Release Notes TrustBuilder Identity Hub 8.1

The release of Identity Hub has following features:

  • Federation Bridging (SAML2, OpenID.Connect, WSFed)
  • Course Grained Authorization Rules
  • Authentication Schemes for Multi Factor and Authentication level
  • TrustBuilder Store to store additional information about users
  • Linking Users to Service Providers (Applications)
  • Linking Users to Identity Providers (Authentication)
  • Workflows to access other stores like LDAP, Database, API's ...
  • Administration Portal
  • Self Service Portal

Reference Documentation is available in Administration Portal under the User menu.

New Installations:

Guide to setting up a TB IDHub 8.1 Development Machine

Upgrade notes:

If you have a previous (v8 or v8.1 beta) version of the Identity Hub installed, there is some data migration required. The IDP Identity value is no longer stored in the link between the IDP and User but now as a User attribute. We provide you with a migration script (/opt/trustbuilder/tomcat-core/webapps/idhub/WEB-INF/classes/database/create_idp_attribute.sql) to help migrate this data (if required)

Feel free to contact us for more information


Stories covered by this release:

  • The default list of special characters for the U/P IDP should be extended
  • The administrator should have the possibility to specify a lockout timeout.
  • Changes to authentication validation
  • The administrator should have to option to specify the order or user attributes on the user edit screen
  • Verify signature with specific alias
  • changing order of create saml2 idp input elements
  • Add global parameters for flow
  • Allow administrators to make email verification optional
  • The authentication scheme related properties of a SP should be accessible from different screen
  • The administrator should no longer have the option to directly link allowed IDPs to SPs
  • Administrators should be able to use verified primary e-mail address as target for reset password mails
  • The administrator should have the option to specify additional password options
  • Add support for IDP provisioning using dynamic (subject) linking
  • The administrator should be able to redirect mail notifications to custom workflows
  • Display attribute verification status
  • The proxy should support inactivity timeouts in addition to ttl
  • OAuth resource proxy
  • implement Authentication Schemes for SPs
  • TAM as a service (Part I)
  • Identification of error data when validating incoming JSON data should be standard for all REST calls
  • The Administrator should no longer have access to pre-"Subjects are not set explicitly in the database for SP's" functionality
  • Administrators should have a more consistent view for defining the relationship between principals and service providers
  • The user access to a service provider should be checked using a combination of default rules and user-defined rules
  • The administrator should be able to specify allowed IDPs as part of coarse-grained SP authorization
  • Possibility to provision a user (REST) with hashedPassword
  • Support for multiple hashing algorithms in the U/P IDP
  • Subjects are not set explicitly in the database for IDP's
  • Subjects are not set explicitly in the database for SP's
  • Integrate TB for clients in the Idhub userportal
  • Nginx does not strip auth headers
  • The administrator should be allowed to manage keys / certificates used by IDHub
  • A user can define validated communication channels that IDHub can use to send information to the user
  • The administrator can define the terms of authorization for a service provider in the admin portal.
  • emove redundant selfservice paths in self-service rest calls
  • SAML2 keys / certificates should be stored in the database rather than file key/truststores.
  • Change front end to follow refactoring changes to backend for validation
  • The administrator should be able to set global preferences for the IDHub
  • Visual changes to Self Service portal
  • The administrator should not be allowed to remove or update the built-in SP's and IDPs
  • Remove explicit linking for Service Providers
  • User creates a New User Attribute without filling in one of the mandatory fields
  • The User clicks the "Apply" Filter button without entering or setting any search items
  • Some modifications to the root (IDHub) administrator are not allowed.
  • Password policy has some issues with special chars which are meta-characters
  • if an IDP is an internal IDP (out of the box) removal should not be allowed from the portal
  • Logout landing page
  • Test admin portal with large number of users
  • Improve admin portal UX
  • ability to add/edit/remove logo's from sp's and idp's
  • Add displayname to authentication provider and displayname card
  • Any of the following attributes may optionally be installed.
  • When administrators provision users (user/password) a mail should be sent to the users.
  • SP's should have the possibility to accept all IDPs (without explicit linking).
  • At startup the portal should check the DB schema version and add support to install or upgrade
  • Delegated administrators should only be allowed to manage users
  • Allow rule suites to be defined outside war.
  • add http-redirect-binding in saml2 component
  • Organize REST calls (public, admin, self-service)
  • Create a fallback scenario based on configuration
  • Add OAUTH 2.0 IDP
  • Update Admin GUI to use java REST calls
  • Export list of filtered users to CSV
  • Remove dependency on required attributes out of the box
  • User List should be customisable
  • Create - , last update and Last Authenticated time for Principal
  • Self service concerning local userpassword
  • IDP and SP should have the possibility to add a logo
  • Self Service Reset Password
  • Create Time and LastUpdate Time on Principal
  • View, update and store password policy
  • Add creation timestamp and last used timestamp to principal
  • Add support to return a filtered list of users, depending on the administrator user.
  • Lock a user globally in the IDHUB
  • SP definition for a one or more local urls
  • Document Spring design for REST calls.
  • Self Service UI
  • Store and change password policy
  • Extend the model to support attributes constrained to a list of values (enumerations).
  • Document Nginx configuration
  • SAML2 Web Profile Component
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request



Please sign in to leave a comment.