v0.99.1
2025-02-24
Resolved an issue to allow reload to work successfully when an end session endpoint for an OIDC provider is defined.
v0.99.0
2025-02-24
The go-redis package in the orchestrator has been updated to version 9.7.1.
v0.97.0
2025-02-19
The build architecture of the macOS download artifact has been updated from AMD to ARM.
v0.96.0
2025-02-21
Added support for multiple secret paths in HashiCorp Vault secret provider
The orchestrator integration with HashiCorp Vault now supports multiple secret paths from the same secrets engine. If needed as part of your user flows, you can define secret paths for multiple secrets in the orchestrator configuration. For more details, see Secrets Management: HashiCorp Vault.
As part of this update, secret names cannot contain any forward slashes (/
).
If you are currently using HashiCorp Vault as a secrets provider and your secret names include slashes, Strata advises you to remove the slashes or change the secret name before upgrading your orchestrator to v0.96.0.
Failing to do so might result in a connection failure to your Vault instance. To remediate this, change your secret name to remove slashes then restart orchestrator.
v0.94.0
2025-02-13
Orchestrator has been upgraded to Go v1.23.
Noteworthy changes include:
- 3DES cipher suites are removed from the default list of secure ciphers that the Orchestrator uses. If required, these ciphers can be reenabled by using the
enabledCiphers
TLS config. net/http
Cookie implementation no longer strips double quotes from cookies when storing. This should not impact existing service extensions, but Strata is performing a further investigation to verify behaviours remain consistent.
For more information, see Go 1.23 Release Notes.
v0.93.0
2025-02-13
- Browser based client apps now have access to
DPoP-Nonce
response headers.
v0.91.0
2025-02-10
- The OIDC Provider now requires DPoP nonce validation.
v0.90.0
2025-01-31
- When a previously issued access token is DPoP bound, DPoP proof and its corresponding access token are now validated at the userinfo endpoint.
v0.89.0
2025-01-31
- Internal enhancements and improvements.
- Maverics now supports DPoP bound refresh tokens.
v0.88.2
2025-01-29
- A bug causing attribute providers to break in proxy apps was fixed.
v0.88.1
2025-01-29
- Internal Only release: enhancements and improvements.
v0.88.0
2025-01-28
- Maverics now supports opaque access tokens when using DPoP.
v0.80.0
2025-01-22
- We have updated the metadata endpoint to return DPoP signing algorithms for OIDC providers.
v0.79.0
2025-01-22
- Maverics now supports DPoP sender-bound access tokens for OIDC providers.
v0.69.1
2024-12-20
- Maverics now uses Go's default implementation of system cert pool for Windows.
v0.65.1
2024-12-18
- LDAP Provider validation log now correctly reflects associated errors.
v0.61.0
2024-12-16
- CA cert is no longer a required field when setting up HashiCorp Vault as a secret provider.
v0.60.0
2024-12-13
- The orchestrator now uses the configuration SDK to validate OIDC provider configuration.
v0.59.0
2024-12-10
- The orchestrator now uses the configuration SDK to validate Single Logout (SLO) configuration.
v0.58.0
2024-12-10
-
Multiple OIDC callback URLs can now be configured for login and logout. The new style of OIDC connector syntax now supports use cases that require dynamic URLs for OIDC logins and logouts.
With this change, an identity admin can define a single callback URL pattern and allow for the host of the callback URL to be dynamic. As a result,
oauthRedirectURL
andoidcLogoutCallbackURL
syntax have been deprecated with this update. The new syntax isoauthLoginRedirect
andoauthLogoutRedirect
.
{{< callout type="info" >}}
Please note, you must use the new style OIDC connector syntax or the old style, but not both. If your configuration contains both the old style and new style OIDC connector syntax, orchestrator will return an error.
{{< /callout >}}
v0.56.0
2024-11-29
- This release enables the re-use of
http.Client
across different service extensions instead of creating new ones repetitively.
v0.55.0
2024-11-29
- The orchestrator now supports dynamic redirect URLs for logout for OIDC apps.
v0.54.1
2024-11-29
- A bug was fixed to now allow authentication requests without the ACS URL defined.
v0.54.0
2024-11-27
- Users can now use the
ES256
key algorithm when signing JWT for use in OAUTH client authentication.
v0.53.0
2024-11-27
- Adds enhancements to the HTTP Server to allow for configuration of HTTP endpoint
timeouts. A conservative default value of 15 seconds is used which could impact
existing deployments. For more info, please see the docs.
v0.52.0
2024-11-26
- Adds enhancements to the HTTP Server to allow for configuration of connection
timeouts. These changes include conservative default values for all timeouts which
could impact existing deployments. For more info, please see
the docs.
