OSIAM 3.0

Merge pull request #43 from tkrille/release-3.0

Release 3.0

OSIAM 2.5

Changelog

OSIAM Auth Server 2.5

Features

• Use JDBC connection pooling

  By default the pool has a size of 10 and a timeout of 30s to acquire a connection.
  These settings can be changed with the following configuration properties:

  • org.osiam.auth-server.db.maximum-pool-size
  • org.osiam.auth-server.db.connection-timeout-ms

• Support retrieving list of clients

  Use the resource endpoint /Client with GET.

• Make number of parallel connections to the auth-server configurable

  The default is 40 and can be changed with the following configuration property:

  • org.osiam.resource-server.connector.max-connections

• Make timeouts of connections to auth-server configurable

  By default the read timeout is set to 10000ms and the connect timeout to 5000ms.
  These settings can be changed with the following configuration properties:

  • org.osiam.resource-server.connector.read-timeout-ms
  • org.osiam.resource-server.connector.connect-timeout-ms

Changes

• Add Flyway migration to replace method-based scopes

  The migration removes all method-based scopes from the auth-server client and adds the scope ADMIN.

• Increase default timeouts for connections to resource-server

  By default the read timeout is set to 10000ms and the connect timeout to 5000ms.

• Increase default maximum number of parallel connections to resource-server

  The default is 40.

• Switch to Spring Boot

• Refactor database schema

  Note: Some fields in table osiam_client have been renamed:

  • accesstokenvalidityseconds becomes access_token_validity_seconds
  • refreshtokenvalidityseconds becomes refresh_token_validity_seconds
  • validityinseconds becomes validity_in_seconds

  Update your SQL scripts, if you add OAuth 2 clients via direct database manipulation.
  It's recommended to use the RESTful endpoints under /Client to manage Clients.

Fixes

• Make sure access_token, refresh_token and token_type are added only
  once to the returned Access Token (Fixes #42).

• Remove scopes from the Access Token (Fixes #51).

• Prevent NPE when User#active is null

• Handle duplicate client creation error on application level

  Respond with Conflict 409 when a client with a requested client id already
  exists

Updates

• OSIAM connector4java 1.8
• MySQL JDBC driver 5.1.37
• PostgreSQL JDBC driver 9.4-1205
• OAuth2 for Spring Security 2.0.8

OSIAM Resource Server 2.5

Features

• Use JDBC connection pooling

  By default the pool has a size of 10 and a timeout of 30s to acquire a connection.
  These settings can be changed with the following configuration properties:

  • org.osiam.resource-server.db.maximum-pool-size
  • org.osiam.resource-server.db.connection-timeout-ms

• Populate the type field of a Group's members

  Members of a Group have their type field set to either User or Group.

• Make number of parallel connections to the auth-server configurable

  The default is 40 and can be changed with the following configuration property:

  • org.osiam.auth-server.connector.max-connections

• Make timeouts of connections to auth-server configurable

  By default the read timeout is set to 10000ms and the connect timeout to 5000ms.
  These settings can be changed with the following configuration properties:

  • org.osiam.auth-server.connector.read-timeout-ms
  • org.osiam.auth-server.connector.connect-timeout-ms

Changes

• Increase default timeouts for connections to auth-server

  By default the read timeout is set to 10000ms and the connect timeout to 5000ms.

• Increase default maximum number of parallel connections to auth-server

  The default is 40.

• Switch to Spring Boot

• Refactor database schema

  Note: Some fields in table scim_extension_field have been renamed:

  • extension_internal_id becomes extension;
  • is_required becomes required;

  Update your SQL scripts, if you add SCIM 2 extensions via direct database
  manipulation.

• Produce a meaningful log message and respond with 503 TEMPORARILY UNAVAILABLE
  instead of 409 CONFLICT if the auth-server cannot be reached to validate or
  revoke an access token.

• All invalid search queries now respond with a 400 BAD REQUEST instead of
  409 CONFLICT status code.

