Version history
5.8.10Bamboo 8.0.0 - 8.2.42022-06-07Reintroduce V1 API Tokens REST Service and customizable texts improvements Release notes: https://kantega-sso.atlassian.net/wiki/spaces/KSE/pages/983957505/Kantega+SSO+Enterprise+5.8.x+release+notes#Changes-in-5.8.105.8.10Bamboo Server 7.1.1 - 8.2.42022-06-07Reintroduce V1 API Tokens REST Service and customizable texts improvements Release notes: https://kantega-sso.atlassian.net/wiki/spaces/KSE/pages/983957505/Kantega+SSO+Enterprise+5.8.x+release+notes#Changes-in-5.8.105.8.7Bamboo 8.0.0 - 8.2.42022-05-23Allowlist exception to REST API access URLs, improvements and bugfixes 5.8.7Bamboo Server 7.1.1 - 8.2.42022-05-23Allowlist exception to REST API access URLs, improvements and bugfixes 5.7.2Bamboo 8.0.0 - 8.2.42022-05-02Bump API tokens REST API, SCIM in Backup & restore and IDP Wizard improvements Release notes: https://kantega-sso.atlassian.net/wiki/spaces/KSE/pages/975241217/Kantega+SSO+Enterprise+5.7.x+release+notes#Changes-in-5.7.2
P.S. This version contains a database migration for API tokens. Make sure to take a Backup of your configuration (Snapshot of config) before this update, in case you have to revert back.
5.7.2Bamboo Server 7.0.1 - 8.2.42022-05-02Bump API tokens REST API, SCIM in Backup & restore and IDP Wizard improvements Release notes: https://kantega-sso.atlassian.net/wiki/spaces/KSE/pages/975241217/Kantega+SSO+Enterprise+5.7.x+release+notes#Changes-in-5.7.2
P.S. This version contains a database migration for API tokens. Make sure to take a Backup of your configuration (Snapshot of config) before this update, in case you have to revert back.
5.6.2Bamboo 8.1.3 - 8.2.42022-03-18Bug fixes and UI improvements 5.6.2Bamboo Server 7.0.1 - 8.2.42022-03-21Bug fixes and UI improvements 5.5.4Bamboo Server 7.0.1 - 8.1.82022-02-20Temporary roll back kerberos bouncy castle and bug fixes SAML/OIDC setup wizard 5.5.2Bamboo Server 7.0.1 - 8.1.82022-02-04Dependency security updates, improvements and bug fixes 5.5.0Bamboo Server 7.0.1 - 8.1.82022-01-31Data Center, refactor and improve setup wizard, other improvements and bug fixes Release notes: https://kantega-sso.atlassian.net/wiki/spaces/KSE/pages/947683329/Kantega+SSO+Enterprise+5.5.x+release+notes#Changes-in-5.5.0
Kantega SSO Enterprise for Bamboo Data Center May 2022. We are happy to announce that Kantega SSO Enterprise will be release for Bamboo Data Center this spring. The version is planned for release during May, when the Atlassian Data Center certification process is completed. Data Center customers will be required to purchase a Data Center app license upon their next renewal.
