The September release of TrustBuilder consists of various bugfixes and new features. (complete list below). OS rpm's are also updated to reflect the latest changes of the CentOS upstream repository.
Important:
Before you begin it is recommended to create a backup of the IDHUB database and your appliance configuration files.
New Features:
- Templates: You can customise the templates from the SAML2 Post Profile, E-mail verification and Password reset. This can be done through the Administration Portal > Templates menu. The templates are in plain text (or plain html) and can be changed. To enable a SAML2 Post Profile template. A new configuration option has been added to the SAML2 Service Provider. You can select a different Post profile template. If you want to change it globally, you can edit the Default template in the system. Important: If the template is not correct you can potentially halt TrustBuilder operations. If you changed a template and it is not correct, there is a reset functionality available in the install application.
- Office 365 Integration: Added a new WS-Federation Service Provider option for O365 Pre-Adal authentcation. A how-to is available in the documentation explaining the configuration.
- Whitelist: Every URL that is received in TrustBuilder as a Query Parameter or Post Parameter is validated against a whitelist. This is a list of regular expressions, an URL must match with one of the entries otherwise TrustBuilder will not continue.
- SAML2 IDP Push: Functionality has been added for receiving a SAML2 Push with a target URL. If the push is successful and the target URL is valid a redirect will be initiated to this URL
- Anonymous access based on HTTP Method: Added the possibility for a Gateway public_web_app location to do authorization request to the TrustBuilder Authorization API. This is usefull when you have applications that want to protect certain HTTP Verbs (allow anonymous GET but POST, PUT, DELETE require authorization). To achieve this you will need to define your public web application as a normal Service Provider. Add the necessary authorization rules (options have been added to check for anonymous access) and change the configuration in the gateway from public_web_app(headerConfiguration) to public_web_app(headerConfiguration, true). if you do not have headers configured it can be public_web_app(nil,true)
Versions:
Gateway:
- Nginx 1.11.1
- Naxsi 0.55.1
- OpenResty 1.11.2.1
Repository:
- MariaDB 10.0.0.27
Changelog Summary:
- TB-3413 Basic UI Improvements TB-3431 - align user attribute property
- TB-3413 Basic UI Improvements TB-3424 - Check if saved on SP
- TB-3413 Basic UI Improvements TB-3423 - There is no home page BUG FIX
- Homepage small fixes
- TB-3415, TB-3429: Add missing arrows to panels. Make panel headings
- TB-3429: Make panel heading clickable for user list filter.
- TB-3429: Make panel headings clickable (not only the chevron arrow)
- only search for partner when no sessionindex is set
- Whitelist for redirects
- Fix multi-value-field-directive values binding. Refactor settings page
- Global Settings: Add existing workflow ids as options to Session
- Remove deprecated functions
- Formatting
- SAML2 Push Authentication only
- TB-3437: Add list, edit and create screens. Add templateService that
- TB-3432 add more information for error handling. add {{idhub_entity_id}}
- TB-3430 - Improve display of email verification status
- FIX: uri encode the idhub_entity_id
- Remove & # and $ from special characters
- TB-3422 - Breadcrumb too large
- if there is a sessionkey use it, otherwise not (missing fix)
- TB-3407 - "Register/New" when no "Required" attributes available
- TB-3437: Add delete modal. Generate unique ids in mock templateService.
- Filter: Add filter for listing the keys of an object using Object.keys
- TB-3441 - Allow one empty URI for SP > application authorization
- TB-3445: Adjust template model to coincide with the one specified in the
- TB-3019 WSFED Service Provider Model , DAO + SQL
- WS Federation SP Service
- TB-3019 JsonDeserializer for WsFederationSp
- WsFedSp Unit test
- TB-3440 - TB does not function with Java 8 101/2
- TB-3445: Update style of tabs in template modify screen.
- TB-3019 : add WsFedSP
- TB-3422 - Breadcrumb too large BUG
- TB-3448 - change name of attribute rules to authentication rules
- TB-3443 - Create new SP TYPE frontend All fields are manadtory This is
- TB-3445: Add variables read-only field that will display the required
- Removed the UnsatisfiedLinkErrors by removing the vacman.jar from the
- TB-3451: Create models of templates, translations and enum types.
- There was a problem with the loadGlobalSettings() of the settingsfacade
- Added STS Endpoint and Mex (with soap validation)
- add the extra message to the message
- TB-3453: Create database template and translation tables. Populate
- TB-3453: Add changes to h2 bootstrap script to allow unit testing. Use
- TB-3458: Calling a workflow from within derived attributes uses the
- TB-3421 - Inconsistency in check boxes SP create and modify.
