Menu
▾
▴
unity-idm-discuss — Unity discussion and support
You can subscribe to this list here.
| 2014 |
Jan
(3) |
Feb
(1) |
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
(2) |
Aug
(2) |
Sep
|
Oct
(3) |
Nov
|
Dec
(1) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2015 |
Jan
(20) |
Feb
(3) |
Mar
|
Apr
|
May
|
Jun
(15) |
Jul
(1) |
Aug
(7) |
Sep
(13) |
Oct
(2) |
Nov
(10) |
Dec
(1) |
| 2016 |
Jan
|
Feb
(2) |
Mar
|
Apr
(2) |
May
(1) |
Jun
|
Jul
(1) |
Aug
(2) |
Sep
(11) |
Oct
(7) |
Nov
(6) |
Dec
(11) |
| 2017 |
Jan
(10) |
Feb
(5) |
Mar
(27) |
Apr
(34) |
May
(25) |
Jun
(14) |
Jul
(7) |
Aug
(17) |
Sep
(11) |
Oct
(6) |
Nov
(14) |
Dec
(10) |
| 2018 |
Jan
(8) |
Feb
(19) |
Mar
(40) |
Apr
(9) |
May
(16) |
Jun
(23) |
Jul
(31) |
Aug
(7) |
Sep
(9) |
Oct
(6) |
Nov
(14) |
Dec
(19) |
| 2019 |
Jan
(4) |
Feb
(6) |
Mar
(1) |
Apr
(2) |
May
(6) |
Jun
(3) |
Jul
|
Aug
|
Sep
|
Oct
(2) |
Nov
(19) |
Dec
(14) |
| 2020 |
Jan
(10) |
Feb
(24) |
Mar
(49) |
Apr
(26) |
May
(12) |
Jun
(4) |
Jul
(13) |
Aug
(32) |
Sep
(13) |
Oct
(10) |
Nov
(4) |
Dec
(16) |
| 2021 |
Jan
(2) |
Feb
(8) |
Mar
(15) |
Apr
(19) |
May
(5) |
Jun
(13) |
Jul
(6) |
Aug
(38) |
Sep
(11) |
Oct
(18) |
Nov
(11) |
Dec
(13) |
| 2022 |
Jan
(10) |
Feb
(21) |
Mar
(28) |
Apr
(3) |
May
(7) |
Jun
(9) |
Jul
(14) |
Aug
(13) |
Sep
(8) |
Oct
(29) |
Nov
(1) |
Dec
(21) |
| 2023 |
Jan
(19) |
Feb
(9) |
Mar
|
Apr
(10) |
May
(7) |
Jun
(10) |
Jul
(14) |
Aug
(17) |
Sep
(1) |
Oct
(9) |
Nov
(5) |
Dec
(14) |
| 2024 |
Jan
(12) |
Feb
(2) |
Mar
(8) |
Apr
(1) |
May
(6) |
Jun
(6) |
Jul
(24) |
Aug
(15) |
Sep
(1) |
Oct
(6) |
Nov
(20) |
Dec
(14) |
| 2025 |
Jan
(12) |
Feb
(2) |
Mar
(10) |
Apr
(11) |
May
(13) |
Jun
(1) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Krzysztof B. <go...@ic...> - 2014-07-17 14:13:14
|
Dear All, Release 1.3.0 is ready. It features a great amount of of new features. Before upgrading be sure to review update documentation: upgrade process was simplified but caution is still needed. For those using snapshot builds of 1.3.0 the automatic update not work. In such a case export to JSON and import to clean database is required. Details and download link are in the usual location: http://www.unity-idm.eu/site/downloads The most important changes: -) A new endpoint supporting SAML ECP protocol was added. The endpoint allows for using Unity to bootstrap the ECP login (i.e. Unity is a SP). -) A new RESTful endpoint was added, allowing to query the Unity database in a simple way. -) OAuth2 and OpenID Connect remote authentication is possible now. Tested with Google, Microsoft Live and Facebook providers. -) Translation profiles were greatly enhanced and improved. There two kinds of translation profiles now: input and output. The input profiles have the same purpose as the former translation profiles, but the actions were refactored so their creation is much simpler, intuitive and at the same time much more flexible. The output profiles are a new concept, allowing to dynamically change the data which is returned via the IdP endpoints. The new functionality of translation profiles allows for creating ad-hoc identities and attributes with complex contents. What is also very important the documentation was greatly improved, contains many examples and the Admin UI offer a greater help during edit. -) It is possible to configure remote SAML authenticator with a SAML metadata, what allows to set its trust in a simple way. It is also possible to use metadata of several federations and to override some of the automatically imported manually. -) Unity was updated to use latest web framework release what should improve login experience a lot: --) page address doesn't change on the authentication screen, --) remote authentication has no lag after returning to Unity, --) rare hangs of the remote authentication were eliminated. -) There is a number of smaller Admin UI improvements: --) simple identities search --) it is possible to see source IdP, profile and timestamps of identities and attributes obtained remotely. --) it is possible to remove many rows of tables at once. -) Registration forms can be configured to be automatically accepted when custom conditions are fulfilled. -) Dynamic, automatically created identities framework was refactored fixing several bugs. Additionally it is possible to inspect automatically created identities in the Admin UI and even to manually clean them. -) There is a new JWT authentication method, useful for keeping login sessions for RESTful interface. Best regards, Krzysztof |
|
From: Krzysztof B. <k.b...@ic...> - 2014-04-16 11:35:31