Configuration | Default Value |
---|---|
http.readTimeoutSeconds |
20 seconds |
http.readHeaderTimeoutSeconds |
5 seconds |
http.writeTimeoutSeconds |
20 seconds |
http.idleTimeoutSeconds |
60 seconds |
v0.51.0
2024-11-21
- Dynamic OIDC redirects are now supported in OIDC Connector.
v0.50.2
2024-11-21
- Logging has been improved when JWT bearers are used for client authentication. A minor bug in terms of how tokens are validated has also been resolved.
v0.50.1
2024-11-20
- Resolve CVE-2024-9143 by updating libssl3 and libcrypto3.
v0.50.0
2024-11-20
- Enable use of JWT for client authentication with client_credentials grant.
v0.49.0
2024-11-19
- Multiple ConsumerServiceURLs per SAML app are now supported.
v0.48.1
2024-11-15
- Orchestrator uses a POST binding when available on SAML login.
v0.48.0
2024-11-15
- You can now load Windows Store certs using Hashicorp Vault.
v0.47.0
2024-11-13
- Log level settings are reloadable.
v0.46.0
2024-11-13
- ECDH certs can now be loaded from Windows Cert Store.
v0.45.0
2024-11-08
- CRL revocation is now supported for TLS. See docs.
v0.44.5
2024-11-08
- Resolved issue where cached SAML requests were failing to be unmarshaled due to the POST binding not supporting compressed requests.
v0.44.2
2024-11-04
- Service extensions can now be used in conjunction with attribute providers for SAML and OIDC.
v0.44.1
2024-10-31
- SAML apps now successfully log errors if attempts to load attributes are not found or not defined.
v0.44.0
2024-10-30
- Online Certificate Status Protocol (OCSP) is now supported to allow clients and servers to check the revocation status of their peer's certificate. See docs.
v0.43.0
2024-10-29
- An error logger has been added to the HTTP server to make TLS handshake errors in Windows visible in the event viewer.
v0.42.0
2024-10-25
- Only tokens issues with the
openid
scope can be used at theuserinfo
endpoint.
v0.41.0
2024-10-25
- Support for mTLS cert authentication on HashiCorp Vault for Linux.
v0.40.0
2024-10-22
- Minor internal improvements
v0.39.0
2024-10-22
- As part of Orchestrator on Ubuntu, Debian artifacts are now included in Maverics releases.
- The Orchestrator health configuration is now reloadable, facilitating changes in the UI being pushed down to Orchestrator without requiring a restart.
v0.38.0
2024-10-18
- Minor internal improvements
v0.37.0
2024-10-17
- Improvements to the generic SAML health check HTTP client.
v0.36.0
2024-10-17
- TLS Unmarshalling has been reworked to simplify and combine multiple constructors.
v0.35.0
2024-10-17
- OIDC Provider:
sub
andclient_id
claims can now be overwritten via service extension. ID token generation has also been updated to no longer include theclient_id
claim by default.
v0.33.0
2024-10-15
- Debian package installer changes.
- Consolidate connector 'Login' logic where duplicated: In a handful of connectors,
Login
logic was duplicated between the login requester and the connector object itself. In other connectors, the connectorLogin
is a thin wrapper around theloginRequester
. This PR consolidates logic in the remaining connectors
v0.32.0
2024-10-10
- Debian package installer changes.
- OIDC Provider User Info Handler: The userinfo handler now uses the claim mapping on the client to build the response. A token cache entry will need to have a clear mapping to the
client_id
associated with the token.
