[Unity-idm-discuss] Release 1.4.0 available

[Krzysztof B. <go...@ic...>]

Dear All,

Finally the 1.4.0 release of Unity is available for download.
It is so far the biggest update, with exactly 200 commits, 47 solved 
tickets and several big features.

Big thanks to all our contributors, testers and auditors (in 
alphabetical order, people first): Bernd, Piotr, Rafał, Roman Krysiński, 
Shiraz, ICM, Wrocław Center For Networking and Supercomputing, ICM and 
PL-Grid guys!


The release highlights are:

* OAuth2 & OpenID Connect endpoint is now available, i.e. Unity can act 
as a standalone OAuth 2 Authorization Server with support for OpenID 
Connect specification. The current implementation is fully functional, 
however its configuration requires some manual work in Admin UI
(setting attributes, adding clients to groups) as there is no dedicated 
OAuth management UI. This will be improved in future.

* The SAML subsystem received all the most important missing features:
** Support for encryption (and decryption) of assertions.
** SAML IdP can be configured with SAML metadata in the similar way as 
it was already possible to configure SAMl authenticator. The trusted SPs 
are can be automatically extracted from the federation's metadata and 
updated at runtime.
** SAML Single Logout protocol is fully supported. This is a giant 
feature, as Unity can now logout all session participants: the upstream 
SAML IdP (if was used) and the SPs logged via Unity SAML IdP endpoint.
The logout can be initiated and performed via HTTP POST, Redirect and 
SOAP bindings, as well as by logging out from any of the Unity web UIs. 
As Single Logout may bring some problems level of its implementation is 
configurable. See the SAML Howto for details.

* LDAP authenticator was greatly enhanced:
** it is possible to use a predefined system user to obtain information 
about logged user
** it is possible to define custom, additional searches

* There is a new OAuth authenticator available, where Unity takes OAuth 
Resource Server role, checking provided OAuth Access Token against a 
configured 3rd party OAuth AS.

* Unity was subject to an extensive security audit. Implementation of 
audit recommendations hardened Unity's security.


Unfortunately one of the big planned features - translation profile 
wizard and debugger - is not included in this release due to one lately 
found issue. This great feature will be made available in the next release.

The full list of changes & updated documentation are available as always 
at http://www.unity-idm.eu

Best regards,
Krzysztof