2.7.5 was published on 07.01.2019


can be read from:


with introduction of latest Jetty HTTP server (used by Unity) it was observed that Firefox browser have troubles connecting to Unity launched on some of the OpenJDK distributions (e.g. Fedora). This is due to disabling EC TLS ciphers in affected OpenJDK. In case of troubles please use Oracle Java RE.


There are two distribution formats:

  • tar.gz bundle which can be unpacked and this way installed in a single directory,
  • rpm which can be installed system-wide in the Linux standard locations.

The rpm is build and tested on Centos 7, noarch. It should work flawlessly also on SL7 and recent Fedora distributions. We may build packages for other distributions in future, however the tar.gz format should be fully portable. Java 8 JRE is the primary installation prerequisite. For more detailed installation information please check the Unity manual.


Release 2.7.0 is a subsequent important Unity milestone completing huge change around end-user facing UI improvements. The main focus of this release  was on registration: both in terms of UI, UX and core features.

When installing this release as an update a migration will be performed and some configuration changes may be necessary. Make sure to make backup and read update instructions in the documentation!

The highlights are:

  • There is a completely new registration path possible: a registration form may allow for selecting a remote signup, with any of enabled external authentication options (like Google, FB, other OAuth providers, or SAML Idps). So far this was only possible in effect of failed authentication try, what was not working well with typical use cases.
    • User may be given a choice to use remote credential for registered account or a local one, stored in Unity.
    • Local registration form may be rendered on a starting screen, or be presented only after selecting the local registration path.
    • After external registration still a registration form may be rendered – if any of the required information was not provided by external IdP.
  • Enrolment to groups is now way more flexible: instead of setting a static list of available groups for the form, admin may configure a wildcard: the actual groups to be offered are established at runtime. This feature supports enrolment to projects/tenant/organization unit groups which are changing over time.
    • What is more, form attributes may be configured to be set in the group selected by the user on the same form.
  • A new finalization feature was added in registration subsystem. Finalization allows for specifying details of behavior in effect of all final states of registration process: from successful submission, to all kinds of errors.
    • Note: this feature deprecates the former partial support for controlling some of such behaviors in registration form profile. Please update your form if you used such, the actions will be preserved after upgrade for your reference.
  • Rendering of the registration form, UX of individual elements was greatly improved and refactored to be streamlined with how authentication UI works. Password setup offers nice hints, fields are validated during typing, layout was improved.
  • Credential reset flow UI as well as UI of outdated credential change was improved and simplified.
  • Custom and invitation message templates allow for using arbitrary, custom parameters. Those parameters can be filled when preparing a personalized invitation or sending an email with a REST API.

Other, smaller changes:

  • Invitation can preset identity for remote OAuth registration. This preset identity may be also mandatory, so that user can not register with different one.
  • Registration form configuration UI was refactored. Forms may be only inspected after opening.
  • AdminUI -> Contents management is not showing group attribute classes (still can be inspected from the group’s context menu). Instead basic group stats are shown.
  • New registration profile action allows to process all pending invitations for the same user, when the user registers. This may work regardless if the registration is made by invitation or not.
  • Plus many smaller improvements and bugfixes, see detailed changelog below.


New features:
Bugs fixed:
  • UY-841 Performance bug: Check authz role only for provided group, not in all groups user is member of.
  • UY-842 The ‘validCode’ MVEL variable not present for registration automation
New features:
Bugs fixed:
  • UY-833 Workaround for missing migration of TriggeringMode.afterRemoteLogin
  • UY-834 When no scopes are requested upon OAuth refresh then original scopes should be assumed
  • UY-835 No expires_in field in issued OAuth tokens
  • UY-836 Do not show consent screen UI when it is auto accepted
  • UY-838 It should be possible to set infinite refresh token lifetime
New features:
  • UY-455 Login the user after automatically accepted registration
  • UY-817 Do not require password reset after changing password storage policy
  • UY-820 Case insensitive sorting in IdPs selection grid
  • UY-823 Improve detection of session expiration
  • UY-824 Refactor password reset not to use pop up
  • UY-826 Allow to inspect credential status in users table in AdminUI
  • UY-827 Inspecting storage ratio factor quality
  • UY-829 Add cancel on outdated credential screen
  • UY-830 Create general persistent id identity together with entity
Bugs fixed:
  • UY-819 Bulk resolving of group members is missing some of dynamic attributes
New features:
Bugs fixed:
  • UY-816 Race condition in RDBMS cache flushing
New features:
  • UY-790 Faster entities loading in AdminUI
  • UY-793 More flexible OAuth trusted URL matching
  • UY-794 Option to reload (update) message templates from config
  • UY-795 Subject text field in template editor should be 100% wide
  • UY-813 Allow to configure a custom link for signup on authentication screen
  • UY-814 Enable Norwegian locale
Bugs fixed:
  • UY-812 Fix sorting and searching on authN screen
New features:
  • UY-769 Support for requiring an invitation-preset remote identity and login_hint
  • UY-773 Remove viewer of registration form
  • UY-775 Update of issued invitation
  • UY-778 Improve registration form rendering
  • UY-779 Refactor registration at login to use standalone view
  • UY-782 Do not skip UI loading when skipConsent=true but enquiry is waiting
  • UY-784 Simplify outdated credential handling
  • UY-787 Improve credential reset UX
  • UY-789 Show basic group stats instead of attribute classes
  • UY-755 Possibility of filling out registration form based on output from external IdP
  • UY-760 Flexible configuration of registration form content.
  • UY-761 Registration form layout configuration.
  • UY-762 Dynamic selection of configured group on registration form.
  • UY-763 Contextual selection of attributes group on registration form.
  • UY-764 Auto processing of invitations of given registration form.
  • UY-765 Custom parameters in invitation, used in invitation email
  • UY-774 Support alternative template variable delimiter for loading from properties file
  • UY-777 EndpointDIsplayname by default set as page title, for registration forms view configurable
Bugs fixed:
  • UY-751 Remember me token not removed when LogoutMode == internalOnly
  • UY-767 Drop feature allowing to have attribute in a group without being a member
  • UY-768 DB dump is not updated after first download (FF only?)
  • UY-770 It is not possible to manually add preferences entry for OAuth/SAML SP
  • UY-772 Confirmation state of identities/attributes prefilled by invitation is always overriden
  • UY-780 Fix and test unicore/PAM module
  • UY-781 Increased memory usage for external SAML fed authN
  • UY-783 Password score not taken into account when checking existing password validity at login
  • UY-785 Composite password credential breaks re-authn
  • UY-786 Outdated credential not shown if triggered by 1st factor of 2FA
  • UY-788 Managing custom attribute columns broken in some edge cases


Here you can download previous versions from the series and read their documentation: