What's new

Single Logout, Find user by Email, Disable password login

Upgrade consideration

Under certain circumstances, it can happen that the parameter Logout Binding in the IdP-configuration is set to POST or REDIRECT. It should be set to DISABLE by default.

Please check this value for any configured IdP and set it to DISABLED unless you explicitly want to enable single logout.

  • SAML authentications created by the Addon are signed by default now. We recommend that you update the Addon's SAML Metadata on your IdP after upgrading to insure that the Addon's signing certificate is available.
  • The "disable nosso" feature updated the page templates. If you have modified the page templates, the "Login with username and password" link won't disappear from the login pages if you enable this feature.
  • We introduced the new JSON configuration version 4. Automated scripts using the undocumented PUT /config REST API might have to be modified:
    • Breaking: An IdP's logoutBinding must be set to "DISABLED" unless single logout is to be enabled. In that case, the postBindingLogoutURL or redirectBindingLogoutURL must be set. During migration, we set it to DISABLED if both these fields are empty.
    • Added: Several fields have been added to accommodate the above mentioned changes. Their defaults reflect the current behavior, so you only need to modify them if you want to change this behavior.

Data Center

No special considerations apply for this update, general Datacenter installations guidelines apply.

Changelog

2.1.1

Released on 24 April 2018 for Confluence

  • Fixed scheduler for cleaning up authentication trackers for Confluence 5.10+.

2.1.0

Released on 17 April 2018 for Jira, Confluence, Bitbucket and Bamboo

  • Single Logout. We have tested this feature extensively, but still consider it as experimental. Read more about this feature here.
  • Find user by Email. Ability to match the UserID IdP attribute against email instead of username.
  • Ability to disable the "nosso" login parameter. This is generally not recommended, but may be necessary for compliance reasons. If you can't access the config page afterwards, your can read in our documentation how to reenable the nosso login.
  • Ability to disable user creation while keeping user update active.
  • Ability to create groups.
  • Fixed group assignment with mixed lowercase/uppercase group names.

  • Fixed ArrayIndexOutOfBoundsException while creating RequestInfo JSON.
  • Fixed error with MySQL that prevented trackers from cleanup.

Changes specific to JIRA

  • Fixed logout redirection in Service Desk Customer Portal.

Changes specific to Confluence

  • None

Changes specific to Bitbucket

  • Captcha is reset on successful Single Sign On.
  • Fixed a bug that prevented REST requests from working.

Changes specific to Bamboo

  • User creation and update is now also available for Bamboo.
  • Bamboo users can now be enabled on Single Sign On.
  • Captcha is reset on successful Single Sign On.