2.0.16 (September 11th, 2020)
Apache Syncope 2.0.16 Jazz is a maintenance release.
Upgrade procedure
Upgrading from 2.0.15? There are some notes about this process.
Issues
Bug
- [SYNCOPE-1549] - Groups select opens a popup when removing a group
- [SYNCOPE-1560] - File upload component: missing translations
- [SYNCOPE-1564] - Integration tests run with YAML payloads are failing
- [SYNCOPE-1565] - Integration tests run with XML payloads are failing
- [SYNCOPE-1567] - Mapping does not allow relationships
- [SYNCOPE-1573] - Logout forced from Console when editing user with many memberships
- [SYNCOPE-1583] - For members part of a Dynamic Group, but cannot access group attributes in member mapping
Improvement
- [SYNCOPE-1575] - Provide the ability to specify on which resources the user's status should be propagated
2.0.15 (April 29th, 2020)
Apache Syncope 2.0.15 Jazz is a maintenance release.
Upgrade procedure
Upgrading from 2.0.14? There are some notes about this process.
Issues
Bug
- [SYNCOPE-1505] - Changes to "AjaxPalettePanel" components in Console are not saved when the previous step button is pressed before submitting the wizard form
- [SYNCOPE-1524] - Social registration does not redirect to self registration page
- [SYNCOPE-1525] - Documentation indicates sharing private key, hiding public key
- [SYNCOPE-1526] - Broken link to issues from reference documentation
- [SYNCOPE-1539] - AjaxPalettePanel does not support setRequired
Improvement
- [SYNCOPE-1498] - Allow variable resolution in Content.xml
- [SYNCOPE-1509] - Auto-select language from Accept-Language HTTP header
- [SYNCOPE-1518] - Allow X-Forwarded-For and X-Forwarded-Proto HTTP headers integration
- [SYNCOPE-1541] - XML response message timestamps missing millisecs component if "0 msecs"
2.0.14 (September 12th, 2019)
Apache Syncope 2.0.14 Jazz is a maintenance release.
Upgrade procedure
Upgrading from 2.0.13? There are some notes about this process.
Issues
Bug
- [SYNCOPE-1467] - RDN not allowed when an attribute of the group present also in the DN is changed
- [SYNCOPE-1472] - Resource association is duplicated on database after update, assign or link operations
- [SYNCOPE-1475] - Activiti modeler is not rendered on Google Chrome
- [SYNCOPE-1476] - Error while creating Enum schema from Admin Console
- [SYNCOPE-1477] - jQuery UI's spinner not rendered
- [SYNCOPE-1480] - Elasticsearch:dynrealm assignment not updated on condition change
- [SYNCOPE-1481] - Invalid values when saving a membership attribute of type date
- [SYNCOPE-1484] - syncope-ide-netbeans submodule fails to find netbeans dependency
- [SYNCOPE-1485] - Reindex of elasticsearch ends with memory error in case of huge amount of data
- [SYNCOPE-1487] - Build Instructions do not say that the "patch" program is needed
- [SYNCOPE-1488] - Change to MVM Env for JDK > 8.00
- [SYNCOPE-1492] - Build Instructions are missing an EVN (DOCKER_HOST) needed for mvn -Ppostgres-it
- [SYNCOPE-1493] - Mapping unique schema as remote key never matches internal objects
Improvement
- [SYNCOPE-1468] - Allow for configurable org.quartz.jobStore.misfireThreshold
- [SYNCOPE-1473] - Provide a PropagationActions to maintain a conservative membership policy management
Task
- [SYNCOPE-1464] - Upgrade to Apache Netbeans Maven dependencies
2.0.13 (April 19th, 2019)
Apache Syncope 2.0.13 Jazz is a maintenance release.
Upgrade procedure
Upgrading from 2.0.12? There are some notes about this process.