v0.31.0
2024-10-09
- [OIDC Provider] Add association from token cache to userinfo cache - #2592
v0.30.0
2024-10-07
- [OIDC Provider] Store userinfo data only once - #2589
v0.29.1
2024-10-02
- [Connectors] Infer correct protocol binding from SAML metadata - #2588
v0.29.0
2024-10-01
- Expose 'jose.ContentType' in service extensions - #2587
v0.28.0
2024-10-01
- [Connectors] Add support for login hint via subject in PingFed SAML - #2586
v0.27.124
2024-09-27
- [Tests] Use dynamically allocated free port - #2584
v0.27.123
2024-09-26
- Update github PR template - #2582
- [Connectors] Implement login_hint in query for Azure SAML - #2583
v0.27.122
2024-09-23
- [SE] Add 'postLogoutSEV2' service extension - #2580
v0.27.121
2024-09-19
- Ensure mTLS can not be bypassed by spoofing the Host header. - #2578
v0.27.120
2024-09-19
- [Connectors] Restore SAML login in PingFed - #2579
v0.27.119
2024-09-19
- [Connectors] Add login hint to OIDC connectors - #2577
v0.27.118
2024-09-17
- [Proxy apps] Allow secrets loading in policy locations - #2576
v0.27.117
2024-09-17
- [SE] Introduce v2 service extension signature for 'evalIdleTimeoutSE' - #2574
v0.27.116
2024-09-17
- Support retrieving AWS secrets via ARN - #2575
v0.27.115
2024-09-17
- Update 'golang.org/x' to latest - #2564
v0.27.113
2024-09-16
- [SE] Introduce v2 session evalMaxLifetime - #2562
v0.27.112
2024-09-13
- [Service Extensions] Fix route registration issue - #2572
v0.27.111
2024-09-12
- Add newline delimiter option in CCP as workaround for multi-line secrets. - #2570
v0.27.110
2024-09-09
- Format the Hypr HTML to make it more readable - #2567
v0.27.109
2024-09-09
- SAML App inherits signing cert from SAMLProvider - #2566
v0.27.105
2024-09-03
- Fix OIDCProvider panic when claims mapping attribute does not use connector notation - #2560
v0.27.104
2024-08-29
- [Bundle Validation] Improve error handling when loading public key - #2558
v0.27.103
2024-08-28
- [TLS] Rename 'clientCAs' to 'clientCAFiles' in TLS config - #2554
v0.27.102
2024-08-28
- [Continuity] Improve reload behavior - #2555
v0.27.101
2024-08-27
- [Continuity] Check for duplicated status codes - #2549
v0.27.100
2024-08-27
- [Continuity] Add health check to ADFS - #2545
v0.27.99
2024-08-27
- [Connectors] Make cert and keys paths optional for ADFS - #2557
v0.27.97
2024-08-22
- Fix custom endpoint test flake - #2553
v0.27.96
2024-08-22
- Support LoadAttributesSE for OIDC Apps - #2551
v0.27.95
2024-08-22
- Enable service extensions for oidc provider authorization - #2548
v0.27.94
2024-08-21
- Support multiple secrets for OIDC client authentication - #2546
v0.27.93
2024-08-20
- Add load attributes service extension to SAML apps - #2544
v0.27.92
2024-08-19
- Ensure OIDC clients are unique by client ID - #2542
v0.27.91
2024-08-17
- [SAML Apps] Support app level 'disableSignedAssertion' and 'disableSignedResponse' - #2540
v0.27.90
2024-08-15
- Add authorization rules to OIDC apps - #2541
v0.27.89
2024-08-14
- Sanitize routes registered in Service Extensions - #2539
v0.27.88
2024-08-13
- [SAML Apps] Support app-specific signing certs - #2535
v0.27.87
2024-08-13
- Support client defined grant types for OIDC apps - #2538
v0.27.86
2024-08-13
- [Continuity] Remove body matching response logging - #2537
v0.27.85
2024-08-12
- Update mitchellh/mapstructure to go-viper/mapstructure/v2 - #2533
v0.27.84
2024-08-12
- [Apps] Validate 'name' uniqueness - #2531
v0.27.83
2024-08-09
- Support ROPC flow for OIDC apps via backchannel authenticate SE - #2532
v0.27.82
2024-08-08
- [Continuity] Increase state parameter length in generic OIDC health check - #2530
v0.27.81
2024-08-06
- [Continuity] Add TLS to custom health check - #2527
v0.27.79
2024-07-31
- Support IsAuthorizedSE in SAML apps - #2525
