• Added a security patch for environments which do not allow cookies to be read via JavaScript
• Minor UI fix.

• Added a security patch for environments which do not allow cookies to be read via JavaScript
• Minor UI fix.

Improvements

• Exciting News! In the latest release for our Confluence SAML app, we're delighted to announce that you can now get the SCIM (System for Cross-domain Identity Management) app for free! Enhance your identity management capabilities seamlessly with SCIM integration. Download today to enjoy the latest features and unlock the power of SCIM at no additional cost! Visit the "User Sync" Tab in the plugin settings for more information.

New Features

• You now have an option to login users using any custom attribute you might have in your IDP, instead of just the username or email attributes.
• Option to convert group names to lowercase in the On The Fly group mapping feature.

Bug Fix

• Fixed an issue where random HTML content was getting added to the exported plugin configuration.

Improvements

• Exciting News! In the latest release for our Confluence SAML app, we're delighted to announce that you can now get the SCIM (System for Cross-domain Identity Management) app for free! Enhance your identity management capabilities seamlessly with SCIM integration. Download today to enjoy the latest features and unlock the power of SCIM at no additional cost! Visit the "User Sync" Tab in the plugin settings for more information.

New Features

• You now have an option to login users using any custom attribute you might have in your IDP, instead of just the username or email attributes.
• Option to convert group names to lowercase in the On The Fly group mapping feature.

Bug Fix

• Fixed an issue where random HTML content was getting added to the exported plugin configuration.

• Account section introduced to view plugin license details
• Email service for license expiry
• Improvements in the licensing module

• Account section introduced to view plugin license details
• Email service for license expiry
• Improvements in the licensing module

New Feature

• Added an option which allows admins to disable local login for the Admin Authentication page.

Bug Fixes

• Added a fix for faulty redirection after initiating logout from Confluence.
• Added a fix for issue faced while trying to perform IDP initiated single logout.
• Added a fix for issue with group name parsing if the group name contains a comma.
• Added a few minor fixes for the Session Timeout Warning feature

New Feature

• Added an option which allows admins to disable local login for the Admin Authentication page.

Bug Fixes

• Added a fix for faulty redirection after initiating logout from Confluence.
• Added a fix for issue faced while trying to perform IDP initiated single logout.
• Added a fix for issue with group name parsing if the group name contains a comma.
• Added a few minor fixes for the Session Timeout Warning feature

• Made plugin compatible with miniOrange Usersync|SCIM app

• Made plugin compatible with miniOrange Usersync|SCIM app

The app's default certificate (SP certificate) will expire on July 15, 2023. You can find steps to replace it with a new certificate in the Certificates tab. You can check the steps in the link below too.

https://faq.miniorange.com/knowledgebase/update-saml-certificate-miniorange-plugin/

The app's default certificate (SP certificate) will expire on July 15, 2023. You can find steps to replace it with a new certificate in the Certificates tab. You can check the steps in the link below too.

https://faq.miniorange.com/knowledgebase/update-saml-certificate-miniorange-plugin/

• Added some certificate compatibility fixes for Java version 11
• Fix for redirection issue faced after logout

• Added some certificate compatibility fixes for Java version 11
• Fix for redirection issue faced after logout

• Added a fix for logout based redirection.

• Added a fix for logout based redirection.

Bugfix for redirection rule configuration not showing all IDPs

Bugfix for redirection rule configuration not showing all IDPs

We've added a few UI Improvements to the user and group provisioning sections.

We've added a few UI Improvements to the user and group provisioning sections.

Made the plugin compatible with Confluence v8

Made the plugin compatible with Confluence v8

• Added support for comma separated groups received in response from the IDP

• Added support for comma separated groups received in response from the IDP

• Performance improvement
• Pagination to speed up the slow loading of the Audit page
• Improved UI for Audit logs

• Performance improvement
• Pagination to speed up the slow loading of the Audit page
• Improved UI for Audit logs

Added a fix for Null Pointer Exception being thrown when multiple group attributes are configured in the plugin.

Added a fix for Null Pointer Exception being thrown when multiple group attributes are configured in the plugin.

Improvement in plugin's Auditing module which was causing performance issues in large instances. If you are experiencing performance issues while using SSO, kindly manually clear the existing audit logs. You will find this option in the "Plugin configuration --> Audit Logs" menu.

Improvement in plugin's Auditing module which was causing performance issues in large instances. If you are experiencing performance issues while using SSO, kindly manually clear the existing audit logs. You will find this option in the "Plugin configuration --> Audit Logs" menu.