Issues
Bug
- [SYNCOPE-1428] - APIs to read by key return 404 instead of 401 for not authenticated calls
- [SYNCOPE-1429] - Wildcard case-insesitive queries do not work with Elasticsearch
- [SYNCOPE-1430] - ItemTransformer for Date schemas throws NPE
- [SYNCOPE-1438] - "changePwdDate" field is not initialized when create a new user with the specified password
- [SYNCOPE-1439] - User membership attributes not updated
- [SYNCOPE-1440] - Pagination of Users/Groups doesn't work as expected with Elasticsearch
- [SYNCOPE-1442] - Inactive Job with cron expression set is executed anyway
- [SYNCOPE-1443] - Changing Display Rows number in Reconciliation Resource Panel doesn't work
- [SYNCOPE-1450] - Audit: sensitive information not masked by default during update
- [SYNCOPE-1452] - Notification about is not deleted after update
- [SYNCOPE-1453] - MappingItem with "mustChangePassword" field cannot be provisioned and updated during import
- [SYNCOPE-1454] - Avoid duplicated Propagation Tasks
- [SYNCOPE-1457] - NonAlphaNumeric policy pattern matches the "Not word" character class
Improvement
- [SYNCOPE-1433] - Unflag/flag uniqueness shouldn't be permitted
- [SYNCOPE-1434] - getRemoteObject into AbstractPropagationTaskExecutor does not check for null object before retrieving attribute from
- [SYNCOPE-1436] - Remove pullPolicy EAGER fetchType from JPAExternalResource
- [SYNCOPE-1441] - Perform in-memory match for dynamic conditions
- [SYNCOPE-1444] - Pull correlation rules: allow to discriminate ongoing event
- [SYNCOPE-1449] - Support multi-value attributes in JEXL expressions
2.0.12 (January 17th, 2019)
Apache Syncope 2.0.12 Jazz is a maintenance release.
Upgrade procedure
Upgrading from 2.0.11? There are some notes about this process.
New and noteworthy
Search Improvements
Various fixes and enhancements finally landed that significantly improve User, Group, Any Object and Task search operations, both in performance and consistence terms; see SYNCOPE-1417, SYNCOPE-1419, SYNCOPE-1412 and SYNCOPE-1424 for details.
After Enduser UI, now also Admin Console is accessible to the visually impaired
Now both Admin Console and Enduser UI implement accessibility features to help usage by the visually impaired.
Issues
Bug
- [SYNCOPE-1391] - Check template for confirmPasswordReset and mustChangePassword
- [SYNCOPE-1393] - jexl function fullPath2Dn return invalid value for ROOT realm
- [SYNCOPE-1398] - Console stucks on update with unique key constraint violation
- [SYNCOPE-1405] - Error during db initialization: views.xml always set for PostgreSQL
- [SYNCOPE-1407] - Date pattern ignored by widget
- [SYNCOPE-1408] - Partial user edit via Role layout implies removing all unmanaged attributes
- [SYNCOPE-1411] - User/Any object updates generate attributes with null owner in case of patches involving membership attributes
- [SYNCOPE-1417] - Search with order by two plain attributes gives no results
- [SYNCOPE-1419] - User and AnyObject search fails in case of not leaf conditions given on multivalue fields
- [SYNCOPE-1420] - Expired Access Tokens might impede successful authentication
- [SYNCOPE-1425] - Mapping item transformers do not work for non-string values
New Feature
- [SYNCOPE-1368] - Add some accessibility features to Console
Improvement
- [SYNCOPE-1394] - Add un-claim capability for requests
- [SYNCOPE-1396] - Give the possibility to configure TLS client parameters
- [SYNCOPE-1409] - Avoid double round-trip to External Resource during Push
- [SYNCOPE-1412] - Search for identities with null attributes can be improved
- [SYNCOPE-1416] - remove user_search_null_attr view
- [SYNCOPE-1422] - Permit to provide custom implementation of NotificationManager and AuditManager
- [SYNCOPE-1424] - Improve Propagation task ordered search
2.0.11 (November 2nd, 2018)
Apache Syncope 2.0.11 Jazz is a maintenance release.
