Orchestrator build release notes
For older release notes, see the release notes archive.
v0.65.1
2024-12-18
- LDAP Provider validation log now correctly reflects associated errors.
v0.61.0
2024-12-16
- CA cert is no longer a required field when setting up HashiCorp Vault as a secret provider.
v0.60.0
2024-12-13
- The orchestrator now uses the configuration SDK to validate OIDC provider configuration.
v0.59.0
2024-12-10
- The orchestrator now uses the configuration SDK to validate Single Logout (SLO) configuration.
v0.58.0
2024-12-10
Multiple OIDC callback URLs can now be configured for login and logout. The new style of OIDC connector syntax now supports use cases that require dynamic URLs for OIDC logins and logouts.
With this change, an identity admin can define a single callback URL pattern and allow for the host of the callback URL to be dynamic. As a result,
oauthRedirectURL
andoidcLogoutCallbackURL
syntax have been deprecated with this update. The new syntax isoauthLoginRedirect
andoauthLogoutRedirect
.
v0.56.0
2024-11-29
- This release enables the re-use of
http.Client
across different service extensions instead of creating new ones repetitively.
v0.55.0
2024-11-29
- The orchestrator now supports dynamic redirect URLs for logout for OIDC apps.
v0.54.1
2024-11-29
- A bug was fixed to now allow authentication requests without the ACS URL defined.
v0.54.0
2024-11-27
- Users can now use the
ES256
key algorithm when signing JWT for use in OAUTH client authentication.
v0.53.0
2024-11-27
- Adds enhancements to the HTTP Server to allow for configuration of HTTP endpoint timeouts. A conservative default value of 15 seconds is used which could impact existing deployments. For more info, please see the docs.
v0.52.0
2024-11-26
- Adds enhancements to the HTTP Server to allow for configuration of connection timeouts. These changes include conservative default values for all timeouts which could impact existing deployments. For more info, please see the docs.
Configuration | Default Value |
---|---|
http.readTimeoutSeconds | 20 seconds |
http.readHeaderTimeoutSeconds | 5 seconds |
http.writeTimeoutSeconds | 20 seconds |
http.idleTimeoutSeconds | 60 seconds |
v0.51.0
2024-11-21
- Dynamic OIDC redirects are now supported in OIDC Connector.
v0.50.2
2024-11-21
- Logging has been improved when JWT bearers are used for client authentication. A minor bug in terms of how tokens are validated has also been resolved.
v0.50.1
2024-11-20
- Resolve CVE-2024-9143 by updating libssl3 and libcrypto3.
v0.50.0
2024-11-20
- Enable use of JWT for client authentication with client_credentials grant.
v0.49.0
2024-11-19
- Multiple ConsumerServiceURLs per SAML app are now supported.
v0.48.1
2024-11-15
- Orchestrator uses a POST binding when available on SAML login.
v0.48.0
2024-11-15
- You can now load Windows Store certs using Hashicorp Vault.
v0.47.0
2024-11-13
- Log level settings are reloadable.
v0.46.0
2024-11-13
- ECDH certs can now be loaded from Windows Cert Store.
v0.45.0
2024-11-08
- CRL revocation is now supported for TLS. See docs.
v0.44.5
2024-11-08
- Resolved issue where cached SAML requests were failing to be unmarshaled due to the POST binding not supporting compressed requests.
v0.44.2
2024-11-04
- Service extensions can now be used in conjunction with attribute providers for SAML and OIDC.
v0.44.1
2024-10-31
- SAML apps now successfully log errors if attempts to load attributes are not found or not defined.
v0.44.0
2024-10-30
- Online Certificate Status Protocol (OCSP) is now supported to allow clients and servers to check the revocation status of their peer’s certificate. See docs.
v0.43.0
2024-10-29
- An error logger has been added to the HTTP server to make TLS handshake errors in Windows visible in the event viewer.
v0.42.0
2024-10-25
- Only tokens issues with the
openid
scope can be used at theuserinfo
endpoint.
v0.41.0
2024-10-25
- Support for mTLS cert authentication on HashiCorp Vault for Linux.
v0.40.0
2024-10-22
- Minor internal improvements
v0.39.0
2024-10-22
- As part of Orchestrator on Ubuntu, Debian artifacts are now included in Maverics releases.
- The Orchestrator health configuration is now reloadable, facilitating changes in the UI being pushed down to Orchestrator without requiring a restart.
v0.38.0
2024-10-18
- Minor internal improvements
v0.37.0
2024-10-17
- Improvements to the generic SAML health check HTTP client.
v0.36.0
2024-10-17
- TLS Unmarshalling has been reworked to simplify and combine multiple constructors.
v0.35.0
2024-10-17
- OIDC Provider:
sub
andclient_id
claims can now be overwritten via service extension. ID token generation has also been updated to no longer include theclient_id
claim by default.
v0.33.0
2024-10-15
- Debian package installer changes.
- Consolidate connector ‘Login’ logic where duplicated: In a handful of connectors,
Login
logic was duplicated between the login requester and the connector object itself. In other connectors, the connectorLogin
is a thin wrapper around theloginRequester
. This PR consolidates logic in the remaining connectors
v0.32.0
2024-10-10
- Debian package installer changes.
- OIDC Provider User Info Handler: The userinfo handler now uses the claim mapping on the client to build the response. A token cache entry will need to have a clear mapping to the
client_id
associated with the token.
v0.31.0
2024-10-09
- [OIDC Provider] Add association from token cache to userinfo cache - #2592
v0.30.0
2024-10-07
- [OIDC Provider] Store userinfo data only once - #2589
v0.29.1
2024-10-02
- [Connectors] Infer correct protocol binding from SAML metadata - #2588
v0.29.0
2024-10-01
- Expose ‘jose.ContentType’ in service extensions - #2587
v0.28.0
2024-10-01
- [Connectors] Add support for login hint via subject in PingFed SAML - #2586