Improvements

• Added support to configure multiple group attributes from which groups might be received from the IDP
• Added support for User Profile attributes mapping with Header Based authentication.
• Made some improvements to the flow of the No SSO URLs feature.

Bugfixes

• Added a fix for an issue where the Directory in which new users are created wasn't getting set properly.
• Added a fix for an issue with configuring the plugin via REST API where an empty request body was still getting accepted by the plugin.

Improvements

• Added support to configure multiple group attributes from which groups might be received from the IDP
• Added support for User Profile attributes mapping with Header Based authentication.
• Made some improvements to the flow of the No SSO URLs feature.

Bugfixes

• Added a fix for an issue where the Directory in which new users are created wasn't getting set properly.
• Added a fix for an issue with configuring the plugin via REST API where an empty request body was still getting accepted by the plugin.

Updated 3rd party libraries to fix vulnerabilities pointed out in them.

Updated 3rd party libraries to fix vulnerabilities pointed out in them.

New Features

• Added user provisioning for Header Based Authentication
• Added improvements to the Troubleshooting and Auditing framework
• Added feature to configure IDP specific SP Entity ID.

Improvement

• Updated the support contact information.

New Features

• Added user provisioning for Header Based Authentication
• Added improvements to the Troubleshooting and Auditing framework
• Added feature to configure IDP specific SP Entity ID.

Improvement

• Updated the support contact information.

New Features:

• Audit logs
• Added an option to disable login using local Confluence credentials
• Added option to configure additional Response endpoint for SAML Single Logout
• Added dedicated setup video for each configuration

Bugfix:

• Bugfix for an issue with editing redirection rule configuration
• Bugfix for an issue with auto-updating metadata from configured URL

New Features:

• Audit logs
• Added an option to disable login using local Confluence credentials
• Added option to configure additional Response endpoint for SAML Single Logout
• Added dedicated setup video for each configuration

Bugfix:

• Bugfix for an issue with editing redirection rule configuration
• Bugfix for an issue with auto-updating metadata from configured URL

New Feature

• Added an option to assign Default Groups only if No IDP groups are received.

New Feature

• Assign Default Group only if No IDP groups are received.

New features

• Option to perform passive SSO into Confluence
• Option to choose which directories new users get created in.
• Option to remember the last IDP used to login.
• Now custom attributes can be added to the plugin's metadata.
• SSO can now be enabled or disabled via a REST API call.

Bugfixes / Improvements

• Improvement in the implementation of the Guest user login.
• Bugfix for issue with metadata URL when Anonymous Access is enabled.

New features

• Option to perform passive SSO into Confluence
• Option to choose which directories new users get created in.
• Option to remember the last IDP used to login.
• Now custom attributes can be added to the plugin's metadata.
• SSO can now be enabled or disabled via a REST API call.

Bugfixes / Improvements

• Improvement in the implementation of the Guest user login.
• Bugfix for issue with metadata URL when Anonymous Access is enabled.

Bugfix for SSO redirection not working for anonymous pages when the browser's JS is disabled

Bugfix for SSO redirection not working for anonymous pages when the browser's JS is disabled

New Features:

• Added option to skip SSO if the request comes from a specific device (User-Agent)
• A regular expression can be used to exclude group(s) from the Just-In-Time group provisioning setup
• The public certificate will be sent in the signed HTTP Post SAML Authentication Request

Bugfix:

• Bugfix for metadata rollover functionality of the plugin

New Features:

• Added option to skip SSO if the request comes from a specific device (User-Agent)
• A regular expression can be used to exclude group(s) from the Just-In-Time group provisioning setup
• The public certificate will be sent in the signed HTTP Post SAML Authentication Request

Bugfix:

• Bugfix for metadata rollover functionality of the plugin

New Feature:

• Force Authentication - force re-authentication of users even if the user has an SSO session at the IDP
• Additional parameter to define SSO Redirection rule for users i.e. "contains"

Bug Fix

• Bugfix for Group mapping issue with Keycloak roles

New Feature:

• Force Authentication - force re-authentication of users even if the user has an SSO session at the IDP
• Additional parameter to define SSO Redirection rule for users i.e. "contains"

Bug Fix:

• Bugfix for Group mapping issue with Keycloak role

Added a fix for a URL encoding error

Added a fix for URL encoding error.

