[Unity-idm-discuss] New 2.4.0 release

[Krzysztof B. <kb...@un...>]

Dear Subscribers,


I'm happy to announce that 2.4.0 is available.

The main theme was to allow for quicker and easier setup in case of 
typical authentication integration scenarios.

The highlights are:

  * Unity now contains two *predefined attribute type sets*: common and
    eduPerson. The common set includes nearly 50 attribute types which
    should completely fulfill needs of majority of deployments. The set
    includes attributes with sensible settings which are counterparts of
    all commonly found user attributes. This set is loaded by default
    (via configuration module). The eduPerson set is not loaded by
    default. It includes couple of attributes of the eduPerson schema
    which are not found in the common set. You can freely edit and/or
    remove those standard attributes from AdminUI. What is more it is
    now possible to export and import attribute types to/from JSON, as
    well as (re-)import attribute types from the always available
    predefined sets described above.
  * For each supported external OAuth identity provider (e.g. Dropbox,
    Facebook, GitHub, Google, ...) a complete mapping of attributes to
    Unity standard attributes is now provided as a *ready to use system
    input translation profile*. Thanks to it the configuration of those
    providers requires only 3 parameters: type, client id and client
    secret. We have cleaned the providers, updated them to use current
    APIs. LinkedIn was added to the set of supported providers together
    with... Unity - so that one Unity instance can be easily configured
    to use other one.
  * There is also a symmetric change: Unity offers ready to use output
    profiles which translates the Unity attributes to the naming and
    syntax used by a protocol. For instance there is a *default
    OpenIdConnect output profile* which makes Unity returning standard
    OIDC attributes without any additional configuration effort.
  * Of course not always default mappings (either in or out) are fully
    sufficient. We have enhanced the translation profiles subsystem so
    now one *profile may include* (and optionally overwrite) definitions
    of *other profile*. This is especially useful to create a
    customized/enhanced version of any of the standard profiles.
  * Most of the development time in this release was spent on something
    bringing a little end-user value: update to the new major release of
    *Vaadin 8* - a web UI foundation used by Unity. This change enables
    many further planned developments, but already now you should be
    able to see some difference:
      o all icons were unified to font ones from a single set,
      o 'hamburger menus' are used in few places to hide rarely used
        operation icons,
      o the translation profile edit screen was significantly improved:
        is using dense formatting, supports collapsing rules, which can
        be dragged to easily control their order.
  * Unity now ships with a default, system password credential with
    reasonable security settings. It is used as a default credential for
    the initial admin user and always when creating admin user in
    emergency (lost admin account). There are also default system
    credential requirements provided.
  * *Date & time attribute syntax* were added.
  * *User import* functionality which so far was only possible on 3rd
    party query SAML/SOAP endpoint now is available on all IdP like
    endpoint (SAML, OAuth). It can be plugged just before output profile
    execution to import additional information about the user by a query
    to external system. Currently local OS users store and LDAP are
    supported, but we may add more providers in future.
  * There were few enhancements in the *output profiles*:
      o OAuth client's attributes can be used in expressions
      o it is possible to redirect the user to external URL instead of
        completing the regular protocol flow.


There were also many other, smaller improvements including: attribute 
values are never cut on UI, it is possible to configure Unity to be 
invisible login proxy (no UI presented), confirmation link validity is 
configurable now.

Note we also added a new - SMS - notification channel. It is not very 
useful so far (you can use it for sending registration request related 
notifications) but will be a fundamental element of the features coming 
in the next release.

See http://www.unity-idm.eu/downloads

Best regards,
Krzysztof