v0.27.78
2024-07-31
- [Continuity] Add custom health check response body matching - #2522
v0.27.77
2024-07-29
- Use the correct HTTP client for SAML health check - #2523
v0.27.76
2024-07-29
- [Continuity] Add headers to custom health check endpoint - #2519
v0.27.75
2024-07-26
- Add QR authentication mode for Hypr connector - #2518
v0.27.74
2024-07-25
- [Continuity] Add ability to define custom health check - #2515
v0.27.73
2024-07-19
- [Continuity] Change the default health check interval - #2512
v0.27.72
2024-07-19
- [Continuity] Add un/healthy threshold - #2513
v0.27.71
2024-07-18
- Enforce authorization rules in SAML Apps - #2514
v0.27.69
2024-07-17
- Reimplement Cyberark Conjur Secret Provider - #2510
v0.27.68
2024-07-12
- Update Yaegi to 16.1 - #2509
v0.27.66
2024-07-11
- Remove legacy LDAP 'attrproviders' implementation - #2506
v0.27.64
2024-07-10
- [SAML APP] Query for nameID attributeMapping attribute if not on session - #2503
v0.27.63
2024-07-09
- Update log level to error when referenced secret is not found - #2505
v0.27.60
2024-07-02
- Expose ldap.Control - #2498
v0.27.57
2024-06-27
- Add AWS Secrets manager secret provider support - #2496
v0.27.56
2024-06-25
- [Telemetry] Update OTel libraries to latest - #2495
v0.27.54
2024-06-24
- [Telemetry] Update local Docker Compose telemetry environment for development - #2494
v0.27.53
2024-06-24
- Support reload for single logout config - #2491
v0.27.49
2024-06-20
- Protect session store with mutex and add session service to config reloader - #2490
v0.27.48
2024-06-19
- Implement session config reload - #2487
v0.27.46
2024-06-18
- [Service Extensions] Expose symbols for JWT encryption - #2485
v0.27.45
2024-06-18
- Wrap session in service.Service - #2483
v0.27.43
2024-06-14
- [MSI] Fix file contention issue - #2482
v0.27.42
2024-06-14
- Re-evaluate policies based on decision lifetime - #2478
v0.27.38
2024-06-11
- [Proxy apps] Remove legacy resilience implementation - #2475
v0.27.36
2024-06-06
- Redirect SAML SSO error responses correctly - #2472
v0.27.33
2024-05-31
- SAMLProvider support LogoutRequest via POST binding - #2470
v0.27.32
2024-05-30
- [Connectors] Move SAML client initialization to constructor - #2469
v0.27.31
2024-05-29
- [Connectors] Gracefully handle failure to retrieve OIDC well-known metadata - #2466
v0.27.30
2024-05-16
- Verify Signed SAML Logout requests via Redirect binding - #2468
v0.27.29
2024-05-16
- [Connectors] Refactor SAML pkg to better handle SP initialization - #2467
v0.27.28
2024-05-14
- [SAML Apps] Store logout request in cache - #2465
v0.27.27
2024-05-14
- Fix SAMLProvider cacheState storage when using multiple IDPs - #2464
v0.27.26
2024-05-13
- Add support for namespace in HashiVault - #2460
v0.27.23-24
2024-05-10
- Unregister SAMLProvider SLO endpoint during stop - #2463
- [Connectors] Better handle logout errors - #2461
v0.27.20-21
2024-05-09
- Update release pipeline to replace the old MSI installer with the new - #2458
- Append query parameters to authn request during IDP Initiated SAML - #2459
v0.27.19
2024-05-08
- Validate bundle file in MSI installer - #2457
v0.27.16-18
2024-05-07
- [SAMLProvider] Add SingleLogoutService to metadata when sloEndpoint is defined - #2456
- [SAMLProvider] Implement SP initiated SLO - #2441
- [MSI] Fix service restart when change and add default remote configs. - #2442
v0.27.13-15
2024-05-06
- [Service Extensions] Expose symbols to enable JWT generation - #2450
- [Connectors] Set transport properties on health check HTTP client - #2449
v0.27.12
2024-05-03
- [SAML Connectors] Fix panic observed when generating unsigned logout requests - #2452
v0.27.5
2024-04-23
- [SAML Apps] Call BuildRelayState extension post-authentication
v0.27.2
2024-04-18
- [SAML Apps] Expose NameID configuration
v0.27.1
2024-04-18
- Include allowedProtectedPackages option for Service Extensions
v0.27.0
2024-04-16
- Introduce cache to SAMLProvider
v0.26.108
2024-04-16
- Expose BuildRelayState service extension for IDP-initiated login flow
v0.26.106
2024-04-12
- Allow IDP-initiated 'relayStateURL' field to be optionally defined
v0.26.102-104
2024-04-11
- Fix log key to have correct attrProvider name
- Simplify IDP health check service
v0.26.94-100
2024-04-10
- Implement generic SAML in 1Kosmos and add cache
- Improve idphealthcheck test assertion
- Manually validate timestamp assertions in SAML
- Organize authprovider pkg and improve logging
- Store cacheRequester on samlAuthProvider to simplify CreateClient method signature
v0.26.90
2024-04-04
- Add proxy app support for HTTP request methods
v0.26.87-89
2024-04-03
- Enable PingFederate connector to use SAML package and cache
- Bug fix: Add 'Authorization' to list of 'Access-Control-Allow-Headers'
v0.26.86
2024-04-02
- Set SAML CacheRequester at reload
v0.26.85
2024-04-01
- Add cache for SAML connectors using generic implementation
v0.26.75-77
2024-03-25
- Enhance SAML metadata parsing to support formatted certificates
- Support api.App in IsAuthenticatedSE, AuthenticateSE and v2/BuildClaimsSE for saml apps
- Support api.App in IsAuthenticatedSE, AuthenticatedSE, BuildAccessTokenClaimsSE, BuildIDTokenClaimsSE for oidc apps
v0.26.73-74
2024-03-22
- Update Nancy CI action to use correct version of Go
- Add support RP-initiated logout in OIDC provider
v0.26.66-71
2024-03-20
- Add
github.com/google/uuid
support to Service Extensions. - Support api.App in loadAttrsSE for proxy apps
- Support api.App in createHeaderSE for proxy apps
- Support api.App in loginSE and isLoggedInSE for proxy apps
- Allow CyberArk CCP to be configured with certificate authentication directly from Windows Cert Store. See docs here.
v0.26.64
2024-03-19
- Add missing Cache WithTTL option to SE symbols
v0.26.63
2024-03-18
- Add functions and structures from 'golang.org/x/net/html' to v2 SEs.
v0.26.54
2024-03-14
- Update go-ntlm to the latest version
v0.26.22
2024-02-29
- Update to latest go OTLP libraries
v0.26.17
2024-02-26
- Upgrade Golang to 1.22
v0.26.13
2024-02-22
- Parse the OIDC Auth request params to not only parse from the query but also from the request body
v0.26.4
2024-02-08
- Add configuration options to MSI installer and fix upgrade behavior
v0.26.3
2024-02-08
- Support loading service extension assets as a file system
v0.26.2
2024-02-06
- Add offline_access to scopes_supported in OIDC well-known endpoint
v0.26.1
2024-02-02
- Implement Context interface for service extensions
v0.26.0
2024-01-31
- Support retrieving App name for Proxy Apps in some Service Extensions
- Expose orchestrator cache to service extension (v0.25.39)
- Add client_id to claims in access token (v0.25.38)
- Support login options in service extensions (v0.25.37)
- Fix refresh token length configuration (v0.25.35)
- Close HTTP response body in connectors (v0.25.34)
- Omit env var substitution if the line starts with '#' in YAML config (v0.25.33)
- Close response body when making token request (v0.25.32)
- Update crypto lib to v0.17.0 to handle CVE-2023-48795 (v0.25.31)
- Fix panic when cert not found in Windows cert store (v0.25.30)
- Correctly set RelayState during IDP initiated login (v0.25.29)
- Add env vars for Windows Certificate Store (v0.25.28)
- Improve error handling in OIDC connectors (v0.25.27)
- Add support for reloadable cache (v0.25.26)
v0.25.25
2023-12-14
- Allow SAML client to support both IDP initiated login and verified SP login
- Rename go-jose exported name from v3 to jose (v0.25.24)
- Add Windows Client Authenticator connector to orchestrator (v0.25.23)