• Added a fix for NPE in IDP initiated SSO flow

• Added a fix for NPE in IDP initiated SSO flow

• Added option to configure No SSO URL(s): SSO redirection to IDP for specific URLs used for integration with other applications will be disabled
• Bugfix for SSO redirection not working if JS is disabled in the browser
• Added option to configure multiple IDP Signing Certificate

• Added option to configure No SSO URL(s): SSO redirection to IDP for specific URLs used for integration with other applications will be disabled
• Bugfix for SSO redirection not working if JS is disabled in the browser
• Added option to configure multiple IDP Signing Certificate

UI Improvements:

• Added IDP Id to the overview page which helps in adding the IDP to custom login page and test the IDP before adding it to login page
• Fixed the buttons whose text would disappear on hover

Bug Fixes:

• Fixed the session timeout after test configuration while adding a new IDP

Improvements:

• Enhanced security of the internal APIs used by the app

UI Improvements:

• Added IDP Id to the overview page which helps in adding the IDP to custom login page and test the IDP before adding it to login page
• Fixed the buttons whose text would disappear on hover

Bug Fixes:

• Fixed the session timeout after test configuration while adding a new IDP

Improvements:

• Enhanced security of the internal APIs used by the app

We have done very significant frontend changes in this version, which we're sure you will appreciate once you upgrade the app.

As a part of UI rework, some settings are moved to new sections. This means the structure of the plugin backup file has changed too.

We've created a handbook which provides reference for all the settings available in the app.

Before You Upgrade:

• Refer to this guide to know which settings are moved where.
• Download the plugin configurations backup file from Backup and Restore Menu

After You Upgrade:

• Test it on your staging environment.
• If you're using plugin configurations backup file in any script, download the new plugin backup file from Backup and Restore menu.

Changelog

• Reworked User Interface with Quick IDP Setup Wizard [Reference]
• Added Redirection Rules option where you can configure multiple rules for IDP selection for different types of users.[Reference]
• Added a Plugin Tour to assist you in configuring the app

Please read the full release notes here

We have done very significant frontend changes in this version, which we're sure you will appreciate once you upgrade the app.

As a part of UI rework, some settings are moved to new sections. This means the structure of the plugin backup file has changed too.

We've created a handbook which provides reference for all the settings available in the app.

Before You Upgrade:

• Refer to this guide to know which settings are moved where.
• Download the plugin configurations backup file from Backup and Restore Menu

After You Upgrade:

• Test it on your staging environment.
• If you're using plugin configurations backup file in any script, download the new plugin backup file from Backup and Restore menu.

Changelog

• Reworked User Interface with Quick IDP Setup Wizard [Reference]
• Added Redirection Rules option where you can configure multiple rules for IDP selection for different types of users.[Reference]
• Added a Plugin Tour to assist you in configuring the app

Please read the full release notes here

Bugfix for the false warning message for certificate expiration

Bugfix for the false warning message for certificate expiration

New Feature:

• Guest login - Allows non-existing users to access confluence pages as a guest user

Certificate Update:

The app's default certificate will expire on October 28, 2020. You can find steps to replace it with a new certificate in the Certificates tab. You can check the steps in the link below too.

https://faq.miniorange.com/knowledgebase/can-update-default-x-509-certificate-miniorange-plugin/

We have also introduced the ability to generate & configure a new X.509 certificate in the app.

Bug Fix:

• Fixed XXE vulnerability found in metadata API.

New Feature:

• Guest login - Allows non-existing users to access confluence pages as a guest user

Certificate Update:

The app's default certificate will expire on October 28, 2020. You can find steps to replace it with a new certificate in the Certificates tab. You can check the steps in the link below too.

https://faq.miniorange.com/knowledgebase/can-update-default-x-509-certificate-miniorange-plugin/

We have also introduced the ability to generate & configure a new X.509 certificate in the app.

Bug Fix:

• Fixed XXE vulnerability found in metadata API.

Added an option to toggle Replayed assertion check

Added an option to toggle Replayed assertion check

Added a configurable option to restrict access to plugin APIs from outside the confluence instance.

Added a configurable option to restrict access to plugin APIs from outside the confluence instance.

New Features

• Header based authentication:- If Confluence runs behind a reverse proxy or a custom application that performs authentication, then this feature helps users to log in to confluence using this application. The application sends username or a user identifier which can be detected by Confluence for login. Please use this only in an on-premise protected environment and it is not recommended SSO method.
• Added option to restrict the user to change the application's password
• Added option to auto-activate user on SSO

Bug Fix

• Bug fix for not removing user from mapped groups if the user is removed from all the groups in IDP.