• Respond with 401 UNAUTHORIZED when revoking or validating an access token
  fails because of invalid access token.

• Remove configuration property org.osiam.resource-server.db.dialect

• Remove self written profiling solution since we now use the Metrics
  framework. This removes the configuration property org.osiam.resource-server.profiling

• Make the generated errors SCIM compliant

  Error responses look like this according to Scim 2:

  {
    "schemas": ["urn:ietf:params:scim:api:messages:2.0:Error"],
    "detail": "Resource 2819c223-7f76-453a-919d-413861904646 not found",
    "status": "404"
  }
  

Fixes

• Only set UserEntity#active if value is not null

  Prevents a NPE when storing users that have no value for the active field.

• Use correct schema for Scim resources

  Affected resources and the changes are:

  • User: urn:scim:schemas:core:2.0:User becomes urn:ietf:params:scim:schemas:core:2.0:User
  • Group: urn:scim:schemas:core:2.0:Group becomes urn:ietf:params:scim:schemas:core:2.0:Group
  • ListResponse: urn:scim:schemas:core:2.0:User/urn:scim:schemas:core:2.0:Group becomes urn:ietf:params:scim:api:messages:2.0:ListResponse
  • ServiceProviderConfig: urn:scim:schemas:core:2.0:ServiceProviderConfig becomes urn:ietf:params:scim:schemas:core:2.0:ServiceProviderConfig

Updates

• OSIAM connector4java 1.8
• MySQL JDBC driver 5.1.37
• PostgreSQL JDBC driver 9.4-1205
• AspectJ 1.8.7
• Metrics Spring Integration 3.1.2

OSIAM addon-self-administration 1.8

NOTICE: This version should be compatible with all versions of OSIAM >= 2.2.

Features

• Support legacy SCIM schemas for connecting to OSIAM <= 2.3

  See Connection to OSIAM, if you use
  OSIAM <= 2.3.

• Support OSIAM 3.x

  See Connection to OSIAM, if you use OSIAM 3.x.

Changes

• Make SQL scripts more independent of database schema

  Use INSERTs without field names.

• Use the new scope ADMIN for connections to OSIAM

  Abandon the usage of the deprecated method-based scoped.
  SQL files have been changed to install the necessary client with scope ADMIN.
  Add the scope ADMIN to the addon-self-administration-client:

  INSERT INTO osiam_client_scopes (id, scope) VALUES (<id of addon-self-administration-client>, 'ADMIN');
  

  By default <id of addon-self-administration-client> is set to 10.

Updates

• OSIAM connector4java 1.8
• Plugin API 1.5
• Spring Boot 1.2.7

OSIAM addon-administration 1.8

NOTICE: This version should be compatible with all versions of OSIAM >= 2.2.

Features

• Support legacy SCIM schemas for connecting to OSIAM <= 2.3

  See OSIAM Endpoints (OSIAM 2.x), if you use OSIAM <= 2.3.

• Support OSIAM 3.x

  See OSIAM Endpoints (OSIAM 3.x), if you use OSIAM 3.x.

Changes

• Make SQL scripts more independent of database schema

  Use INSERTs without field names.

• Change table name in SQL script admin_group.sql

  Due to the database schema changes in the resource-server, scim_group_scim_id becomes scim_group_members.
  A statement with the old table name is still contained as a comment for your convenience.

• Use the new scope ADMIN for connections to OSIAM

  Abandon the usage of the deprecated method-based scopes.
  SQL files have been changed to install the necessary client with scope ADMIN.
  Add the scope ADMIN to the addon-administration-client:

  INSERT INTO osiam_client_scopes (id, scope) VALUES (<id of addon-administration-client>, 'ADMIN');
  

  By default <id of addon-administration-client> is set to 20.

