New Features:-

• Added option to test and apply regex on IDP Groups before on-the-fly group mapping.
• Added option to hide domain-mapping form when at least one redirection rule is set.

Minor Bug Fixes:-

• Fixed 500 error thrown while saving the Sign-In Settings configurations.
• Fixed broken link to the Redirection Rules page from Sign-In Settings tab.
• Improved backend validation for the Auto Redirect Delay option and set a proper default value.
• Fixed UI issue where copy message was not shown after copying the Backdoor URL.
• Fixed the issue where the plugin was redirecting to the dashboard after SSO if the return_to URL contains "/logout".
• Fixed broken link for the miniOrange forum.

New Features:-

• Added option to test and apply regex on IDP Groups before on-the-fly group mapping.
• Added option to hide domain-mapping form when at least one redirection rule is set.

Minor Bug Fixes:-

• Fixed 500 error thrown while saving the Sign-In Settings configurations.
• Fixed broken link to the Redirection Rules page from Sign-In Settings tab.
• Improved backend validation for the Auto Redirect Delay option and set a proper default value.
• Fixed UI issue where copy message was not shown after copying the Backdoor URL.
• Fixed the issue where the plugin was redirecting to the dashboard after SSO if the return_to URL contains "/logout".
• Fixed broken link for the miniOrange forum.

• Bug fix for failed SSO for a few users after updating the add-on to the latest version
• Bug fix for the branch name is getting trimmed while creating a branch directly from connected Jira ticket

• Bug fix for failed SSO for a few users after updating the add-on to the latest version
• Bug fix for the branch name is getting trimmed while creating a branch directly from connected Jira ticket

New Features

• Option to show/hide default login form along with SSO Login button.
• Option to create new users in a specific user directory using SSO.

Bugfixes

• Fixed: Auto-redirection bugs for single IDP.
• Fixed: Sanitisation function.
• Fixed: In Git Authentication, Skip Authentication feature fails to identify the user groups.

UI Improvement

• UI improvement for Group mapping section.

New Features

• Option to show/hide default login form along with SSO Login button.
• Option to create new users in a specific user directory using SSO.

Bugfixes

• Fixed: Auto-redirection bugs for single IDP.
• Fixed: Sanitization function.
• Fixed: In Git Authentication, Skip Authentication feature fails to identify the user groups.

UI Improvement

• UI improvement for Group mapping section.

Updated support contact information.

Updated support contact information.

New Features:

• Restrict Local Authentication: Disable login using local Bitbucket credentials and enforce users to perform SSO
• SLO Response Location: Added option to configure additional response endpoint for SAML Single Logout(SLO)
• Added option to skip git authentication for local groups
• Added option to enable/disable git authentication for OKTA users with multi-factor authentication (MFA) enabled
• Updated Authentication library for Azure as ADAL4J is deprecated

Note:- If you're using Azure AD, you will need to configure Tenant ID as an additional configuration attribute. To obtain the Tenant ID, please contact your Azure AD administrator.

New Features:

• Restrict Local Authentication: Disable login using local Bitbucket credentials and enforce users to perform SSO
• SLO Response Location: Added option to configure additional response endpoint for SAML Single Logout(SLO)
• Added option to skip git authentication for local groups
• Added option to enable/disable git authentication for OKTA users with multi-factor authentication (MFA) enabled
• Updated Authentication library for Azure as ADAL4J is deprecated

Note:- If you're using Azure AD, you will need to configure Tenant ID as an additional configuration attribute. To obtain the Tenant ID, please contact your Azure AD administrator.

Bugfix for SSO redirection from the repository settings page, if repository name starts with "login"

Bugfix for SSO redirection from the repository settings page, if repository name starts with "login"

New Features

• Force SSO Authentication- Added support to force user to authenticate even if the user has an active SSO session on the IDP side
• Passive SSO - Added a feature to allow SSO only if IDP sessions already exist
• Support to bypass SSO for configured URLs for eg. integration URLs
• Multiple IDP signing CertificatesProvision to apply group regex for Just In Time (JIT) provisioning
• Additional parameter to define SSO Redirection rule for users, i.e. "contains"

Bugfix

• Fixes for SSO redirection not working if JS is disabled in the browser
• Fixes for fetching multiple groups from Keycloak Identity Provider