|
Dear All, Release 1.2.0 was delayed, but finally it is available. It features a great amount of bugfixes and couple of new features. The most important changes: * MySQL support is fixed. * The login sessions support is complete (the previous versions had this pretty limited). This allowed for introducing a couple of new features and will allow for more in the future. In particular: ** The standard and popular targeted transient and persistent identity types are available and can be used with SAML endpoints. ** A new concept of authentication realm allows for configuring login settings of several endpoints once, at the same time enabling cross-endpoint single sign on and logout. ** Login sessions are shared between redundant instances of Unity ** It is possible to turn on a 'remember me' authentication feature. * An interface to edit message templates was added. Message templates are now typed and can be used only if matching. * Translation profiles can be edited with a new GUI of the Admin UI. It is much easier than the JSON file editing. * A new identity type was added to cover an opaque identifier, typically imported from external IdP. Further details and download link are in the usual location: http://www.unity-idm.eu/site/downloads Best regards, Krzysztof |
|
From: Krzysztof B. <go...@ic...> - 2014-02-17 13:24:18
|
Dear All, The version 1.1.0 of Unity was just released. The release 1.1.0 brings a lot of improvements over 1.0.0, making it more production ready. The main theme of the release is the SAML support. The most important changes: * A new remote authentication option was added: SAML 2 with support for both HTTP Redirect and POST bindings. When using this authenticator Unity acts as a SAML Service Provider. * The SAML IdP endpoint supports now the SAML HTTP Redirect binding alongside with the previously supported POST binding. * Both SAML Service Provider (of each configured remote SAML authenticator) and SAML IdP (of each deployed endpoint) can generate and publish SAML Metadata. Also publication and signing of a custom SAML Metadata is possible. * A number of components were added to the Web Admin UI, which allow administrators to inspect the details of deployed endpoints, authenticators and translation profiles. It is also possible to reload all of them, without restarting the server, what is useful after configuration changes. * A centralized PKI management was introduced. Credentials, certificates and truststores are configured in a single place. All relaying Unity components are configured with a reference of required PKI artifact only. The 1.1.0 release was extensively and successfully tested against Shibboleth SP, Shibboleth IdP and SimpleSAMLPhp acting both as SP or IdP for Unity. A detailed changelog and download links can be found here: http://www.unity-idm.eu/site/downloads Best regards, Krzysztof |
|
From: Krzysztof B. <go...@ic...> - 2014-01-27 14:11:28
|
Hi Shiraz, Nice to hear from you&LSDMA! W dniu 27.01.2014 13:47, Shiraz Memon pisze: > Hi Krzysztof, > > Last week we had a workshop dedicated to AAI & IdM (as a part of the > LSDMA project). Whereby Unity appears to be quite important and going to > play a key role in the project. There were some initial but interesting > questions by meeting participants, though: > > Querying User's Attributes: > i) Can one query a user's group information from unity "without" Web > interface? Yes. It is possible with the SAML SOAP endpoint. SAML Attribute query protocol allows you to query for regular attributes, but additionally Unity can be configured (and by default is) to provide an additional dynamic attribute with the subject's group information. Unity allows for both self (what are my attributes?) and 3rd party (what are attributes of X?) queries, subject to site's authZ policy (see below). In future also an another, RESTful endpoint is planned, which can be considered a more lightweight - but not standards compliant - alternative. However this is not yet scheduled so any requirements are welcome. > ii) Is it only the user who can query the group information about > herself or any user holding specific (privileged) role, should be > allowed to do that? This is up to site's policy of course, but yes - you have a role (or actually several roles: Inspector, Contents Manager and System Manager) which can be assigned to users so they can read the information about other users. This applies to any access mean - web interface, SAML or anything that will be available in the