2.5.0 was published on 16.05.2018


can be read from:


with introduction of latest Jetty HTTP server (used by Unity) it was observed that Firefox browser have troubles connecting to Unity launched on some of the OpenJDK distributions (e.g. Fedora). This is due to disabling EC TLS ciphers in affected OpenJDK. In case of troubles please use Oracle Java RE.


There are two distribution formats:

  • tar.gz bundle which can be unpacked and this way installed in a single directory,
  • rpm which can be installed system-wide in the Linux standard locations.

The rpm is build and tested on Centos 7, noarch. It should work flawlessly also on SL7 and recent Fedora distributions. We may build packages for other distributions in future, however the tar.gz format should be fully portable. Java 8 JRE is the primary installation prerequisite. For more detailed installation information please check the Unity manual.


Release 2.5.0 is a major Unity milestone with over 30 implemented tickets. The biggest changes are around credentials supported by Unity.

When installing this release as an update a complex migration will be performed and some configuration changes are necessary. Make sure to make backup and read update instructions in the documentation!

The highlights are:

  • A new SMS credential is now available. It can be used to login to Unity by entering a code which was sent to a registered and confirmed mobile telephone. The credential is integrated with all Unity features: can be set up in registration forms, controlled on HomeUI, used as first and second factor, etc.
  • A new attribute type is now available: verifiable mobile number. It is  fully integrated with all standard Unity features. What is more SMS credential can be bootstrapped using one of its values (if present).
  • SMS code verification is a new possibility when configuring password reset.
  • Password credential received a new configuration setting: password quality factor. It can (and should!) take over the existing minimal password length, minimal character classes and deny popular sequences settings. The old ones are still supported and can be used together with the new quality factor (although typically this should not be necessary). The quality checking of a password is taking into account many factors together. With this new setting Unity can accept a complex but shorter password or a longer one which is using only lowercase letters. Note that you can easily test the meaning of the password settings directly from the password credential setup UI.
  • Password edit dialog presented to users was redone. It now offers a good UX, with instant feedback on password quality, fulfillment of credential policies and additional suggestions how to improve the passphrase.
  • End-user oriented credentials tab in HomeUI, as well as all other places where credentials are collected (e.g. the outdated credential dialog), were greatly simplified, cleaned and should be much easier to use.
  • We are happy to announce a superb community contribution from D Baum: Unity contains now a German translation!
  • Up to now Unity triggered sending of email confirmation messages automatically when a not confirmed email was added. Now it can be controlled:
    • For attributes created via registration forms there is a new setting allowing admin to control when and if such attribute should be confirmed: at request submission, acceptance, never or perhaps attribute should be assumed to be confirmed. This new option also allows for similar control of mobile phone verification.
    • Admin user can now change confirmation status of attribute without triggering the confirmation message being sent. If this is desired the confirmation sending should be triggered manually.
  • Users can now resend their confirmation link from HomeUI.
  • Message template is now bound to a channel (sms or email). This change simplifies configuration in other places (no channel setting in registration forms), allows for creating templates specialized to medium being used. As a side effect different channels can now be used for various messages. For instance admin can receive SMS with information on submitted registration request, while user is notified with email about accepted or denied request.

Other, smaller changes:

  • It is now possible to brand not only Unity web interfaces but also error pages which are generated by Unity.
  • Email identities are compared in a fully case insensitive way
  • Older versions of MariaDB are now supported
  • Password history checking was fixed and can be configured to be fully disabled.


New features:
  • UY-500 Password strength index, visualization, better UI
  • UY-625 Consistent and complete support to restart confirmation (mobile/email)
  • UY-646 Make channel selection part of message template
  • UY-648 Introduce VerifiableMobileNumber attribute syntax
  • UY-666 Enhance password reset to support telephone verification
  • UY-672 Update of the user-facing credentials UI
  • UY-678 Make confirmation configuration part of attribute/identity type
  • UY-681 Add German translation
  • UY-691 Add possibility to brand Jetty error pages
  • UY-694 Drop hold-on feature (saml and oauth)
  • UY-695 Provide default SAML authenticator configuration module
  • UY-696 Expose group attribute statements management via REST
  • UY-697 Identity collection should not be mandatory for registration form
  • UY-699 Re-implement in-place DB update
  • UY-700 Email attribute&identity created/edited by admin should not have automatic confirmation sent
  • UY-701 More flexibility in defining minimum accepted password requirements
  • UY-708 Add Intuit support for Oauth
  • UY-705 Port existing 2.4 migration from dump to in-DB
  • UY-616 Support for easier and safer to use HMAC-signed tokens
  • UY-619 SMS credential
  • UY-689 Registration form control of confirmation state
Bugs fixed:
  • UY-667 Email should be compared in fully case insensitive way
  • UY-683 External authN mapped to a disabled account is not properly blocked
  • UY-688 Create attribute action produce attribute with name “string” when attrDisplayName is not used.
  • UY-690 Remove use of CURRENT_TIME from SQL schema
  • UY-692 During return redirects from Unity IdP Vaadin error can popup
  • UY-693 Change of SAML authenticator’s configuration is not picked by endpoint
  • UY-698 Registration form addIdentity action does not parse value correctly
  • UY-702 Verify if password history works as expected
  • UY-703 NPE when logging to AdminUI
  • UY-706 Documentation: saml authenticator refreshInterval wrongly presented
  • UY-707 SAML metadata refresh task can hang aftr longer run


Here you can download previous versions from the series and read their documentation: