Kantega SSO Enterprise 6.6.x release notes

Changes in 6.6.3

Feb 16, 2023 11:30 CET

Bug fixes, redirect rules improvement, security patch

Improvements

• saml oidc Improvement to redirect rules: you can now choose to redirect the users that DO NOT have a certain group membership, as opposed to only redirect users with the group membership

• saml oidc Fix a wider clickable area for the selects in Just-in-time provisioning

• saml Added a switch to show or hide the SAML certificate expired warning flag

• saml oidc AUDIT log the identity provider’s name and ID for the logged in user in a successful login event

Bug fixes

• samloidc The redirect mode was missing from the Identity Provider overview page

• user cleanup The last logged in attribute on users came as null for certain confluence users on the users API, leading to a match on users that were in fact not inactive.

Security

• kerberos Tag RC4-HMAC encryption as deprecated in Kerberos setup wizard

• Patch CVE-2022-25927 in transitive dependency to an npm json library. We are still awaiting a released patch for CVE-2022-25927 in the maven package org.json/json, but since we do not use the affected component this is not critical.

Changes in 6.6.2

Jan 30, 2023 12:00 CET

Bug fixes, cache improvements and dependency updates

Improvements

• saml oidc Disable browser history on client secret input field in setup wizard. This way the browser doesn’t save the values to it can auto-suggest them later.

• prevent traditional login Improve caching in lookup of resources used in every-request filters when Exception groups for Prevent Traditional Login is configured

• google api connector Update in-app setup guide for Google Workspace API Connector (Cloud user sync)

Bug fixes

• google api connectorFix improper pagination support in the group sync membership API which meant that only the group members in the last “page” were persisted. This likely affects all groups with more that 200 members.

• saml The certificate expired warning leads to a broken URL.

Security

• Added Software Bill of Materials for frontend resources. It can be found packaged with the jar bundle, under SBOM, acting as a bill for the packages javascript resources bundled with the app. The maven SBOM can be found in the release notes text in the given release in the Marketplace listing.

• Patch dependencies. Update maven-dependency-check plugin to 8.0.1.

Changes in 6.6.1

Jan 16, 2023 17:30 CET

Bug fixes

• Bug fix for User Cleanup config ui

Changes in 6.6.0

Dec 23, 2022 10:30 CET

Just-in-time into AD, improve performance user lookup , and other improvements

Features

• SAML OIDC Just-in-time provisioning can create users in Active Directory

• JIRA Publish BeforeUserAuthenticate event to help Atlassian cache handle logins over multiple servers https://community.developer.atlassian.com/t/publishing-beforeuserauthenticate-event/63352

• Prevent Traditional Login Notify admin user if username/password was used to log into K-SSO admin and he is about to lock himself out with this user

• Kerberos Improved user lookup to reduce the number of username searches during login

Improvments

• SAML Support for SAML key storage in other filename than SHA256 thumbprint. Created guide on how to use CA signed SAML request keys: https://kantega-sso.atlassian.net/l/cp/0K81JBjR

• SAML OIDC Allow username to be sent as login_hint to IdPs when redirect mode is set to Fallback

• Remove cancel link during instant redirect. As before you may add ?noredirect in URL to stop instant redirect.

Bug fixes

• SAML OIDCKerberos Fix behaviour on Force login when using up instant redirect to IdP in combination with Kerberos login