Unity 3.7.0 is another major milestone in Unity development. This release brings a large number small and medium size improvements in various areas.
Enhanced attribute statements, group properties and MVEL editor
We have added several features, that put together form a significant upgrade of attribute statements capabilities and how MVEL expressions are created.
First of all, admin can configure a custom group properties. The properties are simple key – value pairs set on group and only pertain to the group itself. We used the term ‘property’ not to introduce confusion with group attribute statements. Group properties can be used in Unity integrations (as are visible on the REST API) as well as can be used in dynamic formulas used in Unity itself, generated by MVEL expressions.
Use of MVEL statements was improved by adding a new, dedicated MVEL editor. It is launched with the gear icon next to the regular text field holding an MVEL expression. The editor which is opened not only provides a bigger space for typing, but also shows all variables available in the context of the expression.
Last but not least the group attribute statement context has now access to groupObj variable (access to complete group object with all metadata), so can match the power of output profile rules.
Easier configuration of registration with remote IdP
So far Unity required quite specific settings of a remote authenticator used in a registration form: all identity mapping rules in the input profile of such authenticator could not have the CREATE effect. That was especially problematic as the default translation profiles provided by Unity all use that effect, making default authenticators unusable for registration forms.
With this release we have eliminated this issue. Any remote authenticator is now good for direct use on registration form, regardless of its input profile settings.
IdP endpoint usage statistics
Since this release, client access to both OAuth AS and SAML IdP endpoints is subject to usage metering. Endpoint usage statistics can be seen under Maintenance menu entry in admin console, as well as retrieved from the REST API.
Data is broken down by status (success or failure) and can be natively grouped in typical time buckets.
- In case an invitation to an enquiry resolves to multiple user accounts (i.e. entities sharing the same email), user can select the account to which the submitted form shall be applied.
- OAuth token revocation endpoint was revised and made fully compliant with RFC 7009. Sending token_hint is optional, client_id is only required in case of public clients, authentication is required for confidential clients. This last feature is configurable, not to break existing setups.
- In console it is possible to to trigger endpoint configuration reload from file. Of course only for endpoints configured from files.
Upgrade from 3.6
This upgrade will perform a data migration. It is advised to take a backup.