Release Highlights

The 3.11.0 release is a major step towards Unity 4: big changes ahead. All upgrades should be carefully pre-tested, after review of Unity 3.11.0 update instruction, available in Unity manual.

Java 17 supported & groovy update

Java 17 is officially supported runtime since this release. It will become mandatory when Unity turns 4.

To make it happen we had to upgrade Groovy to version 3.0.12. This means that Groovy 3 features can be used in Unity extension scripts. Please note that Groovy 3 introduces also couple of breaking changes over previously used Groovy 2.

SAML related enhancements

The biggest change in SAML area is pre-fetching of federation logo images by Unity, and serving them from the local HTTP server, on sign-in pages. This change resolves many problems related to the previous approach where a person entering Unity sign-in page could get requests (and get cookies) from a number of federation IdPs. Also certificate and TLS related misconfigurations of IdP servers could interfere with Unity page loading, what won’t happen any more.

Besides of this change we have applied several smaller improvements to SAML federations handling:

  • Performance of the first loading of trusted SAML entities was significantly improved.
  • The first metadata refresh was always postponed for the metadata refresh interval which was effective at server start. So a decrease of the interval soon after server start could be made effective after prolonged amount of time. This problem was resolved.
  • A spurious metadata refresh that could randomly happen was eliminated. This situation was possible at server startup and after reconfiguration.

OAuth: refresh tokens for public clients

Unity OAuth Authorization server can now issue refresh tokens for public clients. This feature must be enabled, and also turns on extra security measure: tokens rotation. In this scenario, each refresh token can be used only once, and each refresh is returning a new access token and a new refresh token.

Upman on the latest web technology stack

This is by far the biggest change in this release, although touching the rarely used UpMan service. Web technology stack used by UpMan was upgraded from Vaadin 8 to Vaadin 23 and now is based on cutting edge web technologies, including web components.

The default UI look and feel was refreshed, as the underlying theme was changed as well. Also all UI customizations need to be prepared in a different, significantly simpler, form.

This change is the first step towards upgrading of all Unity web UIs, which will be rebased to the same technology as UpMan is using since this release. This bigger work will be available in the version 4 of Unity.

Jetty 9 → 10

Jetty, our embedded HTTP server, was upgraded to the version 10. This change should not affect production setups, but allows us to expose new features in future like SNI.

Miscellaneous improvements

  • “GN” is supported in X.500 identity as an alias to GIVENNAME.
  • Some parts of SCIM endpoint configuration can be controlled with its dedicated admin REST API.
  • Resending of invitations (especially expired ones) from UpMan was fixed and resets validity time.
  • Possible crashing of trusted applications tab loading in Home UI was fixed.

Upgrade from 3.10.x

Version 3.11 brings significant changes for all UpMan users. Reading upgrade documentation and re-working customizations of UI (if were performed) is necessary. There are also many other changes in this version as update of Groovy library.

This version do not include database migration, however making a DB backup is as always recommended before upgrading.