New Features

• Force SSO Authentication- Added support to force users to authenticate even if the user has an active SSO session on the IDP side
• Passive SSO - Added a feature to allow SSO only if IDP sessions already exist
• Support to bypass SSO for configured URLs for eg. integration URLs
• Multiple IDP signing CertificatesProvision to apply group regex for Just In Time (JIT) provisioning
• Additional parameter to define SSO Redirection rule for users, i.e. "contains"

Bugfix

• Fixes for SSO redirection not working if JS is disabled in the browser
• Fixes for fetching multiple groups from Keycloak Identity Provider

• Bugfix for Git Authentication flow with OKTA
• UI fix for plugin's main menu alignment

• Bugfix for Git Authentication flow with OKTA
• UI fix for plugin's main menu alignment

Fixed Test Configuration functionality which was not working after plugin upgrade

Fixed Test Configuration functionality which was not working after plugin upgrade

We have done very significant frontend changes in version 2.0.0, which we're sure you will appreciate once you upgrade the app.

As a part of UI rework, some settings are moved to new sections. This means the structure of the plugin backup file has changed too.

We've created a handbook which provides reference for all the settings available in the app.

Before You Upgrade:

• Refer to this guide to know which settings are moved where.
• Download the plugin configurations backup file from Backup and Restore Menu

After You Upgrade:

• Test it on your staging environment.
• If you're using plugin configurations backup file in any script, download the new plugin backup file from Backup and Restore menu.

Changelog

• Reworked User Interface with Quick IDP Setup Wizard [Reference]
• Added Redirection Rules option where you can configure multiple rules for IDP selection for different types of users.[Reference]
• Added a Plugin Tour to assist you in configuring the app

Please read the full release notes here

We have done very significant frontend changes in version 2.0.0, which we're sure you will appreciate once you upgrade the app.

As a part of UI rework, some settings are moved to new sections. This means the structure of the plugin backup file has changed too.

We've created a handbook which provides reference for all the settings available in the app.

Before You Upgrade:

• Refer to this guide to know which settings are moved where.
• Download the plugin configurations backup file from Backup and Restore Menu

After You Upgrade:

• Test it on your staging environment.
• If you're using plugin configurations backup file in any script, download the new plugin backup file from Backup and Restore menu.

Changelog

• Reworked User Interface with Quick IDP Setup Wizard [Reference]
• Added Redirection Rules option where you can configure multiple rules for IDP selection for different types of users.[Reference]
• Added a Plugin Tour to assist you in configuring the app

Please read the full release notes here

We have done very significant frontend changes in this version, which we're sure you will appreciate once you upgrade the app.

As a part of UI rework, some settings are moved to new sections. This means the structure of the plugin backup file has changed too.

We've created a handbook which provides reference for all the settings available in the app.

Before You Upgrade:

• Refer to this guide to know which settings are moved where.
• Download the plugin configurations backup file from Backup and Restore Menu

After You Upgrade:

• Test it on your staging environment.
• If you're using plugin configurations backup file in any script, download the new plugin backup file from Backup and Restore menu.

Changelog

• Reworked User Interface with Quick IDP Setup Wizard [Reference]
• Added Redirection Rules option where you can configure multiple rules for IDP selection for different types of users.[Reference]
• Added a Plugin Tour to assist you in configuring the app

Please read the full release notes here

We have done very significant frontend changes in this version, which we're sure you will appreciate once you upgrade the app.

As a part of UI rework, some settings are moved to new sections. This means the structure of the plugin backup file has changed too.

We've created a handbook which provides reference for all the settings available in the app.

Before You Upgrade:

• Refer to this guide to know which settings are moved where.
• Download the plugin configurations backup file from Backup and Restore Menu

After You Upgrade:

• Test it on your staging environment.
• If you're using plugin configurations backup file in any script, download the new plugin backup file from Backup and Restore menu.