- TB-3457 - Remove Name of Scheme and Method after Delete Statement
- TB-3457 - Remove Name of Scheme and Method after Delete Statement
- Unit Tests: Extract code for mocking http calls into new abstract class
- Unit Tests: Move ControllerTest class to correct directory
- TB-3451: Update template and translation models. Add deserializer for
- TB-3462: Add main logic for creating and reading templates.
- TB-3437 Templates: Rename package
- remove keystorelocation as it is redundant
- enable unit tests
- proxy logout
- TB-3462: Add updating and deletion support.
- TB-3742 - logout issue
- TB-3472
- STS
- TB-3462: Fix isDefaultTemplate method. Only update template properties
- TB-3463: Rename TemplateServiceTest to TemplateControllerTest since it
- Bug toJSON in savestate
- TB-3463 Unit Tests: Add more checks to testUpdateDefaultTemplate.
- TB-3453 Database: Rename POST_PROFILE_CODE to POST_PROFILE
- Revert "TB-3453 Database: Rename POST_PROFILE_CODE to POST_PROFILE"
- TB-3453 Database: Move alter table statements to create statement.
- TB-3462 Saml2 SP/IDP: Add postProfile field to Saml2 IDPs and SPs.
- TB-3463 Unit Tests: Check postProfile field in Saml2 IDP and SP tests
- TB-3474: An empty URL in SP authorization rules should not result in an
- TB-3474: An empty URL in SP authorization rules should not result in an
- TB-3437: Return empty response in update REST call. Refactoring.
- TB-3463 Unit Tests: Test duplicate templates on creation. Make
- TB-3437: Move the updating of translations from the service to the DAO.
- TB-3463 Unit Tests: Test deletion of a default template. Refactor
- TB-3437: - Added PostProfile. - Added support for post profile
- TB-3452 Validation: Add validation for Template and Translation classes.
- TB-3437: Templates - Added cache update in TemplateService. - TODO:
- TB-3437: Templates - Cleaned up import list ValidationResult.
- Confirmationdata in subject is optional, we do require it for a saml sp
- TB-3464 - "Save & Close" button on SP edit page does not close page
- TB-3445: Add rest calls to rest service.
- TB-3446: GUI - Link to template in IDP/SP
- TB-3437: Fix typo
- TB-3466 - Code/String Elements display during slow newtwork connections
- TB-3437: Restructure model to store translations in Map instead of List.
- Single logout with target url and whitelist
- add user info (for kerberos)
- IDP modify form: Fix ng-model and id fields.
- Form Validation: Improve scrolling and focusing of elements. Refactor
- TB-3445: Replace mock rest calls by http rest calls to the template
- Add login endpoint
- TB-3452: Improve invalid properties generated by template validation.
- Add the possibility to add the target as a queryparameter to the fixed
- STS changes
- TB-3842. execute derived attribute when there is a session also.
- Bug get default nameidformat when the nameidformat is unspecified and sp
- TB-3470: Add postProfileTemplate method to SPFacade (similar to
- TB-3446: Add postProfile field to SPs and IDPs that only allow selection
- remove check for empty field because empty fields come in as null.
- TB-3461 - Enum values are not sorted
- TB-3447: Add fields in the global settings page to link templates (of
- new logon endpoint
- unit test for multi value directive
- unit test for multi value directive
- TB-3461 - Enum values are not sorted - refactoring
- Adding logging for the assertion (handy when he was encrypted)
- TB-3461 - Enum values are not sorted - unit test for the
- - ProxyLogout - ZD-597
- TB-3461 - Enum values are not sorted - fix form control
- fix unit test
- Bugfix for SAML Push. Auth method id was not specified, gave internal
- proxy logout made the assumption dat out_headers existed.
- Add extended signature options like with SAML2
- WS federation passive profile.
- TB-3484 - Provide form to upload a DPX file
- TB-3473: Add added rest calls to admin_api_private.yaml file
- TB-3437: Add templates shortcut to home page
- TB-3437: Add translation keys to templates alert messages.
- TB-3484 - Provide form to upload a DPX file
- TB-3494 - GUI - implement anonymous flag
- TB-3496 - Application rule list has no a empty uri
- TB-3019 WSFed Service Provider Passive Profile and Active profile (STS)
- TB-3437: Prune translations with no content from the template.