5.4.0Bamboo Server 7.0.1 - 8.1.82022-01-24Tweaks in SAML/OIDC login redirect and bug fixes 5.3.2Bamboo Server 7.0.1 - 8.1.82022-01-19Dependency updates with security patches 5.3.0Bamboo Server 7.0.1 - 8.1.82022-01-11REST API for managing API tokens and more settings in group memberships 5.2.0Bamboo Server 7.0.1 - 8.1.82021-12-16Introducing REST API for management of configuration snapshots, create, restore 5.1.2Bamboo Server 7.0.1 - 8.1.82021-12-15Consolidate logging to Slf4j framework only Please note that Kantega SSO is not affected by Log4shell (CVE-2021-44228), but this is a consolidation to avoid other potential vulnerabilities. Read the whole release note here: https://kantega-sso.atlassian.net/wiki/spaces/KSE/pages/925892617/Kantega+SSO+Enterprise+5.1.x+release+notes#Changes-in-5.1.2
4.14.8Bamboo Server 7.0.1 - 8.1.82021-12-15Backport: Consolidate logging to Slf4j framework only Consolidated logging by replacing all remaining direct references to the provided dependency of Log4j 1.2.17 with the facade Slf4j. Older versions of Kantega SSO are not affected by CVE-2021-44228, but this release mitigates risk of other vulnerabilities. Read more about the log4j vulnerability here: https://kantega-sso.atlassian.net/wiki/spaces/KSE/pages/932118634/About+the+Log4j+vulnerability+CVE-2021-44228
5.1.1Bamboo Server 7.0.1 - 8.1.82021-12-10Fix rest filter SQL query performance issue and bug fixes 4.14.7Bamboo Server 7.0.1 - 8.0.92021-12-10Fix performance issue with unnecessary database queries to REST API filter Fix performance issue with unnecessary database queries to AO_xx_RESTRICT_APIENDPOINT on REST API filter
5.1.0Bamboo Server 7.0.1 - 8.0.92021-11-26Support SAML or OIDC SSO re-auth with websudo and visual improvements/bug fixes 5.0.3Bamboo Server 7.0.1 - 8.0.92021-11-19Fixed API TOKEN active object error during upgrade from 4.x to 5.x and bug fixes 4.14.6Bamboo Server 7.0.1 - 8.0.92021-10-20Bugfixes for API tokens and JIT provisioning Bugs
- API tokens are blocked when BasicAuth is disabled
- When using JIT provisioning and sending the email parameter as a list instead of a string, the first email is not extracted correctly
4.14.5Bamboo Server 7.0.1 - 8.0.92021-10-15Small improvements and bugfixes Improvements
- Allow user lookup in an AD directory where the user is a member of a subdomain of the directory baseDn
- Allow Jira Crowd requests to pass through when Basic Auth and API tokens are restricted
Bugs
- Just-in-time provisioning does not work with a delegated user directory
4.14.4Bamboo Server 7.0.1 - 8.0.92021-09-17Fix SCIM issue with authorization on API server URL No release notes.4.14.3Bamboo Server 7.0.1 - 8.0.92021-09-16Fix possible path traversal on delete snapshot action No release notes.4.14.2Bamboo Server 6.9.0 - 8.0.92021-09-01Authenticated anonymous browsing, SCIM and OIDC improvements, and bugfixes Features:
- [User Provisioning] Authenticated anonymous browsing: allow users to browse "anonymous" to the Atlassian product after SAML/OIDC login instead of Just-in-time create user
- [Kerberos] Toggle Kerberos based on user directory
Improvements:
- [OIDC] Support incoming list in OIDC email claim
- [OIDC/SAML] Support \L and \U for lowercase/uppercase in OIDC/SAML user lookup regular expressions
- [SCIM] Support externalId claim for filter in SCIM
- [API Tokens] REST API Access blocking non-API token requests reduced to DEBUG level logging and added to access log
Bugs:
- [API Connector] Bad handling of incorrect tenant name input
- [OIDC] OIDC single logout not triggered from Jira Service Management
4.13.2Bamboo Server 6.9.0 - 8.0.92021-08-06Fix issue where Basic Auth in SCIM could trigger login event No release notes.4.13.1Bamboo Server 6.9.0 - 8.0.92021-08-05Added Basic Auth as authentication option for SCIM No release notes.4.12.0Bamboo Server 6.9.0 - 8.0.92021-07-26Improved Kerberos help for UPN issues and ability to disable SCIM request auth Features:
- Kerberos: Wizard helps to fix UPN bound to incorrect AD account issues
- SCIM: Ability to turn off SCIM request authentication using bearer tokens
Improvements:
- SCIM is now out of BETA
Bugs:
- Depreciation warning when configuring CDN with Kantega SSO installed
4.11.0Bamboo Server 6.9.0 - 7.2.72021-07-02Support for OIDC login without userinfo endpoint No release notes.4.10.2Bamboo Server 6.9.0 - 7.2.72021-06-18Added support for configuring additional Forced SSO URLs No release notes.4.10.1Bamboo Server 6.9.0 - 7.2.72021-06-04Ability to turn off sending login hint to identity provider No release notes.4.10.0Bamboo Server 6.9.0 - 7.2.72021-05-28New feature to allow API token authentication for specified non-REST URLs No release notes.4.9.1Bamboo Server 6.9.0 - 7.2.72021-05-26Fix for a regression introduced in 4.2.4 Fix:
- Redirect based on user directory is no longer independent of user lookup attribute
