the following configuration properties:

    • org.osiam.resource-server.db.maximum-pool-size
    • org.osiam.resource-server.db.connection-timeout-ms
  • Populate the type field of a Group's members

    Members of a Group have their type field set to either User or Group.

  • Make number of parallel connections to the auth-server configurable

    The default is 40 and can be changed with the following configuration property:

    • org.osiam.auth-server.connector.max-connections
  • Make timeouts of connections to auth-server configurable

    By default the read timeout is set to 10000ms and the connect timeout to 5000ms.
    These settings can be changed with the following configuration properties:

    • org.osiam.auth-server.connector.read-timeout-ms
    • org.osiam.auth-server.connector.connect-timeout-ms

Changes

  • Increase default timeouts for connections to auth-server

    By default the read timeout is set to 10000ms and the connect timeout to 5000ms.

  • Increase default maximum number of parallel connections to auth-server

    The default is 40.

  • Switch to Spring Boot

  • Refactor database schema

    Note: Some fields in table scim_extension_field have been renamed:

    • extension_internal_id becomes extension;
    • is_required becomes required;

    Update your SQL scripts, if you add SCIM 2 extensions via direct database
    manipulation.

  • Produce a meaningful log message and respond with 503 TEMPORARILY UNAVAILABLE
    instead of 409 CONFLICT if the auth-server cannot be reached to validate or
    revoke an access token.

  • All invalid search queries now respond with a 400 BAD REQUEST instead of
    409 CONFLICT status code.

  • Respond with 401 UNAUTHORIZED when revoking or validating an access token
    fails because of invalid access token.

  • Remove configuration property org.osiam.resource-server.db.dialect

  • Remove self written profiling solution since we now use the Metrics
    framework. This removes the configuration property org.osiam.resource-server.profiling

  • Make the generated errors SCIM compliant

    Error responses look like this according to Scim 2:

    {
      "schemas": ["urn:ietf:params:scim:api:messages:2.0:Error"],
      "detail": "Resource 2819c223-7f76-453a-919d-413861904646 not found",
      "status": "404"
    }
    

Fixes

  • Only set UserEntity#active if value is not null

    Prevents a NPE when storing users that have no value for the active field.

  • Use correct schema for Scim resources

    Affected resources and the changes are:

    • User: urn:scim:schemas:core:2.0:User becomes urn:ietf:params:scim:schemas:core:2.0:User
    • Group: urn:scim:schemas:core:2.0:Group becomes urn:ietf:params:scim:schemas:core:2.0:Group
    • ListResponse: urn:scim:schemas:core:2.0:User/urn:scim:schemas:core:2.0:Group becomes urn:ietf:params:scim:api:messages:2.0:ListResponse
    • ServiceProviderConfig: urn:scim:schemas:core:2.0:ServiceProviderConfig becomes urn:ietf:params:scim:schemas:core:2.0:ServiceProviderConfig

Updates

  • OSIAM connector4java 1.8
  • MySQL JDBC driver 5.1.37
  • PostgreSQL JDBC driver 9.4-1205
  • AspectJ 1.8.7
  • Metrics Spring Integration 3.1.2