v.0.25.5
2023-11-24
- Register SAML endpoints as case insensitive
- Register OIDC endpoints as case insensitive (v0.25.4)
- Fix typo in telemetry logs (v0.25.3)
- Implement TAIProvider interface for Service Extensions (v0.25.2)
- Fix panic observed when running in Windows console as non-admin (v0.25.1)
v0.25.0
2023-11-09
- Rotate refresh tokens on use per OAuth security best practices
- Implement token revocation for JWT tokens (v0.24.35)
- Store JWT tokens in the cache (v0.24.34)
v0.24.32
2023-11-03
- Update google.golang.org/api to fix indirect GRPC vulnerabilities
- Expose GetBytes, GetAny, and SetBytes on Service Extension session provider implementations (v0.24.32)
- SAMLProvider validates signed authn requests received via HTTP-Redirect binding (v0.24.29)
- Implement v2.Session API for Service Extensions for OIDC Provider (v0.24.28)
- Add post logout redirect URL to proxy apps (v0.24.27)
- Return all claims for opaque access token (v0.24.26)
- Add logout to proxy apps (v0.24.25)
- Add clock skew leeway for SAML Authn requests (v0.24.23)
- Stop Maverics process on failure to bind to a port (v0.24.22)
v0.24.21
2023-10-26
- Add support for IDP initiated login for app of type SAML
- Add support for HTTP Redirect binding in the SAML auth provider (v0.24.20)
- Improve attribute loading error handling in proxy apps (v0.24.18)
- Add query params matching in proxy apps policies (v0.24.17)
- Add handleUnauthorizedSE to proxy apps (v0.24.16)
v0.24.15
2023-10-20
- Add upstream login extension to proxy apps
- Add support for IDP initiated login for the SAML provider (v0.24.14)
- Add ModifyRequest and ModifyResponse Service Extensions to proxy apps (v0.24.13)
- Add LoadAttrsSE to proxy apps (v0.24.12)
- Expose 'goPath' on v2 Service Extensions (v0.24.11)
- Add CreateHeader service extension to proxy apps (v0.24.10)
- Add IsAuthorized service extension to proxy apps (v0.24.9)
- Add IsAuthenticated and Authenticate extensions to proxy apps (v0.24.8)
- Update goxmldsig library to fix signature validation bug (v0.24.7)
- Add TLS to proxy apps (v0.24.4)
- Patch CVE-2023-45683 (SAML XSS bug) (v0.24.2)
- Support multiple route patterns on a proxy app (v0.24.1)
- Add Orchestrator Groups cache support (v0.24.0)
- Add regexp policy matching to proxyapps (v0.23.75)
- Add attribute provider to proxy apps (v0.24.74)
v0.23.73
2023-10-13
- Update golang.org/x/net to the latest to address CVE-2023-39325
- Upgrade Yaegi to 15.1 (v0.23.72)
- Support policy-level header definitions on proxy apps (v0.23.71)
- Implement revoke endpoint support for OIDC refresh tokens (v0.23.70)
- Add unauthorized page to proxy apps (v0.23.68)
- Add headers to proxy apps (v0.23.67)
- Improve authorization and authentication policy validation for proxy apps (v0.23.66)
- Add authorization to proxy apps (v0.23.65)
v0.23.62
2023-09-29
- Add basic authentication to proxy apps in new app-centric configuration format
- Allow fabric consumer (RP Orchestrator) to define and use unauthorizedPage (v0.23.61)
v0.23.60
2023-09-25
- Update OIDCProvider service extensions to work with cache
- Fix OIDCProvider userinfo endpoint to reject ID Bearer tokens (v0.23.59)
- Support the refresh token flow using the cache (v0.23.58)
- OIDCProvider uses cache to build user claims (v0.23.56)
v0.23.55
2023-09-15
- Support AuthCode w/ PKCE using cache implementation
v0.23.54
2023-09-15
- Make logging more verbose in Azure connector
v0.23.53
2023-09-11
- Remove logic that prevents 'ServeSE' from being defined with other AppGateway extensions
- Set session cookie regardless of policy (v0.23.52)
v0.1.0 (Maverics TAI Module)
2023-09-07
- Add support for verifying signed JWT headers to prevent impersonation via side channel requests.