4.9.0Bamboo Server 6.9.0 - 7.2.72021-05-12Increased config security level and SCIM updates New features- [SCIM] Added support for filtered sub-attribute targets in PATCH requests
Security
- App configuration access level increased to system administrator to avoid the possibility for ordinary administrators to elevate privileges
4.8.1Bamboo Server 6.9.0 - 7.2.72021-05-03Support tab, debug info, backup improvements, and more New features
- Added support tab with ability to search documentation and quickly contact support
- Added page for debug information about entire app configuration
- Allow username/password login only for specific user groups
Improvements
- Backup of API tokens and Restrict API endpoint settings in "Snapshot of config"
4.7.0Bamboo Server 6.9.0 - 7.2.72021-03-24Restrict REST API, auto-refresh metadata, Azure multi-tenant, default group rule New features
- Restrict rest API endpoints only to use API tokens for Authentication
- [SAML] Schedule automatic metadata refresh
- [OIDC] Support for Azure AD multi-tenant architecture • Disable traditional login based on the user directory
- Assign default groups based on regex rules
Improvements
- Rewritten license warnings to give a better understanding of why the license is not valid
Fixes
- NoSuchElementException in logs when loading the login page
- SCIM does not accept usernames with apostrophes
- Possible NullPointerException during Single Logout
- Moved away from using CLOB values
4.5.1Bamboo Server 6.6.0 - 7.2.72021-03-02Fixes for RML auto-redirect and SAML certificate page Fixes:
- SAML/OIDC: Inconsistent behavior with auto redirect mode using remember-my-login
- SAML: Test page for certificate shows variables instead of actual values
4.5.0Bamboo Server 6.6.0 - 7.2.72021-02-18Login test improvements and SAML security fix New features:
- OIDC: support for "client_secret_post" client authentication method
- Kerberos: toggle to disable Kerberos on JSM/JSD knowledge base
Improvements:
- OIDC: more robust and richer test login flow and more details in debug info
- OIDC/SAML: test result page has better tracking with a unique ID
Fixes:
- SAML: missing sanitization of URL on SAML response page
4.4.9Bamboo Server 6.6.0 - 7.2.72021-02-05Bug fixes and improvements Improvements
- ForceSSO for JEditor
Fixes
- Possible NullPointerException on API Tokens
4.4.8Bamboo Server 6.6.0 - 7.2.72021-01-28Upgraded dependencies with security vulnerabilities No release notes.4.4.7Bamboo Server 6.6.0 - 7.2.72021-01-18Fixes for OIDC Single Logout and API Tokens Fixes
- [OIDC] Single Logout issues with activation, incorrect return URL, and improved error handling
- API Tokens incorrectly logs error on version upgrade
4.4.6Bamboo Server 6.6.0 - 7.2.72020-12-18Improvements to API Tokens and CSRF Improvements:
- Remove use of API_TOKEN prefix
- Added origin validation as part of CSRF check
4.4.3Bamboo Server 6.6.0 - 7.2.72020-11-27SAML metadata updates and dependency updates Features
- SAML: Added support for changing SSL fingerprint during metadata refresh
- SAML: Added support for HTTP (not only HTTPS) in metadata URL
Fixes
- Kerberos: Fixed logging and improved exception handling for AD server DNS lookup
Also, the following third party libraries were updated:
- commons-io 1.4 to 2.4
- commons-fileupload 1.2.1 to 1.4
- guava 19.0 to 30.0-jre
- jetty 9.4.7.v20170914 to 9.4.34.v20201102
- jackson-databind 2.9.8 to 2.9.10.6
- jackson-module-parameter-names 2.9.8 to 2.9.10
- jackson-datatype-jdk8 2.9.8 to 2.9.10
- jackson-datatype-jsr310 2.9.8 to 2.9.10
- jackson-module-jaxb-annotations 2.9.8 to 2.9.10
- opensaml-saml-impl 3.4.2 to 3.4.5
- slf4j-api 1.7.5 to 1.7.30
4.4.2Bamboo Server 6.6.0 - 7.2.72020-11-12Support SAML POST Binding and fixes for Certificates, Header Auth and API Tokens Features
- Support for Identity Providers requiring POST binding of SAML Request
Fixes
- X509 Certificates for SAML does not display correctly
- Header Authentication does not work for REST
- API Tokens does not work if there exists an inactive user in Internal Directory and an active user in Active Directory with the same username
4.4.1Bamboo Server 6.6.0 - 7.1.42020-10-28OIDC id_token validation fix Fixes
- OIDC: aud (Audience) claim in id_token only accepts string value and not array
4.4.0Bamboo Server 6.6.0 - 7.1.42020-10-27Internal OIDC changes and fixes New features
- OIDC: Rewritten library for OIDC
- OIDC: Configure scopes used in OIDC request
- OIDC: Support for domain hint for Azure AD and hosted domain for Google
Improvements
- OIDC: Better feedback when something goes wrong
4.3.3Bamboo Server 6.6.0 - 7.1.42020-10-06API token session cookie and SAML hosted domain fix Fixes
- API token authentication can now receive a request with session cookie without account lockout.
