3.3.4 was published on 12.10.2020


can be read from:


Unity requires Java VM to be installed (JRE). Minimum supported version is 8. Unity is also tested on Java 11, which become supported since release 3.0 and becomes a default platform from release 3.2.


There are two distribution formats:

  • tar.gz bundle which can be unpacked and this way installed in a single directory,
  • rpm which can be installed system-wide in the Linux standard locations.

The rpm is build and tested on Centos 7, noarch. It should work flawlessly also on SL7 and recent Fedora distributions. We may build packages for other distributions in future, however the tar.gz format should be fully portable and is our primary distribution form.

We found couple of issues related to the initial versions of migration (especially the in place DB-based migration) from Unity 2 to 3. Those issues were fixed in version 3.1.1. This post provides more details if you are affected. What is more initial versions of new editors added in Console (authenticators, services and IdPs) caused couple of unintentional changes to the original configuration. Those issues were fixed in 3.1.2 version.


General information

Unity 3.3.0 release brings a large set of improvements and brand new features. Additionally couple of bugs were fixed, see in the detailed changelog below for details.

Policy documents

Policy documents are a new global concept in Unity. Administrator can define documents covering ToU, SLA, marketing agreements and any other alike. Documents are versioned, can be provided in multiple forms and can be mandatory or optional.

Defined policy documents can be configured as a part of registration, enquiry or sign-in over IdP endpoint flows. Unity will record (as a special user attribute) acceptance or refusal, allowing to re-prompt after document update. It is additionally possible to configure in what way acceptance should be requested.

One time passwords

A new credential type is available: one time codes, technically the popular TOTP variant. It is a credential useful typically as the 2nd factor in two step authentication.

With this credential users can verify their identity with help of Google Authenticator, Microsoft Authenticator, RedHat’s FreeOTP or any other similar app.

Other notable improvements
  • Shared translation profiles can be managed in Admin Console now.
  • Default appearance of the authentication screen (and all other views) was improved a lot, aligned and unified with general Unity style.
  • Authentication screen appearance on narrow mobile screens was improved in case of multiple columns with authentication options.
  • Registration form can be configured to deny request using an occupied identity at submission time.
  • Credentials editing in Admin Console and HomeUI was reworked and offers much better UX now.
  • MFA preference can be controlled with registration form action
  • We started to provide a more intuitive contextual help in Admin Console. Only few components use this feature so far, but we will expand it in the next revisions. For examples see Realms or OTP credential definition.

Upgrade from 3.2

Upgrade from previous release should not be problematic. Internal data migration will be performed. As usual, don’t forget to create a backup before upgrade.

There are two aspects to be taken into account when upgrading:

  • sidebarTheme, a theme that was internally used for Admin Console and UpMan, was dropped and merged with unityThemeValo, the only style covering Unity appearance from now. The unification, together with general UI cleanup required us to apply rather big changes in styling. If using custom styles test them carefully if nothing got broken.
  • we fixed one long lasting bug, related to loading UI configuration of authenticators: this configuration, typically having one displayed name, was ignored. Now it is not. It may happen that errors in the ignored config file will be visible after update. This is most likely in the case of X.509 certificate authenticator – users of this authenticator should verify its “Visual configuration” section and pay attention to server log warnings.

Move to Maven Central

Relevant for developers using Unity only.

Unity libraries from version 3.3.0 are deployed in Maven Central repository. The formerly used FZJ repository is not longer used. FZJ: thank you a lot for many years of support!

What is more the groupId of all maven modules was changed to:



New features:
  • UY-1079 Improve “logged as” message
  • UY-1083 Ability to copy links to invitations from upman
Bugs fixed:
  • UY-1076 Fix type of active field returned by OAuth token introspection endpoint
  • UY-1077 Broken validation on console authn screen in case of single option under authenticator
  • UY-1078 “null” source of attribute shown in console
  • UY-1080 Broken H2 version
  • UY-1085 Broken enquiry by invitation flow
New features:
  • UY-1069 Drop requirement to have at least 2 credentials to enable 2F checkbox
  • UY-1072 Complete control of group metadata over REST API
Bugs fixed:
  • UY-1070 Upman invitations view crashes when one of invitations contains a removed group
  • UY-1074 Multiple certificates per SAML entity with the same DN are not handled correctly
New features:
  • UY-1063 Add credential status and 2F opt in control to the REST API
  • UY-1066 Add access to group’s displayed name to the MVEL context of output profile
Bugs fixed:
  • UY-1034 Verify if per-authenticator config of default registration form works
New features:
  • UY-1056 Accept recently added TLD in email validation
  • UY-1057 Allow for hiding 2nd factor opt-in control on HomeUI
Bugs fixed:
  • UY-1058 2nd factor credentials can’t be used without username&email identity
  • UY-1059 Credential reset for users without username&email identity
  • UY-1061 Error opening and editing group attribute statements
  • UY-1062 Error when dragging authn option in console authn screen config
New features:
  • UY-962 Management of shared translation profiles in Console
  • UY-984 Unify unity default themes
  • UY-986 Policy documents definition and management
  • UY-1008 Mobile authN UI: put all columns one under another
  • UY-1020 TLS 1.0 and 1.1 disabled by default
  • UY-1031 update dependencies for 3.3.0
  • UY-1035 Option not to accept registration requests with occupied identity
  • UY-1036 Hide verification control in registration form editor for elements not supporting it
  • UY-1038 Switch to maven central deployed dependencies
  • UY-1039 Move unity to maven central repository
  • UY-1041 Add tokens manager and spring context to Groovy script environment
  • UY-1042 Add “Add” button to attribtues panel in directory browser
  • UY-1049 Allow for lower scrypt min work factor
  • UY-1051 Improve local credentials handling in console and homeUI
  • UY-1052 Practical method to setup 2nd factor for existing users
  • UY-1054 Polish default CSS styling of the authentication screen
  • UY-620 OTP credential
  • UY-732 Create the help widget
  • UY-987 Configuring agreements for IdP endpoint
  • UY-988 Rendering of agreements for IdP endpoints
  • UY-989 Agreements in registration and enquiry forms
Bugs fixed:
  • UY-1032 Refresh groups tree
  • UY-1033 Edit of root group causes troubles
  • UY-1043 Changing credential type when editing must be forbidden
  • UY-1044 Authentication configuration editor in console doesn’t permit to configure flows
  • UY-1046 External authN progress not disappearing when moving to 2nd factor authN screen
  • UY-1047 Local authenticator web settings not used for web authN widgets
  • UY-1048 Loading of password definition editor dialog can hang


Here you can download previous versions from the series and read their documentation: