New planning process
Starting from the 3.8.0 release (or better said its planning phase) we have switched to a new tasks prioritization process. Thanks to that change, you will see much more of Community requests being addressed on a faster timeline. In particular, in the 3.8.0 release we have shipped 9 features requested by our Community.
Java 8 support dropped
Unity 3.8.0 requires Java 11 to run. Newer Java versions may work as well (that’s likely, our early tests were successful) but Java 8 is not supported anymore and won’t work.
Release highlights
OAuth endpoint enhancements
As you can see below, majority of improvements in this release was done in the OAuth area:
- The prompt parameter is now supported by the Authorization Server (IdP)
- Control of whether to issue a refresh token can now be given to OAuth clients, after adding support for the standard offline_access scope. This mode of operation needs to be enabled on the endpoint.
- The ui_locales parameter is now supported by the Authorization Server (IdP) and can be used to control language of the authentication screen.
- Errors produced by OAuth REST endpoints were aligned with the standard
- Public clients (which in general should use PKCE) need not to use a credential to access REST API. This change removes an artificial limitation we had in previous versions.
- It is possible to control which scopes are enabled for which OAuth client.
Attribute introspection endpoint
We are introducing a new, utility web endpoint. It requires no authentication to be accessed, and is used to test attributes provided by remote IdPs.
Configuration allows for specifying expected (mandatory and optional) attributes. As retrieved attributes are presented in human readable form, the endpoint can be also used by admins of respective IdPs.
Dropped support for Hazelcast storage
We have found that some time ago Hazelcast storage backend was broken and didn’t work. That was a signal for us that this experimental feature is not used by anyone. From this version Hazelcast storage backend was completely dropped.
Performance improvements
We are step by step eliminating bottlenecks related to use of Unity on very large setups. In this release we mostly focused on slow sign-in, noticeable on deployments with large number of groups. Detailed changes are as follows:
- The main fix is that time to sign in is not anymore dependent on the amount of groups in the system, and is otherwise much more lightweight and faster.
- We have fixed Console not to reset itself, if its initial loading takes long time. This problem could even lock out admin from accessing the console in previous versions (e.g. on a very large setup with a slow database).
- Performance problems related to querying groups with the bulk REST API (introduced in 3.7.0) were addressed.
Other notable changes
- OTP credential can have logo configured.
- Forms can be configured with a new notification message, which is sent to the inviter, after the invitation is accepted.
- unity-types-api module does not depend on log4j anymore.
Upgrade from 3.7
This release performs database update, so taking regular care to backup the database before update is advised.
What is more, for setups using configuration of endpoints from configuration files, a small update of OAuth AS endpoint configuration is needed. See upgrade documentation for more details.