Added a fix for an issue faced with IDP initiated SSO.

New Features:

• Multiple certificates support for any configured IDP
• Enable/Disable SSO Using REST API
• Add Custom Attributes in Metadata
• Remember My IDP
• Enhancement in Redirection Rules
• Transform group name using regex
• Implemented Filter Based redirection
• Advanced Logging

We have done very significant frontend changes in this version, which we're sure you will appreciate once you upgrade the app.

As a part of UI rework, some settings are moved to new sections. This means the structure of the plugin backup file has changed too.

We've created a handbook that provides a reference for all the settings available in the app.

Before You Upgrade:

• Refer to this guide to know which settings are moved where.
• Download the plugin configurations backup file from the Backup and Restore Menu

After You Upgrade:

• Test it on your staging environment.
• If you're using plugin configuration backup files in any script, download the new plugin backup file from the Backup and Restore menu.

Changelog:

• Reworked User Interface with Quick IDP Setup Wizard [Reference]
• Added Redirection Rules option where you can configure multiple rules for IDP selection for different types of users.[Reference]

Please read the full release notes here

Bugfix for redirecting the user to wrong URL in IDP initiated SSO flow

New Feature:

• Added option to configure No SSO URL(s): SSO redirection to IDP for specific URLs used for integration with other applications will be disabled.

Bugfix:

• Fix for SSO button not appearing when some admin URLs are accessed.

New Features:

• Added support for Passive SSO - The IDP will authenticate the user silently, without user interaction
• Added support Force Authentication - IDP will force the user to re-authenticate, even if the user has a valid session with IDP

Improvements

• Added SSO setup document for AWS
• Added option to limit the number of failed login attempts from Backdoor / Emergency URL
• Added option to enforce unique SAML Response

Bug fixes

• Fixed for Reflected XSS vulnerability

New Feature:

• Option to set a fixed relay state URL for all logins or redirect to it only when no relay state URL is passed by the IDP
• Added a configurable option to restrict access to plugin APIs from outside the Fisheye/Crucible instance

Certificate Update:

The app's default certificate will expire on October 28, 2020. You can find steps to replace it with a new certificate in the Certificates tab. You can check the steps in the link below too.

https://faq.miniorange.com/knowledgebase/can-update-default-x-509-certificate-miniorange-plugin/

We have also introduced the ability to generate & configure a new X.509 certificate in the app.

Note: Please take a backup of the current configuration and after the update verify the SSO configuration as there are major changes in the plugin framework.

New Features

• Support for SSO through Multiple IDPs
• On-The-Fly Group Mapping - Added option to create and map user's IDP groups to local groups during user SSO
• Added option to restore/backup app configuration through REST API
• Added option to restrict users from changing their local password
• Added option to design a customized login page
• Feedback form : Admin can submit feedback without deactivating the app

Feature Enhancements:

• Allow users of only certain groups to access the emergency/backdoor URL
• Enable emergency/backdoor login using REST API calls
• Added option to introduce a delay in auto-redirect
• Added option to edit organization information in the plugin's metadata

Group Mapping Enhancements

• Users will only be added or removed from the mapped groups only
• Option to restrict default group assignment
• UI changes in User Group Tab

• Updated contact us details

• Fixes JavaScript bug that prevents Fisheye from displaying some repository information

• Added support for RSA SecurID, AuthAnvil, CA Identity Manager, and Auth0 Identity Providers.
• Added Multiple default groups support
• Default groups for the new user as well as all users
• Customize Backdoor URL
• Test Configuration improvement
• Updated existing setup guides.
• Minor UI Changes:
  • Changed tab name, Download Plugin Settings -> Download App Settings.

Features

• Default groups for New as well as existing users.
• Relay state bug fixes for Anonymous Access.
• Redirection bug fix for Firefox-61.0.1
• Collapsible sections for Sign In Settings tab.
• Inner tabs for Configure IdP tab for metadata configuration.

Features:

• Option to send NameID format in SAML Request
• Option to remove users only from the groups which are mapped during SSO.

Fixes:

• Azure AD Metadata Import fix
• Refresh Metadata Fix: Only IDP entity ID and certificates will be updated. Manual configurations won't be reverted during the refresh cycle.
• Secure cookies: Made all the cookies created by plugin secure
• XML Canonicalization SAML Vulnerability fix: Click here to find more information about this vulnerability

Features Added

• Enabled SSO into Fisheye/Crucible by matching email in addition to username (for Google and other IDPs).
• Added Restrict user creation.
• Added Regex pattern on username field.
• Validated SAML Response by adjusting the time-stamp.
• Added a troubleshooting tab which has information about how to download logs for the plugin, plugin configuration, SAML Request and SAML Response.
• Handled German characters (ä) and other non-English characters (like š, á) which is returned in SAML response.
• Bug fix for supporting encryption with Okta.
• Fixed Group mapping issues for OneLogin in case user belongs to multiple groups.
• Added Troubleshooting tab for getting logs.
• Changes in tab names:
  • Configure IDP -> SP Info
  • Configure SP -> Configure IDP
  • Attribute Mapping -> User Profile
  • Group Mapping -> User Groups

New Features:-

• JIRA Service Desk support widget.
• Option to configure plugin by uploading IdP metadata file or URL.
• Option to set metadata refresh time.
• Custom logout URL.
• Custom logout page template.
• Custom error page template.

Changes made in version 1.0.2

• Added support for custom SP certificate
• Minor bug fix

Changes made in version 1.0.1

• Removed login and registration required to configure add-on
• Revamped UI
• Added guides to configure add-on with various IDPs
• Added option to auto-redirect to IDP with backdoor URL for backup
• Added support for single logout using GET and POST
• Added attribute mapping for user's name
• Added group mapping according to different groups
• Added option to set relay state
• Added option to restrict group mapping for only existing users
• Added option to sign request while sending to IDP
• Added option to add/remove signatures from plugin's metadata
• Added options to debug SAML request and SAML response
• Added option to modify SP URLs
• Added option to send SAML login request as a POST request

Single Sign On to Fisheye/Crucible with any SAML 2.0 Compliant IDP