In general, the latest version of Kantega SSO Enterprise is compatible with the oldest version that has not been ended of life. See Atlassian’s End-of-life (EOL) policy to get an overview of versions and EOL dates.
Changelog
Excerpt
Changes in 6.9.
0
5
15:30 CEST Confluence SSO sign-ins logged in audit log at FULL level. User Cleanup performance revamp.
Features
User cleanup performance revamp, the cleanup will now work in a background process also for test run, much faster performance.
User cleanup group selector will now support very large numbers of groups, above 500 groups will require the user to start typing to see top 500 search results. It’s possible to search for multiple words separated by space.
User cleanup will now use start of the day timestamp as base for comparing with last login date/user creation date.
User cleanup remove from group action will now search groups in read only directories and respect the directory exclusions. The users in read only directories are not modified but their group membership might be modified.
Confluence SSO sign-ins logged in audit log at FULL level. Event emitted on successful login.
Changes in 6.9.1
12:30 CEST
Dependency updates. SCIM additional characters. More git URL configure options
Security patches
Dependency updates
Features
Status
colour
Green
title
SCim
Support for additional characters / and + in group names
Status
colour
Purple
title
BITBUCKET
Status
colour
Yellow
title
GIT
Allow sysadmin to configure Kerberos git URL format with username@ or :@ to be compatible with different git clients.
Changes in 6.9.2
18:30 CEST
Fixed max valid for parameter validation when API tokens created by users
Bug fixes
Fixed 'max valid for' parameter validation when API tokens created by non System Administrator users
Api tokens page will no longer create tokens on page refresh after a token has been created
Increased http client connection and read timeout for OIDC requests
Features
MFA tab Request for Comments (RFC), please send us feedback on what you would like to see in Multi-factor authentication tab, supported standards, supported apps
Changes in 6.9.3
Same as 6.9.2, re-release for Atlassian Marketplace
Add id_token_hint and client_id to OIDC RP-initated Single logout flow
Improvements
Status
colour
Red
title
oidc
Identity providers have started to require the RECOMMENDED parameter id_token_hint in the RP-initiated Single Logout flow. Our single logout calls now include the parameters id_token_hint and client_id when redirecting to the logout endpoint at the Identity Provider.
Changes in 6.9.4
Fix Kerberos from clients requiring mutual authentication. Smaller fixes.
Improvements
Status
colour
Green
title
LDAP
Introduced optional disabling LDAP/AD query escaping for backwards compatibility. Feature switch found in /plugins/servlet/no.kantega.kerberosauth.kerberosauth-plugin/dark-features
Status
title
kerberos
Introducing support for mutual authentication required in Python and other Kerberos clients.
Status
title
kerberos
Added “Allow using Kerberos for REST calls containing the 'referer' header” option.
Info
Confluence users can experience that when “Allow using Kerberos for REST calls containing the 'referer' header” option is off, confluence-search-ui-plugin will navigate the browser to login.action if the session expires and a call to /rest/api/search returns 401 or 403. If the option has to be off, a mitigation might be to increase the session expiry timeout: https://confluence.atlassian.com/confkb/how-to-adjust-the-session-timeout-for-confluence-126910597.html
Bug fixes
Status
title
kerberos
Fixed bug introduced in v. 6.6.2 that caused Python clients not be able to use Kerberos if mutual authentication was required or optional.
Status
colour
Purple
title
BITBUCKET
Avoid IllegalArgumentException errors in log in certain situations during log
Changes in 6.9.3
Same as 6.9.2, re-release for Atlassian Marketplace due to broken upload
Changes in 6.9.
5
2
Add id_token_hint and client_id to OIDC RP-initated Single logout flow
Improvements
18:30 CEST
Fixed max valid for parameter validation when API tokens created by users
Bug fixes
Fixed 'max valid for' parameter validation when API tokens created by non System Administrator users
Api tokens page will no longer create tokens on page refresh after a token has been created
Increased http client connection and read timeout for OIDC requests
Features
MFA tab Request for Comments (RFC), please send us feedback on what you would like to see in Multi-factor authentication tab, supported standards, supported apps
Changes in 6.9.1
12:30 CEST
Dependency updates. SCIM additional characters. More git URL configure options
Security patches
Dependency updates
Features
Status
colour
Green
title
SCim
Support for additional characters / and + in group names
Status
colour
Purple
title
BITBUCKET
Status
colour
RedYellow
title
oidc
Identity providers have started to require the RECOMMENDED parameter id_token_hint in the RP-initiated Single Logout flow. Our single logout calls now include the parameters id_token_hint and client_id when redirecting to the logout endpoint at the Identity Provider
GIT
Allow sysadmin to configure Kerberos git URL format with username@ or :@ to be compatible with different git clients.
Changes in 6.9.0
15:30 CEST Confluence SSO sign-ins logged in audit log at FULL level. User Cleanup performance revamp.
Features
User cleanup performance revamp, the cleanup will now work in a background process also for test run, much faster performance.
User cleanup group selector will now support very large numbers of groups, above 500 groups will require the user to start typing to see top 500 search results. It’s possible to search for multiple words separated by space.
User cleanup will now use start of the day timestamp as base for comparing with last login date/user creation date.
User cleanup remove from group action will now search groups in read only directories and respect the directory exclusions. The users in read only directories are not modified but their group membership might be modified.
Confluence SSO sign-ins logged in audit log at FULL level. Event emitted on successful login.