future. What is more, authZ in Unity is configured per-group, so you can provide those additional privileges to selected users only in a subset of Unity tree. However for listing all groups this makes no much sense as the information is global by definition (*all* groups). > iii) In addition to that, what authentication (pki, username/password) > as well as saml protocol (ECP, SOAP,... etc) will be used to perform > such operation? So you knew it will be SAML ;-) You can use any protocol supported by Unity. Currently as noted above you have one non-web option: SAML with SOAP binding. Protocol: SAML Attribute Query protocol. You can also use SAML Authentication Protocol, but this is limited to self queries. Authentication: as configured per endpoint. Currently user name & password via HTTP Basic and/or client authenticated TLS are implemented. Supporting other (as username&password via WS-Security Username Token) can be added almost immediately if needed - this is trivial in Unity. > Support for external/upstream SAML IdPs: I am aware of the fact that the > support for external IdPs is imminent in the next release, which is > 1.1.0. Is there a tentative timeline we can anticipate? 2nd half of February. Currently this is nearly finished (e.g. all interop tests with Shib IdP are already passed), but also SAML Metadata support is planned and must be implemented. > Group management: Are the ordinary members of a group (beside > administrator) allowed to create sub-groups within? Here the answer is no, currently. I.e. one needs at least the Contents Manager role to create a group. You can assign this role for a user in a particular group, what probably won't be enough for your use case, as such role allows also for many other management actions in the group. I guess that this question is related to the self managed team work, where ordinary users can create their 'own' group, become its administrator, invite coworkers, (maybe even assign attributes in the group) and relaying services can use this information? If so, this is already designed in details for Unity, but not yet implemented. Self-managed group API is even defined and its implementation will be pretty simple. The bigger issue is the UI part. Pure 'create a group' UI is trivial, but for such feature we will need also flexible invitation/application support, simplified group management etc etc. Of course collaboration on this topic will be appreciated. Best regards, Krzysztof |
|
From: Shiraz M. <a....@fz...> - 2014-01-27 12:47:37
|
Hi Krzysztof, Last week we had a workshop dedicated to AAI & IdM (as a part of the LSDMA project). Whereby Unity appears to be quite important and going to play a key role in the project. There were some initial but interesting questions by meeting participants, though: Querying User's Attributes: i) Can one query a user's group information from unity "without" Web interface? ii) Is it only the user who can query the group information about herself or any user holding specific (privileged) role, should be allowed to do that? iii) In addition to that, what authentication (pki, username/password) as well as saml protocol (ECP, SOAP,... etc) will be used to perform such operation? Support for external/upstream SAML IdPs: I am aware of the fact that the support for external IdPs is imminent in the next release, which is 1.1.0. Is there a tentative timeline we can anticipate? Group management: Are the ordinary members of a group (beside administrator) allowed to create sub-groups within? Thanks in advance, Shiraz -- Ahmed Shiraz Memon Federated Systems and Data Jülich Supercomputing Centre (JSC) Phone: +49 2461 61 6899<tel:%2B49%202461%2061%206899> Fax: +49 2461 61 6656<tel:%2B49%202461%2061%206656> ------------------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------------------ Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher Geschaeftsfuehrung: Prof. Dr. Achim Bachem (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Prof. Dr. Sebastian M. Schmidt ------------------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------------------ |
|
From: Krzysztof B. <go...@ic...> - 2014-01-22 15:00:09
|
Dear All, The first stable version of Unity - 1.0.0 - was released yesterday. You can find details here: http://www.unity-idm.eu/site/downloads The changes since 1.0.0-rc2 were really cosmetic. The work on 1.1.0 is pretty advanced already. In the first place it should have a much more complete SAML support but also several other features will be added. Best regards, Krzysztof |
