Improvements:
- Remove use of API_TOKEN prefix
- Added origin validation as part of CSRF check
Improvements:
Features
Fixes
Also, the following third party libraries were updated:
Features
Fixes
Fixes
New features
Improvements
Fixes
Fixes
New features
Fixes
New features
Fixes
Improvements
New features
Fixes
Improvements
Okta has changed the attributes and pagination in their user APIs.
If you use the API Connector features to synchronize Okta users and experience that you are only able to sync 200 users but have a larger user base, you are most likely hit by this change and should upgrade to version 4.2.2 of Kantega SSO.
Fix regression introduced in 4.1.12, where basic auth REST requests would give 401 response code when Kerberos is enabled
- Fix Batch pagination regression for Cloud User sync with Azure AD, introduced in 3.7.0. Memberships for large groups were not properly retrieved. The bug only affects 3.7.0 with the Azure AD connector.
We have restructured our documentation pages and all of the setup guide links are now given news and persistent urls
Multiple BouncyCastle dependencies with different versions caused NoSuchFieldError when setting up SAML idps. This version fix these dependency problems.
The cloud user provisioning feature for username transformations (introduced in v.3.5.0) failed when applied together with group filters.
Fix Kerberos IP whitelist regression introduced in version 3.4.6
Fixed: GSuite user synchronization pagination fault.
Fixed: Proper handling when authenticating inactive JIRA-users (with both SAML and Kerberos).
Fixed: Report key version number correctly in Active Directory server test UI.
Fixed: Support for following referrals in multi AD-domains when using other user principal than sAMAccountName.
This release introduces the "Config Snapshots" feature. Admins can use this to create snapshots (zip files) containing the plugin's current configuration.
This is especially useful during testing and for maintaining SSO configurations when syncing between environments.
Update information about remote users when logging in
Gracefully handle other add-ons producing os_destination values with missing leading forward slash characters.
Connectors: User directories are now created with user attribute update permissions.
New feature "Cloud connectors" allows syncing of users with groups and memberships from Azure, Google G-Suite and Okta.
See https://connectors.kantega.no for an introduction to the Cloud Connectors feature.
SAML:
Kerberos:
SAML:
The "do not show the login page" redirect mode now allows manual login following a logout.
Kerberos:
Users can now be redirected based on what user directory they exist in.
Fixed an issue where the add-on failed to create or update when a delegated LDAP user directory was configured to use SSL.
Allow saving a SAML identity provider as a draft which can then be resumed at a later point.
A regression caused SAML login to be disabled in the UI when logging in following a manual log out.
Matching the SAML attribute cn as an alias for Name / DisplayName.