3.5.X RELEASE

THE LATEST RELEASE

3.5.4 was published on 23.08.2021

DOCUMENTATION OF THE RELEASE

can be read from:

IMPORTANT NOTE ON OPENJDK

Unity requires Java VM to be installed (JRE). Minimum supported version is 8. Unity is also tested on Java 11, which become supported since release 3.0 and becomes a default platform from release 3.2.

GENERAL INFORMATION ABOUT THE RELEASE

There are two distribution formats:

  • tar.gz bundle which can be unpacked and this way installed in a single directory,
  • rpm which can be installed system-wide in the Linux standard locations.

The rpm is build and tested on Centos 8, noarch. It should work flawlessly also on recent Fedora distributions. We may build packages for other distributions in future, however the tar.gz format should be fully portable and is our primary distribution form.

We found couple of issues related to the initial versions of migration (especially the in place DB-based migration) from Unity 2 to 3. Those issues were fixed in version 3.1.1. This post provides more details if you are affected. What is more initial versions of new editors added in Console (authenticators, services and IdPs) caused couple of unintentional changes to the original configuration. Those issues were fixed in 3.1.2 version.

3.5.X RELEASE SERIES

General information

Unity 3.5.0 release brings couple of significant new features.

 

Important SAML handling enhancements

There were multiple updates to the SAML subsystem:

  • proper support for HTTP-Redirect binding signatures (both verification and generation)
  • support for validating signatures which do not specify signing key in it, for peers that have multiple trusted keys
  • fixes in SOAP-Binding metadata produced by Unity

 

Login-less support for FIDO/WebAuthn

Login-less support for FIDO means not typing a password, but also… not typing a username. The feature is available only for devices capable to store site data on it and in general is recommended for biometric keys only. Otherwise user needs to provide a PIN – instead of username.

 

Major logging improvements

In this release we improved Unity logging a lot. Until now it was quite hard to setup decent logging in Unity: default level was too silent, while global DEBUG was way too talkative. We applied numerous changed to improve the situation:

  • Default logging levels were adjusted. By default Unity will log much more information, all important facts. Using Unity with default logging configuration should be fine for the most of cases.
  • No logging facility logs under the root ‘unity.server’ category directly. All loggers that previously used it were moved to use a more specific sub category (e.g. ”unity.server.audit’). That way ‘unity.server’ root category is only responsible for setting a default for all loggers, and each subsystem logging can be flexible reconfigured.
  • Many new logging categories were added, improving granularity of loggers.
  • We have added diagnostic context. Client IP, user’s entity id, endpoint name can be logged with every log entry that has those settings set in their context.

 

MySQL 8 supported

As MySQL 8 reserved one new keyword which was used in Unity’s DB schema a fix was needed to make Unity working on MySQL 8. It is supported since this release.

 

Upgrade from 3.4

Upgrade from previous release should not be problematic. Internal data migration is not performed in this release. There might be need to update your logging configuration file – details are provided in the Unity manual, in the upgrading chapter.

DETAILED LIST OF CHANGES

New features:
Bugs fixed:
  • UY-1158 Upman groups browser should consume whole available vertical space of a window
  • UY-1159 Removal of a subproject broken in upman

This version was skipped due to technical problem in the release automation.

Please go straight to the next version.

New features:
Bugs fixed:
  • UY-1150 Invalid timeout computation for credential reset code
New features:
  • UY-1137 Add a button in UpMan to switch to the home endpoint
  • UY-1138 Allow for sending invitations to multiple email addresses at the same time in Upman
  • UY-1139 Enforce groups selection by inviting Upman manager
  • UY-1140 Show groups from invitation in the email
Bugs fixed:
  • UY-1145 No authz verification when multi groups add operation is called
  • UY-1146 FIDO2 Credential desription is placed over tool-tip
  • UY-1147 Invalid resolving of displayed names of groups in console
New features:
  • UY-1060 Support HTTP redirect binding signatures for SAML
  • UY-1071 Support MySQL 8
  • UY-1101 Cyclic dependency update for 3.5
  • UY-1106 Log & record registration processing
  • UY-1108 Improve logging levels and facilities
  • UY-1112 JUL should use Unity logging configuration and output
  • UY-1116 Improve group names display in console
  • UY-1117 Support bulk groups creation with complete config over REST admin
  • UY-1122 Generate low-level event when account is deleted in effect of self-removal
  • UY-1128 Refactor to use dedicated type instead of String to represent authn option id
  • UY-1129 Upgrade to vaadin 8.12
  • UY-1131 Support mulitple SAML signing keys even when sig key not specified in message
  • UY-1132 FIDO2 support for login-less options
Bugs fixed:
  • UY-1133 Incomplete SAML SOAP attribute query endpoint path in metadata
  • UY-1134 Upman i18n messages are not put into distribution

ALL REVISIONS

Here you can download all versions from the series and read their documentation:

 

RELEASE 3.5.4: DOWNLOAD DOCUMENTATION

RELEASE 3.5.3: SKIPPED

RELEASE 3.5.2: DOWNLOAD DOCUMENTATION

RELEASE 3.5.1: DOWNLOAD DOCUMENTATION

RELEASE 3.5.0: DOWNLOAD DOCUMENTATION