v0.23.50
2023-09-07
- Expose TAI pkg in Service Extensions to enable JWT generation
- Fix decryption using older keys in AES256GCMEncryptor (v0.23.49)
- Export go-jose JWT library v3 symbols (v0.23.48)
- Export go-ldap library v3 symbols (v0.23.47)
v0.23.44
2023-08-29
- Expose 'ldap.NewModifyRequest' in Service Extensions
- Add metadata to V2 service extensions (v0.23.43)
- Signed binaries for Maverics Evaluation bundle downloads (v0.23.42)
- Fix Telemetry panic on SIGTERM (v0.23.38)
- Update SAML Provider buildClaims v2 signature to match OIDC Provider. (v0.23.37)
- Enable attribute loading in v2 Service Extensions (v0.23.34)
- Make API Service Extensions reloadable (v0.23.31)
- ServeSE v2 in APIs block (v0.23.28)
- Add ldap.NewPasswordModifyRequest symbol (v0.23.27)
- Add support for BuildUserInfoClaimsSE for OIDC apps (v0.23.25)
v0.23.34
2023-08-15
- Enable attribute loading in v2 Service Extensions - #2147
v0.23.31
2023-08-11
- Make API Service Extensions reloadable - #2140
v0.23.30
2023-08-11
- Unregister HTTP endpoints when API Service Extensions are stopped - #2139
v0.23.29
2023-08-11
- Restart session metrics on telemetry reload - #2119
v0.23.28
2023-08-11
- ServeSE v2 in APIs block - #2134
v0.23.27
2023-08-10
- Add ldap.NewPasswordModifyRequest symbol - #2136
v0.23.26
2023-08-10
- Orchestrator metrics as service - #2122
v0.23.25
2023-08-10
- Add support for BuildUserInfoClaimsSE for OIDC apps - #2135
v0.23.22
2023-08-03
- Fixed issue preventing OIDC client creation with JWT access token - #2110
v0.23.20
2023-08-03
- Return a non-nil action in the HYPR connector when Lookup is successful - #2130
v0.23.19
2023-08-03
- Add BuildClaims SE to SAML apps - #2128
v0.23.18
2023-08-02
- Move authn fields under new authenticationPolicy in policy struct - #2123
v0.23.15
2023-07-28
- Add Authentication Service Extensions to SAML Apps - #2121
v0.23.14
2023-07-28
- Add BuildIDTokenClaims and BuildAccessTokenClaims extensions to apps of type OIDC - #2120
v0.23.13
2023-07-28
- Remove Public Signing Key from Auth Provider Config - #2117
v0.23.11
2023-07-26
- Add IsAuthenticated and Authenticate SE to OIDC apps - #2118
v0.23.9
2023-07-25
- Support subtree searching for LDAP connector as IDP - #2114
v0.23.8
2023-07-24
- initialize metrics during orchestrator startup - #2115
v0.23.6
2023-07-19
- Create v2 Service Extension package and expose parsing method - #2113
v0.23.2
2023-07-17
- SAML AuthProvider: Ensure XML dateTime attributes use millisecond precision - #2111
v0.23.1
2023-07-13
- Remove connector and app count logging - #2098
v0.23.0
2023-07-12
- Enable NameID Format to be defined on SAML AuthProvider clients - #2103
v0.22.48
2023-07-12
- Only set SameSite cookie attribute when cookie is Secure - #2101
v0.22.47
2023-07-12
- Remove "reload count" metric - #2099
v0.22.46
2023-07-12
- add config version to health - #2096
v0.22.41
2023-07-07
- Ensure Lookup validation is successful before using connector as IdentityProvider - #2091
v0.22.40
2023-07-07
- Refactor telemetry into a service and change the Reloader to reload telemetry based on new config. - #2093
v0.22.38
2023-07-05
- Fix LDAP IDP login bug - #2085
v0.22.37
2023-06-28
- SAML logout in Okta - #2075
v0.22.34
2023-06-27
- Emit Orchestrator health to OTLP - #2065
v0.22.33
2023-06-26
- Remove old HealthSvc - #2082
v0.22.32
2023-06-26
- Prevent SAML auth provider from panic if no IDPs provided. - #2080
v0.22.29
2023-06-23
- Add ldap.DialWithTLSConfig to Service Extension symbols - #2077
v0.22.26
2023-06-20
- Add redirectScheme to consumer fabric - #2069
v0.22.22
2023-06-19
- Organize and add Godoc for configuration fields in AppGateway - #2070
v0.22.19
2023-06-16
- Fix issue where Fabric Consumer (RP Orchestrator) fails to load TLS config - #2064
v0.22.18
2023-06-16
- Add os/exec to service extension symbols if enableOSLib:true - #2063
v0.22.17
2023-06-16
- Return ErrMetricsInvalidExporter if exporter not specified in telemetry metrics configuration - #2066
