In general, the latest version of Kantega SSO Enterprise is compatible with the oldest version that has not been ended of life. See Atlassian’s End-of-life (EOL) policy to get an overview of versions and EOL dates.
Application
Compatible from Server version
Compatible from Data Center version
Bamboo
7.2.1
8.0.1
Bitbucket
7.6.0
7.6.0
Confluence
7.9.0
7.9.0
Jira
8.12.0
8.12.0
Changelog
Kantega SSO Enterprise takes steps toward being a more complete user management tool. User cleanup in combination with just-in-time user provisioning powers a smooth automatic user management in Jira.
Excerpt
Changes in 6.1.
0
3
20 Oct 1114:00 CET
Cleanup inactive users, improvements and bug fixes
Features
Improvements
Status
colour
GreenYellow
title
user cleanup
Found in the Common tab. Cleanup inactive users automatically. Combines well with Just-in-time user provisioning to automatically keep active accounts licensed, but disabling or de-licensing user that haven’t logged in for a while. Can also configure a schedule that checks in a configurable interval for users that have gone inactive. The user cleanup feature also offers a REST API that can be used if you’d like to perform automation with scrips.
Improvements
Status
colour
Blue
title
kerberos
Improve Kerberos test page with a check of inconsistent base URL that indicates incorrect proxy config.
Bug fixes
Status
colour
Purple
title
SAML/OIDC
IDP setup drafts were not deleted on Windows server due to an unreleased lock that came from an unclosed resource.
Status
colour
Purple
title
SAML/OIDC
Test result page had a weakness with default values of email and name attribute
bamboo
Added decryption of LDAP password in Bamboo to fix LDAP connection after encryption was introduced in 9.0.3.
Dependency updates
Updated a library with jackson-databind dependency that patches CVE-2022-42003
Changes in 6.1.2
19:30 CET
Fix: Changed log level from error to debug on user not found
Improvements
The debug level was error on user not found, which lead to too much noise in the logs.
Changes in 6.1.1
19:00 CET
Improvements, dependency updates and bug fixes
Improvements
Status
colour
Purple
title
saml
Offer ACS URL validator in wizard for OneLogin, as this is a required field in the OneLogin SAML setup
Status
colour
Purple
title
saml
Save target URL in HTTP session for IDPs that are unable to give the correct relayState back after redirect. Use proper UTF-8 encoding for sending relay state URLs to IDP.
Status
colour
Yellow
title
websudo
More logging for websudo and minor improvement to SSO-websudo flow
Status
colour
Blue
title
kerberos
Improve Kerberos test page with more insights when DNS lookup fails
Bug fixes
Status
colour
Green
title
SCIM
Backup / restore of SCIM was broken in 6.1.0 due to a deserialization and file-handling issue.
Status
title
common
The authentication menu item turned up twice in the Common tab for global settings
Dependency updates
Minor npm packages patched with npm audit. Due do incompatibilities with @emotion/utils in different @atlaskit packages, we had to add a temporary override to even build npm. This will hopefully be unneccessary soon.
diff --git a/pom.xml b/pom.xml
--- a/pom.xml
+++ b/pom.xml
@@ -748,12 +748,12 @@
<dependency>
<groupId>com.ksso</groupId>
<artifactId>scim-lib</artifactId>
- <version>1.20</version>
+ <version>1.21</version>
</dependency>
<dependency>
<groupId>no.kantega.saml</groupId>
<artifactId>saml-lib</artifactId>
- <version>1.39</version>
+ <version>1.40</version>
</dependency>
<dependency>
<groupId>com.microsoft.azure</groupId>
@@ -841,7 +841,7 @@
<dependency>
<groupId>org.apache.directory.api</groupId>
<artifactId>api-ldap-client-api</artifactId>
- <version>2.1.0</version>
+ <version>2.1.2</version>
</dependency>
<dependency>
<groupId>commons-io</groupId>
@@ -872,7 +872,7 @@
<dependency>
<groupId>org.json</groupId>
<artifactId>json</artifactId>
- <version>20220320</version>
+ <version>20220924</version>
</dependency>
<dependency>
<groupId>commons-net</groupId>
@@ -1064,7 +1064,7 @@
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15to18</artifactId>
- <version>1.71</version>
+ <version>1.72</version>
</dependency>
<dependency>
<groupId>com.atlassian.confluence</groupId>
@@ -1412,7 +1412,7 @@
<httpPort>2990</httpPort>
<useHttps>true</useHttps>
<fasterxml.jackson.version>2.13.4</fasterxml.jackson.version>
- <msal4j.version>1.13.1</msal4j.version>
+ <msal4j.version>1.13.2</msal4j.version>
<!-- We are staying a bit behind on activeobjects so that we are staying compatible
with the oldest host product versions we're supporting. Activeobjects has provided scope,
but we need to stay somewhat on the same timeline -->
@@ -1437,7 +1437,6 @@
<jax-rs.atlassian-rest.osgi.version>${javax.ws.rs.version}</jax-rs.atlassian-rest.osgi.version>
<jersey.atlassian-rest.osgi.version>${jersey.version}</jersey.atlassian-rest.osgi.version>
<atlassian.spring.scanner.version>2.2.4</atlassian.spring.scanner.version>
-
<spring.version>4.3.18.RELEASE</spring.version>
<serberuhs.version>1.21</serberuhs.version>
<atlassian.plugin.key>${project.groupId}.${project.artifactId}
@@ -1449,7 +1448,7 @@
<slf4j.version>1.7.32</slf4j.version>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<jetty.version>9.4.48.v20220622</jetty.version>
- <prometheus.version>0.8.0</prometheus.version>
+ <prometheus.version>0.16.0</prometheus.version>
<spotless.version>2.21.0</spotless.version>
<ksso.build.nodeenv>production</ksso.build.nodeenv>
<ksso.build.pipeline.id />
Changes in 6.1.2
19:30 CET
Fix: Changed log level from error to debug on user not found
Improvements
The debug level was error on user not found, which lead to too much noise in the logs.
Changes in 6.1.3
14:00 CET
Improvements
Status
colour
Yellow
title
bamboo
Added decryption of LDAP password in Bamboo to fix LDAP connection after encryption was introduced in 9.0.3.
Dependency updates
Updated a library with jackson-databind dependency that patches CVE-2022-42003
Changes in 6.1.0
11:00 CET
Cleanup inactive users, improvements and bug fixes
Features
Status
colour
Green
title
user cleanup
Found in the Common tab. Cleanup inactive users automatically. Combines well with Just-in-time user provisioning to automatically keep active accounts licensed, but disabling or de-licensing user that haven’t logged in for a while. Can also configure a schedule that checks in a configurable interval for users that have gone inactive. The user cleanup feature also offers a REST API that can be used if you’d like to perform automation with scrips.
Improvements
Status
colour
Blue
title
kerberos
Improve Kerberos test page with a check of inconsistent base URL that indicates incorrect proxy config.
Bug fixes
Status
colour
Purple
title
SAML/OIDC
IDP setup drafts were not deleted on Windows server due to an unreleased lock that came from an unclosed resource.
Status
colour
Purple
title
SAML/OIDC
Test result page had a weakness with default values of email and name attribute