- Hosted Domain is not added to the SAML authentication URL in a two-step login flow.
4.3.2Bamboo Server 6.6.0 - 7.1.42020-09-25API tokens no longer locks out user Fixes
- API Tokens: Valid token requests counted as failed password attempts. Prefix old tokens with API_TOKEN_ to make use of the new functionality.
4.3.1Bamboo Server 6.6.0 - 7.1.42020-09-24Hosted domain and API token fixes New features
- SAML: Hosted domain (hd) support for suggesting domain to the identity provider.
Fixes
- API Tokens: Storage format not compatible with the Atlassian backup mechanism.
- API Tokens: Failed token requests counted as failed password attempts. Prefix old tokens with API_TOKEN_ to make use of the new functionality.
4.3.0Bamboo Server 6.6.0 - 7.1.42020-09-08Enhanced API token restrictions and login hint New features
- API tokens: Ability to restrict requests based on IP addresses, and user permissions can be set based on group memberships.
- Kerberos: Possibility to enable SSO for user avatar URLs.
- SAML: Support for login hint when using 2-step login.
Fixes
- OIDC: Redirect based on user directory does not save selected user directories.
Improvements
- Name change of IP restriction modes to prevent confusion with IP lists.
- Improved SAML test page debug info.
- More robust test login incognito mode detection.
4.2.4Bamboo Server 6.6.0 - 7.1.42020-08-25SAML/OIDC: Improved redirect based on username. Other improvements. New features
- SAML/OIDC: Redirect based on username now respects all configured lookup attributes when using redirect by user directory or redirect by selected groups.
- SAML/OIDC: Possibility to require SAML/OIDC response to contain at least one group to allow Just-in-Time provisioning to create users.
Fixes
- Active Directory test does not support multi-domain.
- Broken Just-in-Time provisioning link on the Group memberships page.
Improvements
- Changed wording from whitelist/blacklist to unblocked list/blacked list.
4.2.2Bamboo Server 6.6.0 - 7.1.42020-08-08Fix: Okta user API changes Okta has changed the attributes and pagination in their user APIs.
If you use the API Connector features to synchronize Okta users and experience that you are only able to sync 200 users but have a larger user base, you are most likely hit by this change and should upgrade to version 4.2.2 of Kantega SSO.
4.2.1Bamboo Server 6.6.0 - 7.1.42020-08-07OIDC/SAML: Group memberships improvements - New feature OIDC/SAML: Group creation and synchronization of all incoming group claims as an alternative to managed groups
- SAML fix: Error on test page when incoming SAML response is incomplete
4.2.0Bamboo Server 6.6.0 - 7.1.42020-07-31Regular expression improvements SAML/OIDC. Other improvements and fixes. - SAML/OIDC improvement: Regular expressions in username transformation will now also try original username if no match is found
- Cloud User Sync performance improvements when adding synced users to local groups
- Internal technical improvements
4.1.13Bamboo Server 6.6.0 - 7.1.42020-06-30Fix regression introduced in 4.1.12 - potential 401 for basic auth REST requests Fix regression introduced in 4.1.12, where basic auth REST requests would give 401 response code when Kerberos is enabled
4.1.12Bamboo Server 6.6.0 - 7.0.62020-06-29Rate limit delay for Okta API Connector and updated guides - Feat: Rate limit delay for Okta API Connector. Avoid creating too many API requests within a short timeframe.
