Kantega SSO Enterprise 5.1.x release notes

25 October 2021

We are pleased to announce Kantega SSO Enterprise 5.1.

Read the upgrade notes for important information about the updating to version 5 (and you are upgrading from 4.x), and see the full changelog below.

Compatible applications


Compatible from version


Compatible from version










After the large fundamental changes in 5.0, we are now stabilizing and improving the product, while still adding new functionality.

Changes in 5.1.0


  • SAML/OIDC Support reauthentication with SAML or OIDC SSO when Websudo / Secure Administrative Sessions is activated


  • Username from header Visual changes in IP lists and remove incorrect error message

  • SAML/OIDC Fix typo in setup wizard

  • SAML/OIDC Fixed incorrect error message in “Run test”

  • Kerberos GlobalMoved “Usage Counter” from Kerberos tab to Common tab

Bug fixes

  • SAML/OIDC IDP Draft name was added to redirect rule text of other IDP


Changes in 5.1.1


  • API TOKENS - REST API ACCESS Fix performance issue with unnecessary database queries to AO_xx_RESTRICT_APIENDPOINT on REST API filter

  • API TOKENS Improved more responsive user experience, fix issues with input fields not rendering properly.

Bug fixes

  • CLOUD USER sync Fixed XML encoding bug that didn’t accept emoji characters in cloud synchronization API Connectors

Security patches

DM_DEFAULT_ENCODING: String to byte or byte to string conversions using default platform encoding instead of consistent standard charset encoding
UI_INHERITANCE_UNSAFE_GETRESOURCE: Calling this.getClass().getResource(...) could give results other than expected if this class is extended by a class in another package.
XXE_DOCUMENT: XML parsing vulnerable to XML External Entities (XXE) when DocumentBuilder supports XML entities while processing XML received from an untrusted source.
OS_OPEN_STREAM_EXCEPTION_PATH: OS: Method may fail to close stream on exception

Changes in 5.1.2

Security consolidation

Consolidated logging by replacing all remaining direct references to the provided dependency of Log4j 1.2.17 with the facade Slf4j. Older versions of Kantega SSO are not affected by CVE-2021-44228, but this release mitigates risk of other vulnerabilities. Read more about the log4j vulnerability here: https://kantega-sso.atlassian.net/wiki/spaces/KSE/pages/932118634.