Orchestrator build release notes

Orchestrator build release notes

For older release notes, see the release notes archive.

v0.65.1

2024-12-18

  • LDAP Provider validation log now correctly reflects associated errors.

v0.61.0

2024-12-16

  • CA cert is no longer a required field when setting up HashiCorp Vault as a secret provider.

v0.60.0

2024-12-13

  • The orchestrator now uses the configuration SDK to validate OIDC provider configuration.

v0.59.0

2024-12-10

  • The orchestrator now uses the configuration SDK to validate Single Logout (SLO) configuration.

v0.58.0

2024-12-10

  • Multiple OIDC callback URLs can now be configured for login and logout. The new style of OIDC connector syntax now supports use cases that require dynamic URLs for OIDC logins and logouts.

    With this change, an identity admin can define a single callback URL pattern and allow for the host of the callback URL to be dynamic. As a result, oauthRedirectURL and oidcLogoutCallbackURL syntax have been deprecated with this update. The new syntax is oauthLoginRedirect and oauthLogoutRedirect.

ℹ️
Please note, you must use the new style OIDC connector syntax or the old style, but not both. If your configuration contains both the old style and new style OIDC connector syntax, orchestrator will return an error.

v0.56.0

2024-11-29

  • This release enables the re-use of http.Client across different service extensions instead of creating new ones repetitively.

v0.55.0

2024-11-29

  • The orchestrator now supports dynamic redirect URLs for logout for OIDC apps.

v0.54.1

2024-11-29

  • A bug was fixed to now allow authentication requests without the ACS URL defined.

v0.54.0

2024-11-27

  • Users can now use the ES256 key algorithm when signing JWT for use in OAUTH client authentication.

v0.53.0

2024-11-27

  • Adds enhancements to the HTTP Server to allow for configuration of HTTP endpoint timeouts. A conservative default value of 15 seconds is used which could impact existing deployments. For more info, please see the docs.

v0.52.0

2024-11-26

  • Adds enhancements to the HTTP Server to allow for configuration of connection timeouts. These changes include conservative default values for all timeouts which could impact existing deployments. For more info, please see the docs.
ConfigurationDefault Value
http.readTimeoutSeconds20 seconds
http.readHeaderTimeoutSeconds5 seconds
http.writeTimeoutSeconds20 seconds
http.idleTimeoutSeconds60 seconds

v0.51.0

2024-11-21

  • Dynamic OIDC redirects are now supported in OIDC Connector.

v0.50.2

2024-11-21

  • Logging has been improved when JWT bearers are used for client authentication. A minor bug in terms of how tokens are validated has also been resolved.

v0.50.1

2024-11-20

  • Resolve CVE-2024-9143 by updating libssl3 and libcrypto3.

v0.50.0

2024-11-20

  • Enable use of JWT for client authentication with client_credentials grant.

v0.49.0

2024-11-19

  • Multiple ConsumerServiceURLs per SAML app are now supported.

v0.48.1

2024-11-15

  • Orchestrator uses a POST binding when available on SAML login.

v0.48.0

2024-11-15

  • You can now load Windows Store certs using Hashicorp Vault.

v0.47.0

2024-11-13

  • Log level settings are reloadable.

v0.46.0

2024-11-13

  • ECDH certs can now be loaded from Windows Cert Store.

v0.45.0

2024-11-08

  • CRL revocation is now supported for TLS. See docs.

v0.44.5

2024-11-08

  • Resolved issue where cached SAML requests were failing to be unmarshaled due to the POST binding not supporting compressed requests.

v0.44.2

2024-11-04

  • Service extensions can now be used in conjunction with attribute providers for SAML and OIDC.

v0.44.1

2024-10-31

  • SAML apps now successfully log errors if attempts to load attributes are not found or not defined.

v0.44.0

2024-10-30

  • Online Certificate Status Protocol (OCSP) is now supported to allow clients and servers to check the revocation status of their peer’s certificate. See docs.

v0.43.0

2024-10-29

  • An error logger has been added to the HTTP server to make TLS handshake errors in Windows visible in the event viewer.

v0.42.0

2024-10-25

  • Only tokens issues with the openid scope can be used at the userinfo endpoint.

v0.41.0

2024-10-25

  • Support for mTLS cert authentication on HashiCorp Vault for Linux.

v0.40.0

2024-10-22

  • Minor internal improvements

v0.39.0

2024-10-22

  • As part of Orchestrator on Ubuntu, Debian artifacts are now included in Maverics releases.
  • The Orchestrator health configuration is now reloadable, facilitating changes in the UI being pushed down to Orchestrator without requiring a restart.

v0.38.0

2024-10-18

  • Minor internal improvements

v0.37.0

2024-10-17

  • Improvements to the generic SAML health check HTTP client.

v0.36.0

2024-10-17

  • TLS Unmarshalling has been reworked to simplify and combine multiple constructors.

v0.35.0

2024-10-17

  • OIDC Provider: sub and client_id claims can now be overwritten via service extension. ID token generation has also been updated to no longer include the client_id claim by default.

v0.33.0

2024-10-15

  • Debian package installer changes.
  • Consolidate connector ‘Login’ logic where duplicated: In a handful of connectors, Login logic was duplicated between the login requester and the connector object itself. In other connectors, the connector Login is a thin wrapper around the loginRequester. This PR consolidates logic in the remaining connectors

v0.32.0

2024-10-10

  • Debian package installer changes.
  • OIDC Provider User Info Handler: The userinfo handler now uses the claim mapping on the client to build the response. A token cache entry will need to have a clear mapping to the client_id associated with the token.

v0.31.0

2024-10-09

  • [OIDC Provider] Add association from token cache to userinfo cache - #2592

v0.30.0

2024-10-07

  • [OIDC Provider] Store userinfo data only once - #2589

v0.29.1

2024-10-02

  • [Connectors] Infer correct protocol binding from SAML metadata - #2588

v0.29.0

2024-10-01

  • Expose ‘jose.ContentType’ in service extensions - #2587

v0.28.0

2024-10-01

  • [Connectors] Add support for login hint via subject in PingFed SAML - #2586