- Improvement: Update Keycloak setup guides
4.1.11Bamboo Server 6.6.0 - 7.0.62020-06-18Editable OIDC integration credential settings - Feat: Ability to edit client id, secret and discovery url for OIDC integrations
- Feat: Customizable text elements on login screen
- Fix: Cross-site scripting vulnerability when using instant redirect to identity provider
4.1.8Bamboo Server 6.6.0 - 7.0.62020-06-15Managed groups and single logout for OIDC and bug fixes - Feat: Support managed groups and single logout for OpenID Connect providers
- Fix: OpenID Connect setup wizard: Better handling of URL in metadata step
- Fix: General Crowd user directory integration improvements
- Allow anonymous access to LDAP servers
- SAML/OIDC Fix regression from 4.1.7 where exisiting SAML/OIDC IdPs did not work
4.1.5Bamboo Server 6.6.0 - 7.0.62020-05-29Fix cloud user sync not working in Bamboo - Fix: Cloud user sync not working in Bamboo
- Fix: AD FS does not allow ~ sign in URL
4.1.4Bamboo Server 6.6.0 - 7.0.62020-05-20Title: Fix multi regex transformations and UI improvements - Feat: Show warning when conflicting redirect rules are configured.
- Fix: First regex transformation was always applied event though multiple regular expression rules are configured.
4.1.3Bamboo Server 6.6.0 - 7.0.62020-05-15Fix: OIDC setup wizard for Keycloak metadata import says 'invalid discovery url' No release notes.4.1.2Bamboo Server 6.6.0 - 7.0.62020-05-08Onboarding wizard not working. OIDC Github integration guide - SAML: Fix test page incorrectly showing managed groups to be removed
- OIDC: Integration with Github working with a better guide
- Onboarding wizard not working in Bamboo
4.1.1Bamboo Server 6.6.0 - 7.0.62020-04-30New switch to enable/disable API tokens and other improvements - API tokens: new switch to enable/disable
- API tokens bugfix: Delete token not working when using PostgreSQL database
- OIDC improvment: User lookup via sub now working
- Cloud user provisioning: Switch to enable/disable sync of security enabled groups from Azure AD
- General improvements and bugfixes
4.1.0Bamboo Server 6.6.0 - 7.0.62020-04-17SCIM and API Tokens - Feature: User synchronization with SCIM - https://kantega-sso.atlassian.net/l/c/UBv0hhC6
- Feature: Authenticate clients with API tokens - https://kantega-sso.atlassian.net/l/c/J01QdQLU
- Fix: Broken links in SAML/OIDC configuration pages
- Fix: Cloud user provisioning allowing &-character in group names
- Fix: Bamboo Git SSH connections failing with PEMException after generating IDP signing certificates in KSSO: https://confluence.atlassian.com/bamkb/bamboo-git-ssh-connections-failing-with-pemexception-968679809.html
4.0.1Bamboo Server 6.6.0 - 7.0.62020-03-27Fix: SAML Single Logout (SLO) does not work without an explicit return URL. - Fix: SAML Single Logout (SLO) does not work without an explicit return URL.
4.0.0Bamboo Server 6.6.0 - 7.0.62020-03-19Support for OpenID Connect (OIDC) Kerberos, SAML and OpenID Connect (OIDC) are the most widely used protocols for single sign-on. Now, Kantega SSO Enterprise supports all three.
OpenID Connect (OIDC) is an authentication protocol and an identity layer built on top of OAuth 2.0. It does everything OAuth does plus authentication. It based on modern communication protocols, such as JSON and REST, and it uses JSON Web Tokens (JWT), called an ID token, to provide authentication information.
Our documentation describes more about the differences between OpenID Connect and SAML.
Users that are familiar with how to configure SAML identity providers in Kantega SSO Enterprise will see that the setup and configuration of OIDC is very similar.
3.7.2Bamboo Server 6.6.0 - 6.10.62020-03-06Fix log warnings and allow SAML test to be run without incognito mode - Fix:Allow SAML test to be run without incognito mode
- Fix: Eliminate log warnings related to Crowd updates / notifications being run on LDAP directories
3.7.1Bamboo Server 6.6.0 - 6.10.62020-02-18Azure AD Cloud user sync hotfix - Fix Batch pagination regression for Cloud User sync with Azure AD, introduced in 3.7.0. Memberships for large groups were not properly retrieved. The bug only affects 3.7.0 with the Azure AD connector.
3.7.0Bamboo Server 6.6.0 - 6.10.62020-02-17Connector enhancements and bug fixes - Cloud User Sync: Performance and robustness enhancements.
- Cloud User Sync configuration change: "Include members of the following groups (discard other groups)" option has been removed. It should be remapped to the new group inclusion filter automatically.
- SAML: Configure custom landing page for Single logout.