• Remove deprecated SQL file example_data.sql

Fixes

• Fix handling of boolean extension fields

  Fixes #83

• Create REST client only once to improve performance

Updates

• OSIAM connector4java 1.8
• Spring Boot 1.2.7

OSIAM 2.4

Changelog

OSIAM Auth Server 2.3

Features

• JDBC connection pooling

Changes

• Increase timeouts for connections to resource-server
• Increase maximum number of parallel connections to resource-server

Fixes

• Make sure access_token, refresh_token and token_type are added only
  once to the returned Access Token (Fixes bug #42).
• Remove scopes from the Access Token (Fixes bug #51).
• Prevent NPE when User#active is null

Updates

• OSIAM connector4java 1.7
• MySQL JDBC driver 5.1.36
• PostgreSQL JDBC driver 9.4-1203
• Spring 4.1.7.RELEASE
• AspectJ 1.8.7
• SLF4J LOG4J-12 Binding 1.7.12

OSIAM Resource Server 2.3

Features

• JDBC connection pooling
• Set MemberRef Type in GroupConverter

Changes

• Increase timeouts for connections to auth-server
• Increase maximum number of parallel connections to auth-server

Fixes

• Only set UserEntity#active if value is not null
• Use correct Schema for SCIMSearchResult

Updates

• OSIAM connector4java 1.7
• MySQL JDBC driver 5.1.36
• PostgreSQL JDBC driver 9.4-1203
• Spring 4.1.7.RELEASE
• AspectJ 1.8.7
• Joda Time 2.8.2
• Metrics Spring Integration 3.1.2

OSIAM Self Administration 1.7

Features

• Rollback User Creation on MailException

Updates

• OSIAM connector4java 1.7
• Spring Boot 1.2.6
• Joda Time 2.8.2

OSIAM Administration 1.7

Updates

• OSIAM connector4java 1.7
• Spring Boot 1.2.6

OSIAM 2.3

Changelog

OSIAM Auth Server

2.2 - 2015-06-18

Changes

• Bump connector to make use of more concurrent HTTP connections

OSIAM Resource Server

2.2 - 2015-06-18

Changes

• Bump connector to make use of more concurrent HTTP connections

OSIAM Addon Self Administration

1.6 - 2015-06-18

Changes

• Bump connector to make use of more concurrent HTTP connections
• Bump plugin API to 1.4
• Bump Jackson version

OSIAM Addon Administration

1.6 - 2015-06-18

Features

• Allow setting of external_id for users
• Add button to copy user id into external id field

Changes

• Bump Jackson version
• Bump connector to make use of more concurrent HTTP connections
• UI: Apply Bootstrap defaults

Fixes

• Rename Style.css to currently used name in template
• Add templates for (de-)activation of users
• sw = is not a filter operator
• UI: Make dropdowns work again in IE8+
• UI: Make back/cancel buttons work again in IE8+
• UI: Fix visual glitches icons
• UI: Align checkboxes on group membership view
• UI: Fix ambiguous form submission in IE8 in group membership

OSIAM 2.2

Changelog

OSIAM auth server

2.1.2 - 2015-06-02

Fixes

• Revert 'Change OAuth JSON error to comply to spec'

  "old style" error messages are back:

  {
    "error_code": "...",
    "description": "..."
  }

2.1.1 - 2015-06-02

Other

• Append classifier to distribution artifact

2.1 - 2015-06-02

Features

• Support for new ME scope
• Support for new ADMIN scope
• Remember and check timestamp of approval per client in web session

Changes

• Remove field expiry from OAuth clients
• Bump dependencies

Fixes

• Revert change that disabled single sign-on

• Secure the '/token/revocation' endpoints

• Change OAuth JSON error to comply to spec

  Was:

  {
    "error_code": "...",
    "description": "..."
  }

  Changed to:

  {
    "error": "...",
    "description": "..."
  }

Other

• Auth-server now lives in its own Git repo
• Changed artifact id from osiam-auth-server to auth-server

