2.0.x release notes
What's new
Significantly Reworked Configuration Interface, Configuration Wizard and easier Troubleshooting.
Upgrade consideration
We have done very significant frontend changes in this version, which you will surely appreciate once you get to use it. We also have done an unprecedented amount of Testing/QA. Nevertheless, please make sure you don't do this upgrade lightly & take appropriate testing steps in your environment.
Data Center
If you're using a Data Center product, please also consider this note on upgrading your installation.
Changelog
2.0.15
Released on 12 January 2023 for Jira and Confluence
Fix a medium level security vulnerability potentially allowing replay attacks, see https://wiki.resolution.de/doc/saml-sso/latest/jira/security-advisories/2023-01-12-response-can-be-replayed-with-modified-id-when-only-the-assertion-is-signed.
2.0.13
Released on 3 August 2021 for Jira and Confluence
Fixes a critical security vulnerability.
Please update to this version or one of the other fix versions (5.0.5, 4.0.12, 3.6.6, 2.5.9) as soon as possible. Existing customers should have received or will soon receive a mailing with some details. They will be published in a few days.
2.0.12
Released on 24 April 2018 for Confluence
Fixed scheduler for cleaning up authentication trackers for Confluence 5.10+.
2.0.11
Released on 16 March 2018 for Jira, Confluence, Bitbucket and Bamboo
Added support for delegated directories in Crowd, this requires an additional Crowd add-on, see our knowledge base article.
Added option to disable the remote directory lookup feature introduced in 2.0.5.
Fixed a bug that could cause performance issues in large instances during the periodical cleanup of response IDs.
The cookie ‘selectedidp’, saving which IdP the user selected last time, is now marked as secure over HTTPS connections. Best-practice improvement.
2.0.10
Released on 26 February 2018 for Jira and Confluence
Fixed a bug that could prevent the add-on from starting up due to a invalid configuration if you update from add-on version 0.13.x or older.
2.0.9
Released on 12 February 2018 for Jira, Confluence, Bitbucket and Bamboo
Fixed a bug that could cause performance issues in large instances during the periodical cleanup of authentication trackers.
2.0.8
Fixed a bug that could trigger a logout redirection while executing a REST requests.
Changes specific to JIRA and Confluence
Fixed RememberMe cookie.
Fixed bug in group assignment for newly created users.
Changes specific to Bitbucket and Bamboo
RememberMe cookie is now also available for Bitbucket and Bamboo.
2.0.7
Released on 8 Jan 2018 for Jira, Confluence, Bitbucket and Bamboo
Re-enabled compatibility for JIRA 7.0.4, Confluence 5.9.1, Bitbucket 4.0.1 (see https://wiki.resolution.de/go/ssso/updateRemoteDirectory)
Fixed potential XSS vulnerability with pass-through parameter names
2.0.6
Released on 21 December 2017 for Jira
Fixed redirection to a specific dashboard after login.
2.0.5
Released on 7 December 2017 for Jira, Confluence, Bitbucket and Bamboo
Improved security: Assertion IDs are now persistently stored for a defined amount of time.
Improved export of SupportInformation for a better troubleshooting experience.
Fixed compatibility issues with Oracle and Microsoft SQL Server.
Fixed performance issue on admin page with large amount of groups in system.
Fixed several issues with connected LDAP and Crowd directories.
SSO now works with new users from delegated authentication directories.
Changes specific to Bitbucket
Fixed disabling of logout redirection for non-SSO users.
Fixed rendering error in Error Page Template.
2.0.4
Released on 7 November 2017 for Bitbucket and Bamboo
First release of SAML Single Sign On 2.0 for Bitbucket and Bamboo containing all features from 2.0.0 to 2.0.3.
2.0.3
Released on 11 October 2017 for JIRA and Confluence
Fixed potential XSS vulnerability with pass-through parameters
Metadata creation now works directly after install
Authentication Trackers now contain source IP address and request headers
Easier access to SAML Service Provider details
Improved configuration wizard, now containing Okta and OneLogin
Fixed minor frontend issues
Improved error messages if users are not synced from remote directory yet
2.0.2
Released on 25 September 2017 for JIRA and Confluence
Fixed handling of URLs containing hyphens. This could also lead to non-working hyperlinks from external applications.
IdP Selection by Request Header: Fixed matching of empty request header values. Clarified configuration in help text.
Several small bugfixes in the user interface.
2.0.1
Released on 21 September 2017 for JIRA and Confluence
Tracker-parameter is no longer passed through to the IdP
Fixed Exceptions "bundle has been uninstalled" found in the log intermittent after disabling and re-enabling the plugin
Fixed tracker getting lost if no relay state comes from the IdP
Fixed migrating empty useridTransformationRegex when updating from older version
2.0.0
Released on 8 September 2017 for JIRA and Confluence
Reworked User Interface:
IdP setup Wizard
Tabbed interface
Easier Troubleshooting with Authentication Process Tracking and downloadable Support Information
IdP-signature was not recognized when using REDIRECT-binding
Arbitrary number of certificates can be configured per IdP
Organization and Contacts in SAML Metadata
REST-endpoint for enabling/disabling redirection to IdP
Enhanced IdP selection:
Specify email domains using regular expression
Specify authentication header values using regular expressions
Allow login page instead of SAML for specific email domains or request headers
Entity ID is now editable
Custom Logged Out URL only for SSO Users
IdP-Id is now immutable, default IdP is specified by a new parameter weight
Changes specific to JIRA
Set earliest supported version to JIRA 7.0.4
Changes specific to Confluence
Set earliest supported version to Confluence 5.9.1