- Fix: Cloud User Sync for GSuite now correctly syncs memberships assigned using the user's non-primary e-mail. Previously, affected users would fail to show up the respective groups.
3.6.23Bamboo Server 6.6.0 - 6.10.62020-02-07SAML wizard fix: Name and SSO location step fails with 'Request cannot be null' No release notes.3.6.22Bamboo Server 6.6.0 - 6.10.62020-02-06Cloud User Sync: Support for specific user and group selection using regex - Cloud User Sync: Support for specific group and membership selection added
- Cloud User Sync: Added regular expression support for specific user, group and membership selection
- Cloud User Sync fix: Warning when JSON file has not been uploaded
- Fix SAML/Kerberos: Update memberships on every login not working for Crowd remote directory
3.6.20Bamboo Server 6.6.0 - 6.10.62020-01-22More robust "Disable Traditional login" - More robust disabling of username/password fields when "Disable Traditional login" is turned on.
- Username/password login is now disallowed when "Disable Traditional login" is turned on, even though BasicAuth login is allowed.
3.6.19Bamboo Server 6.6.0 - 6.10.62020-01-17User sync group filtering with wildcard syntax - Feat: Allow wildcard (*) in user sync group filters
- Fix: Various UI improvements
3.6.18Bamboo Server 6.6.0 - 6.10.62019-12-20Minor improvments for both Kerberos and SAML - Kerberos: introduced ?nokerberosSession URL parameter to avoid Kerberos for the whole web session, and ?kerberosSession to again do Kerberos challenge
- SAML: Manual redirect is enabled when creating new Identity Provider
- SAML: Minor changes to setup wizards
3.6.17Bamboo Server 6.6.0 - 6.10.62019-12-06Link to requested page on error pages and show more setup details on test pages - Feat: Show requested url as link on SAML error pages
- Feat: Show more setup details on SAML test result page
- Misc UI improvements.
3.6.16Bamboo Server 6.6.0 - 6.10.62019-11-30Fix: First time login for user in AD with local groups and default group member - Fix: First time login for user in AD with local groups and default group memberships
3.6.15Bamboo Server 6.6.0 - 6.10.62019-11-22SAML username placeholder configurable, user sync: filter on guest users only - SAML: add ability to configure username placeholder text in SAML login form
- Cloud User Synchronization: Add ability to filter on guests users only
3.6.14Bamboo Server 6.6.0 - 6.10.62019-11-13Fix some SAML setups with Just-in-time not working + more fixes and improvements - SAML Fix: Some setups with Just-in-time user provisioning not working in 3.6.12
- SAML Fix: Avoid group sync issues during login when user is found in user directory of type Jira Crowd
- Kerberos: Expose SPN details in ticket client failures page
- Kerberos: Support for enabling logging of client failures to log, details about this: https://docs.kantega.no/display/KantegaSSOEnterprise/Audit+and+Diagnostics+logging
- Kerberos: Better test page feedback when SPN differs in letter casing from keytab to ticket
- Kerberos: Better error handling and reporting on Active Directory test page
3.6.12Bamboo Server 6.6.0 - 6.10.62019-10-30Just-in-time provisioning with support for Atlassian Crowd and bugfixes - Feature: Allow users to be created / updated into crowd user directories when they log in with SAML
- Fix: Just-in-time provisioning must be able to handle setups where no writable user directory exist.
- Fix: Forced SSO Urls does not work with instant redirection mode
- Fix: Exception occurring when Fallback redirect mode is removed
- Fix: Kerberos challenge sent and fails when no user agent information is available. This has caused noise in application logs.
3.6.11Bamboo Server 6.6.0 - 6.10.62019-10-23Fix relevant when Cloud User Directory is ordered high in user directories - Cloud user provisioning: Fix incorrect password notification for a non-sso user when Cloud User Directory was ordered higher and the user was not in this directory
3.6.10Bamboo Server 6.6.0 - 6.10.62019-10-21SAML: Select directory for Just-in-time user provisioning - SAML: Let Just-in-time provisioning write to any writable, internal directory
- Cloud user provisioning: Avoid that password from the Internal directory could be used when the same username was found in Cloud directory and this had higher priority.
- New onboarding flow for SAML & Kerberos.
3.6.7Bamboo Server 6.6.0 - 6.10.62019-10-10SAML: Group based redirect. User provisioning: New user filter - SAML: New group based redirect to IDP rule.
