Releases: cloudfoundry-attic/login-server
Login Server 1.10
OpenID Connect Updates
We have improved our OpenID Connect support in this release. This includes support for:
- Response type id_token
- Signature verification for id_token
User Sign Up Updates
The user sign up flow (Create Account) has been updated to collect the user's password upfront rather than after the user email verification. This greatly simplifies the user sign up flow. Now post email verification the users are automatically logged in.
Invitations
End users who are authenticated to UAA can now invite others users via email. Invited users are sent an email. After accepting the invitation in the email, the users are allowed to set their password followed by automatically being logged in. This is an optional feature and can be turned on via the invitationsEnabled flag in login.yml
Externalization of Scope Descriptions
The Cloud Foundry specific scope messages can now be controlled via CLOUD_FOUNDRY_CONFIG_PATH/messages in addition to loading them from message.properties of Login Server
1.9.0 Release Notes
Change Email functionality
The Login Server now supports Change Email for users. Authenticated users can request a change to their email from the Account Settings page and verify the new email via the same process as Account Creation. Once verified, the new email is reflected on the user account. If the Username is same as the email, both get updated at the same time. This feature is only restricted to users stored in the internal UAA user store. The users from external sources such as LDAP and SAML are treated as read-only
Integration with Notifications Server
Login Server now supports integration with a central Notifications Server which provides the ability to manage and send emails. Standard flows like Create New Account , Password Reset & Change Email can now use the Notifications Server for sending emails to users if configured.
Updated to Spring Security OAuth V2
The Spring Security OAuth library has been updated from version 1.0.5 to 2.0.3.
Apart from bug fixes, major highlights include modernization and ease of use for OAuth server and client apps on Spring. More details about the changes can be found here:
https://spring.io/blog/2014/04/18/spring-security-oauth-2-0-0-rc1-available
https://spring.io/blog/2014/09/01/spring-security-oauth-2-0-3-available-now
1.8.5 Release Notes
Multiple SAML Providers
Multiple SAML IDPs are now supported. They can be configured in the manifest and each IDP can have a showSamlLoginLink which determines whether to display the link to it on the login page. This allows for SAML integration without showing a link to it on the login page. This feature is useful for public clouds where some SAML integration is needed but don't want to advertise it to anyone visiting the login-server.
Stories Completed
Features
Support multiple SAML IDPs
1.8.0 Release Notes
Account Creation
A user can now sign up on the login server. This will create a user in the uaadb, with a "uaa" origin. This flow can be enabled or disabled through the login.signupsEnabled option in login.yml. It is enabled by default. A client may have a signup_redirect_url configured via the uaa.yml or uaac. This allows that client to direct a user to the signup page with their client id as a parameter (i.e. /accounts/new?client_id=app), and the user will be redirected to that url when they complete the account activation flow.
Gradle
Login Server now builds with gradle. This simplifies the build process, as one can now build from scratch, and run the login-server, uaa, app, and api apps with a simple
./gradlew run
Unit tests can be run with ./gradlew :test, and integration tests with ./gradlew :integrationTest
War and Jar files can be built with ./gradlew :assemble
Forgot Password Functionality
The forgot password page now assumes that usernames are emails. Password reset requests for usernames that are not emails will fail. This allows us to ensure that email address collisions on Scim users do not result in unexpected behavior.
Stories Completed
Features
User can create an account
cloudfoundry/uaa #83: remove unnecessary requirement for accept header
User is redirected upon verification