...
- IDS-963: The LDAP search for finding a ubiloginAuthMapping entry in the Ubilogin Directory, that is performed each time a user is authenticated, consumes less resources
- IDS-78: LDAPS support for SSO install.sh, export.sh and import.sh
- IDS-388: The default font size for error messages is increased from 0.8em to 1.1em
Corrections
- IDS-60: Disabled users can cannot log in to applications with accounts that are linked by User Driven Federation.
- When a user authenticates with a federated identity and a matching local account is returned by a FederationManager implementation (i.e. CIDFederationManager or UbiloginFederationTable), the local account status is now verified and the access is denied if the status is not valid.
- The workaround fix Preventing disabled users from logging in with user driven federation as described in the page User driven federation is not needed anymore.
- IDS-1014: SSO management shows doesn't disclose the client_secret for OAuth2 application agents, if one set in the Client Metadata
- When uploading a client metadata to an OAuth 2.0 application agent using the SSO Management Console, if the metadata contains a
client_secret
, theclient_secret
is now removed before storing the metadata in the agent configuration in Ubilogin Directory.- Prior to 8.3, the
client_secret
was not removed, but stored as is in the agent configuration in Ubilogin Directory.
- Prior to 8.3, the
- Furthermore, even if the
client_secret
has already been stored in the agent configuration, as may be the case for agents that have already been activated prior to SSO 8.3, theclient_secret
will now not be shown in the SSO Management Console nor in the SSO Management API.- Prior to 8.3, the
client_secret
, if set in the client metadata, was shown in SSO Management Console.
- Prior to 8.3, the
- When uploading a client metadata to an OAuth 2.0 application agent using the SSO Management Console, if the metadata contains a
- IDS-1052: OTP lists for UbiloginDirectory users created from SSO Management Console are not invalid randomly
- IDS-945: Execute flag isn't is set for the bash scripts in the Linux version
- IDS-723: The SMTP message that is sent by SMTP OTP method doesn't set sets the Date header as specified in RFC 822
- IDS-821: Some errors (such as LDAP read timeout) during password/reset don't deactivate the servlet that catches it
- IDS-437: Main Class in the MANIFEST.MF of sso-pkipolicy.jar is correct
- IDS-1074: Linux version: OpenLDAP installation script (ldap/openldap/install.sh) doesn't show an unnecessary error message ldap_modify: No such attribute (16)
Ubisecure SSO 8.3.0-RC1
New Features
...