We are pleased to announce Kantega SSO Enterprise 6.6.
Note that changes introduced in Kantega SSO Enterprise 6.3 will trigger an update of config warning in the Configuration status page upon install. It will convert your settings for Disable Traditional Login and Disable Basic Auth to a new format.
Read the update notes for important information about this release if you’re updating from major versions 5.x or 4.x, and see the full changelog below.
In general, the latest version of Kantega SSO Enterprise is compatible with the oldest version that has not been ended of life. See Atlassian’s End-of-life (EOL) policy to get an overview of versions and EOL dates.
samloidc Improvement to redirect rules: you can now choose to redirect the users that DO NOT have a certain group membership, as opposed to only redirect users with the group membership
samloidc Fix a wider clickable area for the selects in Just-in-time provisioning
saml Added a switch to show or hide the SAML certificate expired warning flag
samloidc AUDIT log the identity provider’s name and ID for the logged in user in a successful login event
samloidc The redirect mode was missing from the Identity Provider overview page
user cleanup The last logged in attribute on users came as null for certain confluence users on the users API, leading to a match on users that were in fact not inactive.
kerberos Tag RC4-HMAC encryption as deprecated in Kerberos setup wizard
Patch CVE-2022-25927 in transitive dependency to an npm json library. We are still awaiting a released patch for CVE-2022-25927 in the maven package org.json/json, but since we do not use the affected component this is not critical.
Changes in 6.6.2
Jan 30, 2023 12:00 CET
Bug fixes, cache improvements and dependency updates
samloidc Disable browser history on client secret input field in setup wizard. This way the browser doesn’t save the values to it can auto-suggest them later.
prevent traditional login Improve caching in lookup of resources used in every-request filters when Exception groups for Prevent Traditional Login is configured
google api connector Update in-app setup guide for Google Workspace API Connector (Cloud user sync)
google api connectorFix improper pagination support in the group sync membership API which meant that only the group members in the last “page” were persisted. This likely affects all groups with more that 200 members.
saml The certificate expired warning leads to a broken URL.
Patch dependencies. Update maven-dependency-check plugin to 8.0.1.
Changes in 6.6.1
Jan 16, 2023 17:30 CET
Bug fix for User Cleanup config ui
Changes in 6.6.0
Dec 23, 2022 10:30 CET
Just-in-time into AD, improve performance user lookup , and other improvements
SAMLOIDC Just-in-time provisioning can create users in Active Directory