Changelog

• Reworked User Interface with Quick IDP Setup Wizard [Reference]
• Added Redirection Rules option where you can configure multiple rules for IDP selection for different types of users.[Reference]
• Added a Plugin Tour to assist you in configuring the app

Please read the full release notes here

• Added support for X.509 certificate in Signed SAML Authn Request
• Added support for AWS as default apps along with setup guide
• Added support for AWS Cognito as IDP in Git Authentication
• Added Test Configuration option for Git Authentication
• Fixed external script issues to make it work in the offline environment

• Added support for X.509 certificate in Signed SAML Authn Request
• Added support for AWS as default apps along with setup guide
• Added support for AWS Cognito as IDP in Git Authentication
• Added Test Configuration option for Git Authentication
• Fixed external script issues to make it work in the offline environment

The app's default certificate will expire on October 28, 2020. You can find steps to replace it with a new certificate in the Certificates tab. You can check the steps in the link below too.

https://faq.miniorange.com/knowledgebase/can-update-default-x-509-certificate-miniorange-plugin/

We have also introduced the ability to generate & configure a new X.509 certificate in the app.

The app's default certificate will expire on October 28, 2020. You can find steps to replace it with a new certificate in the Certificates tab. You can check the steps in the link below too.

https://faq.miniorange.com/knowledgebase/can-update-default-x-509-certificate-miniorange-plugin/

We have also introduced the ability to generate & configure a new X.509 certificate in the app.

New Feature

• Set a fixed relay state URL for all logins or redirect to it only when no relay state URL is passed by the IDP

Bug Fix

• Bugfix for login using an email address
• Bugfix for group mapping assignment

New Feature

• Set a fixed relay state URL for all logins or redirect to it only when no relay state URL is passed by the IDP

Bug Fix

• Bugfix for login using an email address
• Bugfix for group mapping assignment

• Fixed external script issues to make it work in the offline environment
• Handled case sensitivity of groups in the login flow

• Fixed external script issues to make it work in the offline environment
• Handled case sensitivity of groups in the login flow

• Added a configurable option to restrict access to plugin APIs from outside the Bitbucket instance
• Bugfix for SAML Single Logout when username regex is configured

• Added a configurable option to restrict access to plugin APIs from outside the Bitbucket instance
• Bugfix for SAML Single Logout when username regex is configured

New Features

• Added support for header-based authentication
• Added an option to send AuthContextClassRef parameter in SAML Request
• Added an option to restore/backup app configuration through REST API
• Added Download SP metadata option

Bug fixes

• Security fixes like XSS vulnerabilities, sanitize input data and disable XML External Entity (DTD) Processing issues
• Fixed relay state issue in IDP initiated login flow
• Fixed session issue for Data Center login if multiple nodes are added to the cluster

Improvements

• Restrict plugin APIs to get an access out of the plugin

New Features

• Added support for header-based authentication
• Added an option to send AuthContextClassRef parameter in SAML Request
• Added an option to restore/backup app configuration through REST API
• Added Download SP metadata option

Bug fixes

• Security fixes like XSS vulnerabilities, sanitize input data and disable XML External Entity (DTD) Processing issues
• Fixed relay state issue in IDP initiated login flow
• Fixed session issue for Data Center login if multiple nodes are added to the cluster

Improvements

• Restrict plugin APIs to get an access out of the plugin

Fixed Null pointer exception faced by some users after updating the plugin to version 1.2.18

Fixed Null pointer exception faced by some users after updating the plugin to version 1.2.18

Note: Please check the SSO configuration once as there are major changes in the plugin framework.

New Features:

• Support for SSO through Multiple IDPs
• Added option to assign default group(s) to All, New or None of the users
• Added option to restrict users to change their application's password
• Added option to design a customized login page

Feature Enhancements:

• Backdoor URL parameters can be changed to anything
• Allow users of only certain groups to access the backdoor URL
• API to Enable Backdoor URL - Backdoor can be enabled using API provided in the plugin to access the login form
• Added option to edit the organization information in the plugin metadata

Enhancements in the User Groups tab:

• Removed Search Filter:-All group fields of the plugin will be loaded dynamically when you start typing the name
• Users will only be added or removed from the mapped groups only

Bug Fixes:

• Update the Logging levels in the plugin so that unnecessary plugin logs won't get printed in the bitbucket log file

Note: Please check the SSO configuration once as there are major changes in the plugin framework.