Upgrade procedure
Upgrading from 2.0.10? There are some notes about this process.
Bug
- [SYNCOPE-1360] - Delegated administration to Dynamic Realms not possible
- [SYNCOPE-1361] - Custom audit appender does not work after a restart
- [SYNCOPE-1366] - Audit events ownership always set to admin user
- [SYNCOPE-1370] - Password reset succeeds also on wrong captcha
- [SYNCOPE-1372] - Password history checks not effective
- [SYNCOPE-1373] - Custom task schedule is reset after update
- [SYNCOPE-1374] - Concurrent propagation tasks for non-Master domains not saved
- [SYNCOPE-1375] - The existence of a membership attribute mapping implies membership creation during pull
- [SYNCOPE-1376] - swagger-ui server URL incorrect behind ssl reverse proxy
- [SYNCOPE-1377] - Wrong X-Syncope-Domain header does not throw an error
- [SYNCOPE-1380] - During Push or Pull, if policy with conflict resolution IGNORE is set, the process is interrupted as soon as such setting applies
- [SYNCOPE-1383] - Exception during "getObject" from external resource
- [SYNCOPE-1387] - ClassCast exception when pull realms
- [SYNCOPE-1388] - mustChangePassword flag does not prevent user from invoking actions
- [SYNCOPE-1389] - In case of virtual attribute mapping, propagation is always set as UPDATE also in case of CREATE
- [SYNCOPE-1390] - Pull Realms: pull task with Unmatching Rules: PROVISION shouldn't create propagation task
New Feature
- [SYNCOPE-1019] - Template mechanism for Enduser UI
- [SYNCOPE-1367] - Add some accessibility features to Enduser
Improvement
- [SYNCOPE-1379] - Make configurable resource check timeout
- [SYNCOPE-1382] - Failure specifying push task filters including db column mapped as integer
- [SYNCOPE-1384] - SAML 2.0: Allow to customize RequestedAuthnContext for a given Service Provider
- [SYNCOPE-1385] - Priority propagation timeout hard coded into PriorityPropagationTaskExecutor
2.0.10 (August 17th, 2018)
Apache Syncope 2.0.10 Jazz is a maintenance release.
Upgrade procedure
Upgrading from 2.0.9? There are some notes about this process.
Issues
Bug
- [SYNCOPE-1333] - Missing virtual attribute value in case of type extension
- [SYNCOPE-1337] - Password history policy is not enforced on salted passwords
- [SYNCOPE-1338] - Double type conversion applied during pull leads to errors
- [SYNCOPE-1339] - Enduser spinner does not apply to the whole page
- [SYNCOPE-1340] - Cannot update membership attribute
- [SYNCOPE-1343] - Attributes are not reset after pull of null values
- [SYNCOPE-1344] - CORE_SCHEME not being updated in enduser.properties
- [SYNCOPE-1346] - Adding a new task while re-executing a propagation task
- [SYNCOPE-1347] - Invocation Problem calling org.apache.syncope.installer.processes.ArchetypeProcess
- [SYNCOPE-1350] - Date values not formatted according to the conversion pattern
- [SYNCOPE-1352] - Group wizard doesn't update the plain attributes
- [SYNCOPE-1353] - DBPasswordPropagationActions link in the reference guide is wrong
- [SYNCOPE-1354] - Push Tasks do not send status onto External Resources
- [SYNCOPE-1356] - LDAPMembershipPullActions does not remove memberships
- [SYNCOPE-1357] - MemoryVirAttrCache not working
- [SYNCOPE-1358] - Search by boolean value does not work from Admin Console
Improvement
- [SYNCOPE-1328] - Need option to configure the encryption algorithm used to generate JWT.
- [SYNCOPE-1329] - JWT: need support for asymmetric key
- [SYNCOPE-1336] - Add pagination for approvals forms
- [SYNCOPE-1341] - Domain should be configurable parameter for syncope-enduser docker image
- [SYNCOPE-1355] - Document how to access services when using Docker Compose
2.0.9 (June 28th, 2018)
Apache Syncope 2.0.9 Jazz is a maintenance release.