- TB-3437: Throw operation-not-allowed user exception when there is an
- TB-3488 - When email is required attribute and value is pending
- TB-3488 - When email is required attribute and value is pending
- TB-3499 - E2E testing unique ids IDP provisioning
- TB-3499 - E2E testing unique ids IDP and SP list
- Changed the code to link a user to a token and setting the status to
- Add extra tables in test
- Enum does not exists
- H2 does not support enum
- TB-3483: Combined anonymous rules - Updated backend to generate
- TB-3483: Combined anonymous rules - Updated ResourceAccessRule in
- Exposes change static password functionality in the controller and
- Small change to the RestClientTest
- TB-3492 - extend digipass capabilities in IDHub TB-3500 - GUI - add
- TB-3492: Extend digipass capabilities in IDHub. Fixed two bugs: the
- TB-3492: Extend digipass capabilities in IDHub. Updated the
- JSHint: Add jshint options file to root directory.
- TB-3492 - extend digipass capabilities in IDHub TB-3501 - GUI - add
- Added default templates, cleaned up the names to something less
- workItem.request is not available when install is not ok ... so needed
- TB-3123 - Any Logged-In User(Principal) should not be able to delete
- Bugfix: Remove duplicated directive deifnition after faulty merge.
- Karma: Remove 'coverage' preprocessor when karma is started in debug
- TB-3463: Add front end unit tests for succesful creation, deletion and
- select correct post profile
- Unkown Service Provider Type when nothing was specified. Default is
- Facade was not completely done. template was not loaded ... guessing
- implement facade for assertion generation
- Implement custom branding templates for the post profile redirect pages
- Fix comments
- TB-3463: Add unit test for template edit controller.
- Remove debug content.
- TB-3509 - error on settings page when no workflows
- TB-3511 - Add Id's to the user attribute buttons
- seperating some of the logic in smaller modules
- TB-3512 - Digipass settings issues
- Fixed a couple of bugs that did not set the status to pending when using
- Revert "seperating some of the logic in smaller modules"
- Logger skeleton
- TB-3514 - Digipass Admin improvements
- TB-3510: Add script for resetting default templates. Add get call /reset
- TB-3510: Move /reset call to InstallationController. Remove test data
- TB-3510: Add reset page to install portal.
- TB-3510: Change REST call url to /reset/templates.
- TB-3510: Fix install API documentation. Document reset templates REST
- TB-3510: Clear the template for the IDHUB_IDP_UP IDP.
- TB-3514 - Digipass Admin improvements CORRECTED POM - missing provided
- TB-3509 - error on settings page when no workflows RE-Opened for error
- Add Request viewer to the gateway
- The principal for the credential can be empty as well
- undeclared var inside the gwlogin
- New logger helper to remove the ngx_log stuff in the scripts
- Change logging to new logger module
- TB-3503 - Anonymous rules implementation
- TB-3499 - E2E testing unique ids
- TB-3510: Add skip button to installer's reset page.
- Gateway bump up to Openresty 1.11.2.1 and naxsi 0.55.1
- ServiceProvidersFacade: - Renamed overloaded allowedIps variant with
- TB-3513 - User Attributes category click on text does not function
- The correct comparison was not set in case of an authnlevel scheme
- Add app1 as extra application in example.conf
- - Change allowedIdps to use serviceProviderFacade. - if mfaAuthNethod ==
- TB-3521 - Log the build number when starting
- if a DB Adapter is specified, logs are filled with debug messages from
- TB-3521 - Log the build number when starting
- TB-3521 - Log the build number when starting REFACTOR
- Protractor: Add IDs to identity screens.
- fixed the errors on the soap sts
- ServiceProvider Facade change bug (forgot sp())
- Consents: No longer use http call code from admin rest service.
- UserPasswordDao: - Fixed bug in retrieving salt field in
- TB-3516 - Wrong Error Message for login operations
- TB-3520 - REST API call bug
- TB-3525 - Identity Page - User Attribute Duplicate Entry value wrong
- TB-3523 - Make view styles consistent
- Templates Caching: Fix the invalidation of the cache of IDPs and SPs
- TB-3437: Retrieve and use the resetPassword and verifyAddress templates
- TB-3539 - Wrong Alert Message on Forgotten Password page
- SP service unit test
- SP service unit test
- TB-3541 - E2E testing unique ids
- idp and sp filters
- sp controller
- sp and idp controllers
- TB-3548: Re-enable support for activating workflow when provisioning a
- TB-3548: Re-enable support for activating workflow when provisioning a
Comments
Article is closed for comments.