- SAML: Improved GUI for setting up redirect rules page.
- User provisioning: New user filter keeping all group memberships
3.6.6Bamboo Server 6.6.0 - 6.10.62019-09-20HTTP Header authentication Feature: Support for HTTP header authentication. Fix: Expose a human readable error message when just-in-time user creation fails because of missing data attributes.Fix: Catch and handle exceptions when unexpected user data and JSON elements are sent from GSuite.
3.6.5Bamboo Server 6.6.0 - 6.9.22019-09-09Bug fixes and internal changes. - Bugfix: Kerberos test page would in some cases claim an IP was blacklisted when it wasn't.
- Revert change related to user lookup, to once more allow fallback. Needed in envs where users are in an LDAP directory with a baseDN that doesn't match Kerberos REALM.
- Technical/Internal change: Switched to spring-scanner.
3.6.3Bamboo Server 6.6.0 - 6.9.22019-08-30Specific IP filtering rules for Kerberos authenticaion of REST endpoints No release notes.3.6.2Bamboo Server 6.6.0 - 6.9.22019-08-23Default Groups on from LDAP/AD on each login and better AzureAD managed groups - Feature: Default Groups from LDAP/AD on each login (for both SAML & Kerberos)
- Feature: Better AzureAD managed groups support. Recognizing http://schemas.microsoft.com/ws/2008/06/identity/claims/groups as SAML group claims.
- Refactoring: More robust username lookup in LDAP/AD
3.6.1Bamboo Server 6.6.0 - 6.9.22019-08-16Update documentation links We have restructured our documentation pages and all of the setup guides are now given updated and persistent urls
3.6.0Bamboo Server 6.6.0 - 6.9.22019-08-14Activate and update Atlassian users on SAML login and Java 11 compatibility. - Feat: Extend Just-in-time provisioning to also activate and update user records
- Fix: Compatibility with Java 11
3.5.17Bamboo Server 5.10.1.1 - 6.9.22019-08-07AD FS/SAML related fixes and other minor changes - Fixed regression introduced by the 3.5.16 fix for AD FS / destination URLs containing the tilde character.
- Misc internal code changes.
3.5.16Bamboo Server 5.10.1.1 - 6.9.22019-07-26Fix support for ~ (tilde) symbol in return URLs for ADFS SAML and other minors - Fix support for ~ (tilde) symbol in return URLs for ADFS SAML
- Improved GSuite User Provisioning guide
- Cursor focus on username field when manually cancelling SAML login
3.5.15Bamboo Server 5.10.1.1 - 6.9.22019-07-10Ability to configure exclusion for Kerberos on rest paths, added AuditLogging - Feature: Ability to configure exclusion for Kerberos on rest paths
- Feature: Ability to auditlog successful and failed logins using built-in log frameworks.
3.5.14Bamboo Server 5.10.1.1 - 6.9.22019-06-27Fix NoSuchFieldError when setting up SAML IDPs Multiple BouncyCastle dependencies with different versions caused NoSuchFieldError when setting up SAML idps. This version fix these dependency problems.
3.5.13Bamboo Server 5.10.1.1 - 6.9.22019-06-25Fix SAML JIT regression introduced in 3.5.11. - Fixed a regression introduced in 3.5.11. SAML JIT provisioning would ignore the configured SAML username attribute, causing users being created in the Internal Directory with username "Firstname Lastname" on first login.
- Resolved a SAML redirection issue when target destination was Dashboard.jspa.
3.5.12Bamboo Server 5.10.1.1 - 6.9.22019-06-13Bugfix: Users are not redirected to requested target pages after authentication Fixing error related to redirection of users after idp authentication.
3.5.11Bamboo Server 5.10.1.1 - 6.9.22019-06-12Bugfix related to group sync using Delegated LDAPs - Bugfix related to group sync using Delegated LDAPs
- Updated OneLogin SAML integration manual
- Minor UI improvments for JIT provisioning
3.5.10Bamboo Server 5.10.1.1 - 6.9.22019-06-07Require SAML group claims for JIT user creation and allowing BasicAuth requests - Feat: Configuration option to require SAML group claims for Just-in-time user creation.