New Features:

• Header based authentication:- If Confluence runs behind a reverse proxy or a custom application that performs authentication, then this feature helps users to log in to confluence using this application. The application sends username or a user identifier which can be detected by Confluence for login. Please use this only in an on-premise protected environment and it is not recommended SSO method.
• Added option to restrict the user to change the application's password
• Added option to auto-activate user on SSO

Bug Fix

• Bug fix for not removing user from mapped groups if the user is removed from all the groups in IDP.

Security Fixes

• Fixed SAML XSS vulnerability
• Fixed relay state redirection to outside domains

New Features

• Added an option to send parameter in SAML request which decides authentication type on IDP.
• Added an option to download the metadata file.

Other Fixes

• Fixed space permission issue for end-users
• The websudo session of the user will only be created when he try to access the Admin console

Security Fixes

• Fixed SAML XSS vulnerability
• Fixed relay state redirection to outside domains

New Features

• Added an option to send parameter in SAML request which decides authentication type on IDP.
• Added an option to download the metadata file.

Other Fixes

• Fixed space permission issue for end-users
• The websudo session of the user will only be created when he try to access the Admin console

Features:

• Added support for Uploading/Downloading plugin configuration via REST APIs calls
• Added an option to customize Service Provider Metadata
• Enable emergency login using REST API calls
• Added Feedback form

Bug fixes:

• Fixed NullPointerException occurring on Configure IdP tab
• Fixed a context path issue for Login and Logout templates
• Resolved redirection issue for query parameters getting lost on the login
• Fixed import file configuration issue

UI Changes:

• Changed tab name from Download App Configuration -> Backup/Restore Configurations
• Formatted Error Message Template

Features:

• Added support for Uploading/Downloading plugin configuration via REST APIs calls
• Added an option to customize Service Provider Metadata
• Enable emergency login using REST API calls
• Added Feedback form

Bug fixes:

• Fixed NullPointerException occurring on Configure IdP tab
• Fixed a context path issue for Login and Logout templates
• Resolved redirection issue for query parameters getting lost on the login
• Fixed import file configuration issue

UI Changes:

• Changed tab name from Download App Configuration -> Backup/Restore Configurations
• Formatted Error Message Template

• Compatibility update for Confluence v7.0.1
• Bug Fixes: Fixed issue of relay state when initiating SSO from Confluence menu’s login button in Custom Logout template
• Bug Fixes: Fixed issue where new users were not added to default groups when On-The-Fly group mapping is set

• Compatibility update for Confluence v7.0.1
• Bug Fixes: Fixed issue of relay state when initiating SSO from Confluence menu’s login button in Custom Logout template
• Bug Fixes: Fixed issue where new users were not added to default groups when On-The-Fly group mapping is set

• Handled group update failure during SSO for Read/Write directory users.
• Added support for custom attribute mapping for Read only with local groups directory users.

• Handled group update failure during SSO for Read/Write directory users.
• Added support for custom attribute mapping for Read only with local groups directory users.

Made Compatible with Confluence Data Center

Made Compatible with Confluence Data Center

• Enhancements in the User Groups tab:
  • Removed Search Filter. The local groups will be loaded dynamically in Default groups and Group mapping section as you start typing the name
  • Users will only be added or removed from the mapped groups and groups added as default groups depending on the options selected in the app.
  • Separate sections for Manual group mapping and On-the-fly group mapping configurations.
  • Added a User Directory Information tab which explains the behavior of SSO when external user directories are configured and recommends app configurations for different user directory permissions.
• New Feature in On-The-Fly Group Mapping:
  • Keep groups of existing users - New groups will be assigned but existing groups of the user will not be affected

Fixed Null Pointer Exception in IdP initiated SSO flow.

• Custom Login Template
• Added option to restrict default group assignment
• Removed Flow Driven setup
• Fixed Null Pointer exception while sending an unsigned request.
• UI changes in User Group Tab
• Updated tab name Download Plugin Settings => Download App Settings

Bug fix for group mapping if external user directory has "Read Only, with Local Groups" LDAP Permissions

• Added IDP guides for AuthAnvil, Auth0, RSA, Ping One, and CA Identity
• Updated all the IDP guides
• Performance improvement in SSO Flow
• UI improvements in Flow Driven Setup
• Updated tab name from SP Info to Service Provider Info
• Fixed On-the-Fly group mapping issue.
• Fixed infinite-redirect loop on failed SSO if auto-redirect is enabled

• Fixed JavaScript error on logout

Note: If you experienced failed SSO attempts even with Test working, this release should fix the Single Sign-On issue for you.