OSIAM resource server

2.1 - 2015-06-02

Features

• Support for new ME scope
• Support for new ADMIN scope

Fixes

• Secure search endpoint on /
• PostalCode should not be retrieved as literal null string when not set

Other

• resource-server now lives in its own Git repo
• Changed artifact id from osiam-resource-server to resource-server

OSIAM addon-self-administration

1.5 - 2015-06-02

Changes

• Add sensible default values for most configuration properties

  See docs for details

• Remove possibility to configure the requested scopes

  The configuration parameter wasn't used anyway

• Remove possibility to configure the extension's attributes

• Remove field expiry from OAuth client in SQL scripts

  The field expiry has been removed from the auth-server
  (osiam/auth-server#9) and must be removed from the SQL scripts too.

• Change some attributes of OAuth client

  • Remove unnecessary grants: authorisation code grant, refresh token grant,
    resource owner credentials grant
  • Decrease access token validity to 300 seconds

• Rename SQL scripts for installing client and extension

  Use client.sql to create the OAuth client in the auth-server's database
  and extension.sql to create the SCIM extension in the resource-server's
  database. The old files are still in place for compatibility reasons, but
  will receive no further updates and be eventually removed in a future
  version. All users are encouraged to update to the new files.

• Bump dependencies

Fixes

• If no address field is set, the user should have no address

Other

• Introduce Spring Boot
• Switch from xml to java configuration

OSIAM addon-administration

1.5 - 2015-06-02

Changes

• Remove field expiry from OAuth client in SQL scripts

  The field expiry has been removed from the auth-server (osiam/auth-server#9)
  and must be removed from the SQL scripts too.

• Adjust some attributes of the 'admin' group

  • Set external_id to NULL
  • Set created and lastmodified timestamps to LOCALTIMESTAMP

• Adjust some attributes of the OAuth client

  • Enable implicit approval
  • Remove unnecessary grants: resource owner credentials grant, client
    credentials grant, refresh token grant
  • Increase access token validity to 8 hours
  • Decrease refresh token validity to 0 seconds
  • Decrease approval validity to 0 seconds

• Rename SQL scripts for installing client and group

  Use client.sql to create the OAuth client in the auth-server's database
  and admin_group.sql to create the SCIM group admin in th
  resource-server's database and also associate it with the user with id 1.
  The old file is still in place for compatibility reasons, but will receive
  no further updates and be eventually removed in a future version. All users
  are encouraged to update to the new files.

Fixes

• Client database id may lead to problems with other clients

  Changed from 1 to 10

OSIAM 2.1

Changelog

addon-self-administration 1.4 - 2015-05-11

Features

This is a full feature set to handle the expiration of all tokens. For more
information have a look at the configuration.

• expiration of one time passwords
• expiration of confirmation tokens
• expiration of activation tokens
• scavenge expired tokens

Changes

• use latest plugin api release: Version 1.3.2
• switch to latest connector release: Version 1.4
• bump dependencies and cleanup pom
• move documentation from wiki to repo

Fixes

• handle missing extension field gracefully
• client database id may lead to problems with other clients

OSIAM 2.0

Changelog

Breaking changes!

resource-server 2.0, auth-server 2.0 - 2015-04-29

This release introduces breaking changes, due to the introduction of automatic database schema updates powered by Flyway. See the migration notes for further details.

Features

• Support automatic database migrations
• create JAR containing the classes of app

Fixes

• lower constraint index lengths for MySQL
• replace Windows line endings with Unix ones in SQL scripts

Changes

• decrease default verbosity
• bump dependency versions
• move documentation from Wiki to repo
• rename file RELEASE.NOTES to CHANGELOG.md

OSIAM 1.3.2

Merge pull request #7 from tkrille/osiam-1.3.2

Looks good

v1.2: Merge pull request #4 from tkrille/osiam-1.2

Update to OSIAM 1.2

v1.1: Merge pull request #3 from dacrome/added-addon-administration

Changelog

• Update to OSIAM 1.1
• [feature] administration ui (addon-administration)