Kantega SSO Enterprise 5.7.x release notes

We are pleased to announce Kantega SSO Enterprise 5.7.

We recommend as always to take a backup before performing the update.
Read the update notes for important information about the updating to version 5 (and you are upgrading from 4.x), and see the full changelog below.

See the latest changes in version 5.7.2

Compatible applications


Compatible from version


Compatible from version










New API tokens REST API, SCIM in Backup & restore and IDP Wizard improvements. Rename Snapshot of Config to Backup & restore.

Changes in 5.7.0

Update issue We have received reports that API Tokens get corrupted in a Database migration when updating to version 5.7.0 or 5.7.1 (which have been withdrawn from Marketplace. Now we have released 5.7.2, which should resolve it. If you are still experiencing issues, please revert to the previous version you were on following this guide: https://kantega-sso.atlassian.net/wiki/spaces/KSE/pages/920223745, or as a workaround, simly try to refresh the tokens using the refresh API, or create new ones to replace them if you haven’t got many.

Apr 20, 2022 11:00 CET

We have discovered that the GET endpoints in API tokens REST service have a small bug, returning the tokenName field with the wrong key description. This will be fixed soon in 5.7.1. The correct data is returned upon token creation (POST) and refresh (PUT).


  • API tokens Backup & restore API tokens across environments

  • API tokens Version 2 of API tokens REST service with attribute changes due to cross-environment backup & restore. See the documentation for the latest version of the REST API here: https://kantega-sso.atlassian.net/wiki/spaces/KSI/pages/974356481/Kantega+SSO+REST+API+latest#3.-API-Tokens. (We have discovered that the GET endpoints in API tokens REST service have a bug returning the tokenName field with the wrong key. This will be fixed soon in 5.7.1)

  • SCIM Include SCIM in Backup & Restore

  • saml Added session attributes ksso.saml.session.user and ksso.saml.idp.id present on all sessions which have been logged in with SAML. This already exists for OIDC.


  • Kerberos Test page gives warning when REALM is written with lowercase letters, since REALM is case sensitive in the Kerberos specification

  • SCIM Remove possibility to set up a SCIM configuration in Bamboo, which is not supported

  • Saml/oidc Unnecessary “Draft not found” message printed in browser console in setup wizard

  • saml/oidc The flag ?noredirectsso renamed to ?noredirect

Bug fixes

  • oidc Setup wizard shows error on empty client_secret on summary page even though client_secret is optional

Changes in 5.7.1

Apr 20, 2022 15:30 CET

Bug fixes

Changes in 5.7.2

May 2, 2022 10:00 CET

Bug fixes

  • API tokens Database migration in 5.7.0-5.7.1 led to corrupted data that had to be replaced by new tokens

Security patches

  • Update jackson-databind to for new micro patch related to CVE-2020-36518