• Advanced user profile mapping
• Group Mapping search filter for a large number of groups
• Minor UI changes in domain mapping and flow driven setup
• Bug fix for Single Sign-On not working due to the read-only user directory
• Bug fix for Single Sign-On not working due to opensaml library version conflict

• On the fly group mapping - Added option to create and map user IDP groups to local groups during user SSO
• Update login history (last successful login time, successful login count, last failed login time, failed login count) during SSO
• Bug fixes in UI handling for Group Mapping
• Fixed null pointer issue faced by some users in Test Configuration

We have made significant changes to the plugin framework. Even though the changes have been extensively tested we suggest you make sure to test the plugin in your own environment after the upgrade

• Support for SSO through Multiple IDPs
• Email-Address Domain to IDP mapping for IDP selection

Option to assign default groups to existing users.

• Bug fix in group mapping for users who belong to AD directories connected over LDAPS
• Bug fix for Auto Redirect in Confluence-6.6.x
• UI changes in the Auto Redirect configuration
• Redirection bug fix for Firefox-61.0.1

• UI changes for Sign In Settings tab and Configure IDP tab
• Support to request a particular Name ID format from an IDP if the IDP supports it.
• Refresh Metadata Fix: IDP configurations won't be reverted after IDP metadata is refreshed.
• Secure cookies: Made all the cookies created by plugin secure and http-only
• XML Canonicalization SAML Vulnerability fix - Details about this vulnerability are available on this link

Features Added

• Enabled SSO into Confluence by matching email in addition to username (for Google and other IDPs)
• IDP specific metadata options and instructions for Okta, AD FS, Azure AD, Onelogin and G Suite.
• Update user groups only for groups against which value is filled
• Disable user creation
• Downloadable plugin configurations which can be transferred from test to production using Import/Export feature and can be sent to support
• Added a troubleshooting tab which has information about how to download logs for the plugin, plugin configuration, SAML Request and SAML Response.
• Changes in tab names:
  • Configure IDP -> SP Info
  • Configure SP -> Configure IDP
  • Attribute Mapping -> User Profile
  • Group Mapping -> User Groups

Bug fix:- Blank page on logout if redirect to IdP is enabled.

Bug fix:- Added support for special characters in SAML Response.

Bug fix:- Query string parameter lost in RelayState URL

• Added JIRA Service Desk support widget
• Session timeout warning and steps to extend it.

Please consider refreshing browser cache once the plugin is updated.

• Fixed redirect loop while logging into Confluence on mobile
• Removed support plans tab. You can now contact us and get support for FREE.
• Added support for IDP certificate rollover (refresh metadata after intervals)
• Added feature to set username as per another attribute using regular expression
• Added custom logout redirect URL
• Added custom logout page template
• Added custom error page template
• Added option to accept SAMLResponse despite time mismatch
• Added option to introduce delay in auto-redirect
• Added option to redirect user to IdP or Confluence login page after logout
• Enhanced default groups option to accept multiple values
• Bug fix for supporting encryption with Okta
• Fixed group mapping issues for OneLogin in case user belongs to multiple groups

• Logout now stops at Confluence if auto-redirect is on
• Padding UI fix
• Spacing fix for buttons with long text

• Added option to set custom SP certificate
• Added option to upload IDP metadata
• Added option to set relay state
• Manage admin session redirects and login separately
• Added option to set session timeout
• Added option to enable remember me for users
• Added Shibboleth IDP guides
• UI change for menu

• Changing compatible version

• Removed login and registration through miniOrange
• Added option to sign/ unsign request for single sign on
• Added option to disable update of attributes on single sign on
• Licensing check fix

• Improved license check.

• Trial Period for Premium plugin
• Converting plugin to Paid-via-Atlassian
• Added feature to view SAML Request and Response for debugging
• Better troubleshooting using Test Configuration
• Change in pricing
• Added backdoor URL for administrators

• Added support for Data Center

- Pricing update

- Added downloadable guides for a number of known Identity Providers.

- Added the capability to view and copy the SAML Request and Response to the clipboard for debugging purpose.

• Fix for server breakdown when SSL is installed.
• Some minor UI fixes.