1.1.0 RELEASE

THE RELEASE

The release 1.1.0  was published on 17.02.2014

DOCUMENTATION OF THE RELEASE:

Read documentation of 1.1.0 release:

GENERAL INFORMATION ABOUT RELEASE

There are two distribution formats:

  • tar.gz bundle which can be unpacked and this way installed in a single directory,
  • rpm which can be installed system-wide in the Linux standard locations.

The rpm is build and tested on Centos 6, noarch. It should work flawlessly also on SL6 and recent Fedora distributions. We may build packages for other distributions in future, however the tar.gz format should be fully portable. Java 8 JRE is the primary installation prerequisite. For more detailed installation information please check the Unity manual.

1.1.X RELEASE SERIES

The release 1.1.0 brings a lot of improvements over 1.0.0, making it more production ready. The main theme of the release is the SAML support. The most important changes:

  • A new remote authentication option was added: SAML 2 with support for both HTTP Redirect and POST bindings. When using this authenticator Unity acts as a SAML Service Provider.
  • The SAML IdP endpoint supports now the SAML HTTP Redirect binding alongside with the previously supported POST binding.
  • Both SAML Service Provider (of each configured remote SAML authenticator) and SAML IdP (of each deployed endpoint) can generate and publish SAML Metadata. Also publication and signing of a custom SAML Metadata is possible.
  • A number of components were added to the Web Admin UI, which allow administrators to inspect the details of deployed endpoints, authenticators and translation profiles. It is also possible to reload all of them, without restarting the server, what is useful after configuration changes.
  • A centralized PKI management was introduced. Credentials, certificates and truststores are configured in a single place. All relaying Unity components are configured with a reference of required PKI artifact only.

The 1.1.0 release was extensively and successfully tested against Shibboleth SP, Shibboleth IdP and SimpleSAMLPhp acting both as SP or IdP.

DETAILED LIST OF CHANGES

Bugs fixed:
  • NPE after update authenticator with empty verificator configuration
  • SAML processing errors cause ResponseCommited exception
  • When listening on 0.0.0.0 address saml idp is not accepting queries with the Destination set
  • SAML error page has malformed XHTML
  • Configuration of the HTTP server on the 0 port and/or 0.0.0.0 address doesn’t work correctly
New features:
  • Admin UI settings of the identities table can be persisted
  • SAML metadata support – automatic generation and exposition
  • Added a simple endpoints, authenticators and translation profiles status components with ability to perform runtime updates
  • Added support for authenticating against a remote SAML IdPs.
  • Improved logging of the SAML low level stack.
  • Introduced a centralized PKI management
  • Added support for HTTP-Redirect binding in the SAML IdP endpoint
  • Added new identity mapping actions for translation profiles
  • SAML IdP allows for returning a single assertion with multiple statements instead of multiple assertions. Turned on by default.
  • Added a new Service Provider acceptance policy to the SAML IdP, which doesn’t require signed requests but allows to effectively filter clients.
  • Logging configuration changes are automatically detected at runtime
  • Improved branding of the Web UI.