Backport from 6.20 to patch faulty URL parameter sanitization allows HTML injection into the SAML login page.
Full release notes: https://kantega-sso.atlassian.net/wiki/spaces/KSE/pages/1225883649/Kantega+SSO+Enterprise+6.20.x+release+notes
Backport from 6.20 to patch faulty URL parameter sanitization allows HTML injection into the SAML login page.
Full release notes: https://kantega-sso.atlassian.net/wiki/spaces/KSE/pages/1225883649/Kantega+SSO+Enterprise+6.20.x+release+notes
Consolidated logging by replacing all remaining direct references to the provided dependency of Log4j 1.2.17 with the facade Slf4j. Older versions of Kantega SSO are not affected by CVE-2021-44228, but this release mitigates risk of other vulnerabilities. Read more about the log4j vulnerability here: https://kantega-sso.atlassian.net/wiki/spaces/KSE/pages/932118634/About+the+Log4j+vulnerability+CVE-2021-44228
Fix performance issue with unnecessary database queries to AO_xx_RESTRICT_APIENDPOINT on REST API filter
Bugs
Improvements
Bugs
Features:
Improvements:
Bugs:
Features:
Improvements:
Bugs:
Fix:
New features
Security
New features
Improvements
New features
Improvements
Fixes
Fixes:
New features:
Improvements:
Fixes:
Improvements
Fixes
Fixes
Improvements:
Features
Fixes
Also, the following third party libraries were updated:
Features
Fixes
Fixes
New features
Improvements
Fixes
Fixes
New features
Fixes
New features
Fixes
Improvements
New features
Fixes
Improvements
Okta has changed the attributes and pagination in their user APIs.
If you use the API Connector features to synchronize Okta users and experience that you are only able to sync 200 users but have a larger user base, you are most likely hit by this change and should upgrade to version 4.2.2 of Kantega SSO.
Fix regression introduced in 4.1.12, where basic auth REST requests would give 401 response code when Kerberos is enabled
- Fix Batch pagination regression for Cloud User sync with Azure AD, introduced in 3.7.0. Memberships for large groups were not properly retrieved. The bug only affects 3.7.0 with the Azure AD connector.
We have restructured our documentation pages and all of the setup guide links are now given news and persistent urls
Multiple BouncyCastle dependencies with different versions caused NoSuchFieldError when setting up SAML idps. This version fix these dependency problems.
The cloud user provisioning feature for username transformations (introduced in v.3.5.0) failed when applied together with group filters.
Fix Kerberos IP whitelist regression introduced in version 3.4.6
Fixed: GSuite user synchronization pagination fault.
Fixed: Proper handling when authenticating inactive JIRA-users (with both SAML and Kerberos).
Fixed: Report key version number correctly in Active Directory server test UI.
Fixed: Support for following referrals in multi AD-domains when using other user principal than sAMAccountName.
This release introduces the "Config Snapshots" feature. Admins can use this to create snapshots (zip files) containing the plugin's current configuration.
This is especially useful during testing and for maintaining SSO configurations when syncing between environments.
Update information about remote users when logging in
Gracefully handle other add-ons producing os_destination values with missing leading forward slash characters.
Connectors: User directories are now created with user attribute update permissions.
New feature "Cloud connectors" allows syncing of users with groups and memberships from Azure, Google G-Suite and Okta.
See https://connectors.kantega.no for an introduction to the Cloud Connectors feature.
SAML:
Kerberos:
SAML:
The "do not show the login page" redirect mode now allows manual login following a logout.
Kerberos:
Users can now be redirected based on what user directory they exist in.
Fixed an issue where the add-on failed to create or update when a delegated LDAP user directory was configured to use SSL.