- Feat: Configurable option for allowing BasicAuth requests to pass when traditional username / password login is disabled
- Fix: Repair failing back-links from test result page
3.5.8Bamboo Server 5.10.1.1 - 6.9.22019-05-24Editable list of user agents. Other improvements. - Feature: Editable list of user agent strings where Kerberos should not trigger
- Improvement: Invalidate old css and javascript resources on new releases
- Improvement: Better usability in navigating menus and links in application
- Improvement: Redesign of SAML redirect modes page
3.5.7Bamboo Server 5.10.1.1 - 6.9.22019-05-10Bugfixes, customizable error text, and user-only cloud provisioning - Feat: Customize text shown to users when SAML authentication fails.
- Feat: Ability to set up cloud user provisioning to only synchronize users (not groups and memberships).
- Update: AzureAD and GSuite setup guidesFix: Kerberos for REST does not work with GoEdit
- Fix: LDAP err 49 in user lookup with AD LDS with non-standard username attribute
- Fix: Nullpointer exception in Active Directory test page
3.5.6Bamboo Server 5.10.1.1 - 6.8.32019-04-05General stability and performance improvments No release notes.3.5.4Bamboo Server 5.10.1.1 - 6.8.32019-03-22Better support for encrypted SAML assertions and other improvments - Fix support for managed groups also for encrypted SAML assertions
- Fix potential error during login on certain configurations
3.5.3Bamboo Server 5.10.1.1 - 6.8.32019-03-15Enforce SSO by disabling traditional username / password login - Feat: Ability to disable traditional username / password login and use SSO as primary authentication.
- Fix: Adding cloud users to local groups fails.
- UI: Improve handling of custom SAML group and user attributes.
3.5.2Bamboo Server 5.10.1.1 - 6.8.32019-03-08Regex username tranformations - Feat: Allow usernames from SAML response to be transformed with regex before lookup
- Ref: Refactor user directory, username attribute selection and transformation configuration pages
3.5.1Bamboo Server 5.10.1.1 - 6.8.32019-03-04Fix: Error combining username transformations and group filtering together The cloud user provisioning feature for username transformations (introduced in v.3.5.0) failed when applied together with group filters.
3.5.0Bamboo Server 5.10.1.1 - 6.8.32019-03-01SAML Single Logout (SLO) & cloud user provisioning with username transformation - Feat: Support for SAML Single Logout (SLO).
- Feat: Username transformation for Cloud user provisioning: Ability to strip off domain part from username attribute.
3.4.23Bamboo Server 5.10.1.1 - 6.8.32019-02-22Improved LDAP user lookup performance - Improved LDAP user lookup performance by obeying User Directory flag for "Update group memberships when logging in"
3.4.21Bamboo Server 5.10.1.1 - 6.8.32019-02-15Fix missing login links, and avoid SSO redirects to login page - Fix: Update Azure AD user provisioning guide with Directory.read.all as necessary permission
- Fix: Missing login links in Jira Service Desk
- Fix: Avoid SSO redirects to Jira login pages
3.4.19Bamboo Server 5.10.1.1 - 6.8.32019-02-08Configurable auto redirect for relogins and repair Azure AD user extraction - Feat: Configurable auto redirect for relogins
- Fix: Correct user extractions from Azure AD. Replair error introduced in v. 3.4.18.
3.4.18Bamboo Server 5.10.1.1 - 6.8.32019-02-01Filtering support in cloud user provisioning - Feat: Cloud user provisioning with custom group and user type filters.
- Fix: Improved kerberos for git support
- Fix: Double URL prefixing when opening attachments
3.4.17Bamboo Server 5.10.1.1 - 6.7.32019-01-24Multidomain GSuite support, UI and automatic redirection fixes - Feat: Google GSuite user provisioning connector can fetch users in several domains
- Fix: Dashboard freezing in Bamboo
- Fix: Disable automatic redirection when matching known domains
- Fix: Groups not extracted correctly from Azure AD user provisioning connector
3.4.12Bamboo Server 5.10.1.1 - 6.7.32018-11-23Fix Kerberos not working when global anonymous access was disabled No release notes.3.4.9Bamboo Server 5.10.1.1 - 6.7.32018-11-08SAML: Added employeeID attribute for LDAP lookup No release notes.3.4.7Bamboo Server 5.10.1.1 - 6.7.32018-11-01Minor regression fix Kerberos IP whitelist Fix Kerberos IP whitelist regression introduced in version 3.4.6
3.4.5Bamboo Server 5.10.1.1 - 6.7.32018-10-08Kerberos: Added support for space in group names in feature 'anonymous access' No release notes.