v0.22.16
2023-06-15
- Refactor telemetry config to allow multiple OTLP exporters; reference… - #2057
v0.22.14
2023-06-15
- Improve error handling in Fabric Consumer when nonce is not found - #2060
v0.22.11
2023-06-14
- Add ldap.NewSearchRequest to service extension symbols - #2052
v0.22.9
2023-06-14
- Don't log message about metrics when telemetry not enabled. - #2050
v0.22.8
2023-06-13
- Add support for domain hint in SAML SP - #2053
v0.22.7
2023-06-13
- Support SAML login in Okta connector - #2051
v0.22.6
2023-06-13
- Leave maverics.yaml untouched on uninstall - #2049
v0.22.5
2023-06-08
- Support IDP-initiated SAML login in ADFS connector - #2047
v0.22.4
2023-06-08
- Support IDP-initiated SAML login in Azure connector - #2048
v0.22.3
2023-06-08
- Add default maverics.yaml on Windows installation - #2046
v0.19.17
2023-05-03
- Ensure keys in JWKS have unique IDs - #1990
v0.19.16
2023-05-03
- Add support for apps of type OIDC - #1987
v0.19.15
2023-05-03
- fix cache timing logic - #1992
v0.19.14
2023-05-03
- Describe Service Extension dependencies for AuthProviders - #1991
v0.19.13
2023-05-02
- [OIDC Auth Provider] Inject unused cache.Cache - #1988
v0.19.12
2023-05-02
- [OIDC Auth Provider] Move cache creation into NewOIDCProvider - #1984
v0.19.11
2023-05-02
- add URLPath to otel http config - #1980
v0.19.10
2023-05-02
- Add Orchestrator ID to metrics resources - #1976
v0.19.9
2023-05-01
- Add username search key value to session for LDAP - #1985
v0.19.8
2023-05-01
- Handle error from service extension panic recovery - #1986
v0.19.7
2023-05-01
- Add source assets for the docker grafana quickstart in docs repo. - #1978
- Serve discovery endpoints on app-centric OIDC Provider - #1983
v0.19.6
2023-04-27
- Add ability to create clients on OIDC AuthProvider - #1982
v0.19.5
2023-04-27
- add mock cache implementation - #1981
v0.19.4
2023-04-26
- Removes the AuthProvider feature flag - #1979
v0.19.3
2023-04-26
- add initial caching foundation - #1968
v0.19.2
2023-04-21
- Add MAVERICS_CONFIG to multiple environment variable check - #1975
v0.18.48
2023-04-21
- Distinguish between validation and unmarshalling in OIDCProvider by @patrick-strata in #1969
- Remove undocumented and unused logical operators from OIDC AuthProvider authentication policy by @patrick-strata in #1970
- Query escape configuration_file_object_key for GCP provider by @wfernandes in #1972
- Decouple unmarshaling from construction in OIDC AuthProvider in support of OIDC apps by @eliasjf in #1973
- Support configurationFilePath key in provider configs by @wfernandes in #1971
- Implement bundle verification by @kewun in #1967
- Organize tests into separate files for OIDC AuthProvider by @eliasjf in #1974
Full Changelog: https://github.com/strata-io/maverics/compare/v0.18.47...v0.18.48
## v0.19.1
2023-04-21
- Distinguish between validation and unmarshalling in OIDCProvider by @patrick-strata in #1969
- Remove undocumented and unused logical operators from OIDC AuthProvider authentication policy by @patrick-strata in #1970
- Query escape configuration_file_object_key for GCP provider by @wfernandes in #1972
- Decouple unmarshaling from construction in OIDC AuthProvider in support of OIDC apps by @eliasjf in #1973
- Support configurationFilePath key in provider configs by @wfernandes in #1971
- Implement bundle verification by @kewun in #1967
- Organize tests into separate files for OIDC AuthProvider by @eliasjf in #1974
Full Changelog: https://github.com/strata-io/maverics/compare/v0.18.47...v0.19.1
## v0.18.47
2023-04-18
- Simplify SAML Provider signature configuration - #1966
v0.18.46
2023-04-18
- Add encryption to SAML Apps - #1965
v0.18.45
2023-04-17
- Update Swarm to latest - #1964
v0.18.44
2023-04-17
- Remove antiquated autogenerated LDAP test mock - #1962
- Remove outdated telemetry docs - #1961
- Enable encryption config to be defined on SAML AuthProvider client - #1963