New Features:

• Support for SSO through Multiple IDPs
• Added option to assign default group(s) to All, New or None of the users
• Added option to restrict users to change their application's password
• Added option to design a customized login page

Feature Enhancements:

• Backdoor URL parameters can be changed to anything
• Allow users of only certain groups to access the backdoor URL
• API to Enable Backdoor URL - Backdoor can be enabled using API provided in the plugin to access the login form
• Added option to edit the organization information in the plugin metadata

Enhancements in the User Groups tab:

• Removed Search Filter:-All group fields of the plugin will be loaded dynamically when you start typing the name
• Users will only be added or removed from the mapped groups only

Bug Fixes:

• Update the Logging levels in the plugin so that unnecessary plugin logs won't get printed in the bitbucket log file

Made Compatible with Bitbucket Data Center

Made Compatible with Bitbucket Data Center

• Bug fix for blank dashboard

• Support for git authentication using OneLogin. This will allow bitbucket users to login into git (command prompt/client) with their OneLogin credentials
• On-the-fly Group Mapping: Added option to create and map the user's IDP groups to local groups during SSO
• Default groups assignment for the new user as well as all users
• Test Configuration improvement: Help you to identify the wrong SSO configurations
• Group Mapping search filter for a large number of groups
• minor UI changes in User Group Tab

• Added support for RSA SecurID, AuthAnvil, CA Identity Manager, and Auth0 Identity Providers.
• Updated existing setup guides.
• Minor UI Changes:
  • Changed tab name, Download Plugin Settings -> Download App Settings.

Updated compatibility with Bitbucket server 6.0.0

Features

• Keycloak Git Authentication
• Added NameID format
• Added RememberMe cookie
• Redirection bug fix for Firefox-61.0.1
• Bug fixes for Login using email
• Added instruction to set session timeout internally
• Collapsible sections for Sign In Settings tab.
• Inner tabs for Configure IdP tab for metadata configuration.
• Updated setup guides for Git Authentication

We have added support for git authentication using Azure AD. This will allow bitbucket users to users login to git (command prompt/client) with their Azure AD credentials.

Apart from Azure AD, we also support this feature for Okta.

• Login into Bitbucket by matching email in addition to username (for Google and other IDPs)
• Disable user creation
• Added a troubleshooting tab which has information about how to download logs for the plugin, plugin configuration, SAML Request and SAML Response.

• Secure cookies: Made all the cookies created by plugin secure and http-only
• XML Canonicalization SAML Vulnerability fix - Details are available on this link
• IDP specific metadata instructions for Okta, AD FS, Azure AD, Onelogin and G Suite.
• Update user groups only for groups against which value is filled
• Downloadable plugin configurations which can be transferred from test to production using Import/Export feature and can be sent to support
• Added a troubleshooting tab which has information about how to download logs for the plugin, plugin configuration, SAML Request and SAML Response.
• Changes in tab names:
  • Configure IDP -> SP Info
  • Configure SP -> Configure IDP
  • Attribute Mapping -> User Profile
  • Group Mapping -> User Groups

New features and fixes

• We have added a new feature which lets users login to git (command prompt/client) with their IdP (only Okta) credentials.
• Bug fix for issue while enabling add-on

New Features:-

• Added JIRA Service Desk support widget.
• Added metadata refresh time.
• Added default groups option to accept multiple values.
• Added custom logout URL.
• Added custom logout page template.
• Added custom error page template.
• Added option to accept SAML Response despite time error.
• Added option to set user session timeout.
• Added option to introduce delay in auto-redirect.
• Added option to set custom public and private certificate.
• Added option to download SAML Request and Response in XML file.
• UI improvements.

• Fixed the license warning bug. Warning now disappears when license is applied

• Minor bug fix in auto-redirect

• Bug fix in group mapping
• Bug fix in single logout.

• Removed login and registration through miniOrange
• Added provision to upload metadata
• Added option to set relay state
• Added option to disable update of attributes on single sign on
• Fix in request unsigned for POST
• Licensing check fix

Added option to send sign request

• Improve license check.

• Trial Period for Premium plugin
• Converting plugin to Paid-via-Atlassian
• Added feature to view SAML Request and Response for debugging
• Better troubleshooting using Test Configuration
• Change in pricing

Added upgrade to premium button.

- Pricing update

- Added downloadable guides for a number of known Identity Providers.

- Added the capability to view and copy the SAML Request and Response to the clipboard for debugging purpose.

First public release of the SAML Single Sign On for Bitbucket plugin.