Upgrade procedure
Upgrading from 2.0.8? There are some notes about this process.
New and noteworthy
OpenID Connect Client features
SYNCOPE-1270 provides an extension enabling Apache Syncope to act as as OpenID Connect Client.
Once an Apache Syncope deployment - enabled with this extension - is properly configured, and the Syncope Core application is running, the Syncope Admin UI and the Syncope Enduser UI can be enabled to allow OpenID Connect-based SSO. The global result is that Admin UI and / or Enduser UI can be accessed after user authentication against (one of configured) OpenID Connect providers.
Docker Hub
Finally, Apache Syncope Core, Console and Enduser are available as three separated Docker images at Docker Hub, published under the apache organization.
Details are provided in the Getting Started guide.
Enduser UI: social registration
Once configured the appropriate SAML 2.0 Service Provider features or OpenID Connect Client features for the Enduser UI, it is now possible to take the initial values for some attributes in Syncope from a profile owned by the registering user in one of most popular social networks as Twitter, LinkedIn, Facebook, Google+, ...
More bundled ConnId connectors
New ConnId connectors come bundled with Apache Syncope:
Miscellaneous
- Reference Password Rule provided relying on the famous "Have I been Pwned?" service
- Manual reconciliation tool for Admin Console: given a User / Group / Any Object and an External Resource, allows to examine the current status, force pushing or pulling values for mapped attributes
- REST now supports
application/yaml
for exchanging payloads, besidesapplication/json
andapplication/xml
Issues
Bug
- [SYNCOPE-1282] - Search schema error
- [SYNCOPE-1285] - Quartz db init on HA environments occurs on all nodes
- [SYNCOPE-1288] - Propagation tasks list not keeping order while browsing pages
- [SYNCOPE-1290] - Deletion of only schema entry breaks schema UI
- [SYNCOPE-1291] - Cannot login again into Admin Console after Session Expired
- [SYNCOPE-1293] - Default password reset notifications not working
- [SYNCOPE-1294] - Plainschema panel doesn't display the assigned validator class
- [SYNCOPE-1297] - Select all + bulk button redirecting to top of the page on click
- [SYNCOPE-1298] - Quartz jobs with no matching Task or Report not visible from Admin Console
- [SYNCOPE-1301] - Token creation is not threadsafe
- [SYNCOPE-1303] - Content migration from 1.2 problems
- [SYNCOPE-1304] - Order Groups by userOwner throws DataIntegrityViolation exception
- [SYNCOPE-1306] - Date value without a conversion pattern not shown by Admin Console
- [SYNCOPE-1307] - Wrong export order for Realms
- [SYNCOPE-1308] - Exception getting users with orderBy on SyncopeClient API with Postgres 10.3
- [SYNCOPE-1309] - Enduser UI does not remove Access Token on Finish
- [SYNCOPE-1312] - Console CSS is depending from Google fonts
- [SYNCOPE-1314] - Bulk action from reconciliation section ever shows NOT ATTEMPTED after provision
- [SYNCOPE-1315] - Propagation task sorting by Object Type not working as expected
- [SYNCOPE-1317] - RuntimeException when remove all schemas
- [SYNCOPE-1318] - Future task rejected from ScheduledThreadPoolExecutor
- [SYNCOPE-1319] - Pull Task template not assigning roles
- [SYNCOPE-1320] - Push task report generation fails in case of IgnoreProvisionException
- [SYNCOPE-1321] - Search doesn't work for date attributes with conversion pattern with time zone
- [SYNCOPE-1326] - Wizard generates unnecessary attrPatch when the field is empty
New Feature
- [SYNCOPE-1018] - Social registration for Enduser UI
- [SYNCOPE-1256] - Docker images
- [SYNCOPE-1270] - OpenID Connect client feature
- [SYNCOPE-1283] - Support Azure AD
- [SYNCOPE-1289] - REST: support YAML payloads
- [SYNCOPE-1310] - Support SCIM v1.1
- [SYNCOPE-1316] - Support ServiceNow
Improvement
- [SYNCOPE-1148] - SAML-initiated self-registration
- [SYNCOPE-1292] - Use Remote Key during Pull to match internal entities
- [SYNCOPE-1295] - Create a structured wizard to edit SCIM 2.0 configuration
- [SYNCOPE-1299] - Manual reconciliation
- [SYNCOPE-1302] - New expression model in mapping for internal attributes to access user relationships
- [SYNCOPE-1322] - Get available tasks from workflow definition
- [SYNCOPE-1324] - Have I Been Pwned password rule
2.0.8 (March 13th, 2018)
Apache Syncope 2.0.8 Jazz is a maintenance release.
