Kantega SSO Enterprise 5.8.x release notes

Owned by Elias Brattli Sørensen
Last updated: Jun 30, 2022
2 min read

We are pleased to announce Kantega SSO Enterprise 5.8.

We recommend as always to take a backup before performing the update.
Read the update notes for important information about the updating to version 5 (and you are upgrading from 4.x), and see the full changelog below.

See the latest changes in version 5.8.11 for all products, and 5.8.12 for a special Bamboo release. Versions 5.8.1-5.8.6 and 5.8.8-5.8.9 were skipped during the release process limitations in Atlassian Marketplace during development of the new bug fix.

 

Compatible applications

Application

Compatible from version

Application

Compatible from version

Bamboo

7.0.1

Bitbucket

7.0.0

Confluence

7.4.0

Jira

8.8.0

Changelog

Feature: Allowlist exception to REST API access URLs, improvements and bugfixes

Changes in 5.8.0

May 19, 2022 17:39 CET

5.8.0 was withdrawn due to nullpointer bug discovery for those who had RML cookie enabled. Fixed in 5.8.7.

Features

  • API tokens REST API access now has allowlisted URLs that are exceptions from the blocked URLs.

Improvements

  • SAML/OIDC Validation in setup wizard is more consistent in-depth

Bug fixes

  • SAML/OIDC Remember my login (RML) cookie didn’t work on instant redirect mode

  • SAML Got incorrect error message when selecting other metadata format when Metadata URL isn’t saved

  • OIDC Null-handling bug when the initiation of OIDC fails, so the correct error message doesn’t show

Changes in 5.8.7

May 23, 2022 11:00 CET

Bug fixes

  • SAML/OIDC The fix for “Remember my login (RML) cookie didn’t work on instant redirect mode” in 5.8.0 gave nullpointer expeption.

Changes in 5.8.8-5.8.9

[Skipped due to issues with automated release process]

Changes in 5.8.10

Jun 7, 2022

Improvements

  • API tokens Version 1 of API Tokens REST API was unintentionally removed in 5.7 of Kantega SSO Enterprise. This is now reintroduced, so an update from Kantega SSO Enterprise <= 5.6.2 will be compatible and the deprecated REST service will keep working.

  • Customizable texts The message shown to users when traditional login is disabled for all users “Username / password login is disabled by your administrator”, has been made customizable.

Changes in 5.8.11

Jun 27, 2022

Bug fix in update of IP restriction configs and RC4 deprecation warning

Bug fixes

  • kerberos api tokens Bug fix in update of IP restriction configs and RC4 deprecation warning

Security

  • kerberos Added warning of deprecated cipher RC4, which will be unsupported in October

Changes in 5.8.12 [K-SSO for Bamboo only]

Jun 30, 2022

Bug fix in K-SSO for Bamboo redirect engine due to referer headers

Bug fixes

  • OIDC/SAML Fixed an issue with the redirect engine, which grabbed a referer header and applied this as the os_destination instead of the query string. This caused the cross-click on a Bamboo plan from Bitbucket to lose the context of the Bamboo plan, and instead redirect back to the base URL after SSO.