We are pleased to announce Kantega SSO Enterprise 6.9.
Note that changes introduced in Kantega SSO Enterprise 6.3 will trigger an update of config warning in the Configuration status page upon install. It will convert your settings for Disable Traditional Login and Disable Basic Auth to a new format.
Read the update notes for important information about this release if you’re updating from major versions 5.x or 4.x, and see the full changelog below.
In general, the latest version of Kantega SSO Enterprise is compatible with the oldest version that has not been ended of life. See Atlassian’s End-of-life (EOL) policy to get an overview of versions and EOL dates.
Changes in 6.9.5
Jun 26, 2023
Add id_token_hint and client_id to OIDC RP-initated Single logout flow
oidc Identity providers have started to require the RECOMMENDED parameter id_token_hint in the RP-initiated Single Logout flow. Our single logout calls now include the parameters id_token_hint and client_id when redirecting to the logout endpoint at the Identity Provider.
Changes in 6.9.4
May 26, 2023
Fix Kerberos from clients requiring mutual authentication. Smaller fixes.
LDAP Introduced optional disabling LDAP/AD query escaping for backwards compatibility. Feature switch found in /plugins/servlet/no.kantega.kerberosauth.kerberosauth-plugin/dark-features
kerberos Introducing support for mutual authentication required in Python and other Kerberos clients. kerberos Added “Allow using Kerberos for REST calls containing the 'referer' header” option.
kerberos Fixed bug introduced in v. 6.6.2 that caused Python clients not be able to use Kerberos if mutual authentication was required or optional.
BITBUCKET Avoid IllegalArgumentException errors in log in certain situations during log
Changes in 6.9.3
May 18, 2023
Same as 6.9.2, re-release for Atlassian Marketplace due to broken upload
Changes in 6.9.2
May 15, 2023 18:30 CEST
Fixed max valid for parameter validation when API tokens created by users
Fixed 'max valid for' parameter validation when API tokens created by non System Administrator users
Api tokens page will no longer create tokens on page refresh after a token has been created
Increased http client connection and read timeout for OIDC requests
MFA tab Request for Comments (RFC), please send us feedback on what you would like to see in Multi-factor authentication tab, supported standards, supported apps
Changes in 6.9.1
May 12, 2023 12:30 CEST
Dependency updates. SCIM additional characters. More git URL configure options
SCim Support for additional characters / and + in group names
BITBUCKETGIT Allow sysadmin to configure Kerberos git URL format with username@ or :@ to be compatible with different git clients.
Changes in 6.9.0
Apr 18, 2023 15:30 CEST Confluence SSO sign-ins logged in audit log at FULL level. User Cleanup performance revamp.
User cleanup performance revamp, the cleanup will now work in a background process also for test run, much faster performance.
User cleanup group selector will now support very large numbers of groups, above 500 groups will require the user to start typing to see top 500 search results. It’s possible to search for multiple words separated by space.
User cleanup will now use start of the day timestamp as base for comparing with last login date/user creation date.
User cleanup remove from group action will now search groups in read only directories and respect the directory exclusions. The users in read only directories are not modified but their group membership might be modified.
Confluence SSO sign-ins logged in audit log at FULL level. Event emitted on successful login.