Upgrade procedure
Upgrading from 2.0.7? There are some notes about this process.
Security advisories
New and noteworthy
Admin Console
New language translation available: Japanese.
New feature: schema search.
Enduser UI
New language translation available: Japanese.
OpenAPI 3.0 / Swagger UI 3.0
The existing support for Swagger 2.0 specification was upgraded to OpenAPI 3.0.
Additionally, Swagger UI 2.0 was replaced by Swagger UI 3.0.
Issues
Bug
- [SYNCOPE-1257] - USER search by GROUP does not work if group name has spaces
- [SYNCOPE-1261] - When starting with empty database and no ConnInstances in Content.xml no bundles are reported as available
- [SYNCOPE-1263] - REST invocation with invalid JWT string returns 500
- [SYNCOPE-1265] - SAML 2.0 IdP cache empty until either new is imported or SAML2IdPService#list is invoked
- [SYNCOPE-1266] - Multivalue binary attributes leads to OutOfMemory exception
- [SYNCOPE-1269] - Cannot specify validator for Configuration Parameters
- [SYNCOPE-1272] - Export of the report always returns the result of the last execution
- [SYNCOPE-1275] - Add the possibiliy to delete a job
- [SYNCOPE-1276] - Link or assign Group from External Resource resets dynamic membership conditions
New Feature
- [SYNCOPE-1259] - Japanese translation for Admin console & Enduser UI
- [SYNCOPE-1279] - Provide live updates from running tasks and reports
Improvement
- [SYNCOPE-1225] - Search funcionality in Schemas
- [SYNCOPE-1267] - Provide check of mimetypes before generate a binary attribute preview
- [SYNCOPE-1274] - Report required and read-only payload properties in OpenApi spec
- [SYNCOPE-1280] - Better job interrupt
Task
- [SYNCOPE-1262] - Upgrade to Swagger UI 3.0
2.0.7 (December 22nd, 2017)
Apache Syncope 2.0.7 Jazz is a maintenance release.
Upgrade procedure
Upgrading from 2.0.6? There are some notes about this process.
New and noteworthy
SCIM 2.0
The SCIM extension is now available, allowing to provision users and groups through the new /scim
REST endpoint according to the SCIM (System for Cross-domain Identity Management) 2.0 specifications.
Issues
Bug
- [SYNCOPE-1222] - Unwanted delete from External Resources on Membership removal
- [SYNCOPE-1223] - Cannot search for values containing comma
- [SYNCOPE-1224] - CLI: user "all" operations limited to 25 users
- [SYNCOPE-1226] - List the attributes to be displayed show deleted attributes
- [SYNCOPE-1227] - Password template not nullable after setting
- [SYNCOPE-1229] - Pull task execution bulk delete fails
- [SYNCOPE-1230] - Bad toggle handling during task execution delete
- [SYNCOPE-1231] - Hidden columns in bulk action resul modal page
- [SYNCOPE-1232] - AnyType removal does not check for existing AnyObjects
- [SYNCOPE-1233] - NullPointerException in Topology after creating a connector with no displayName using pure REST call
- [SYNCOPE-1235] - Unlink or unassign Group from External Resource resets dynamic membership conditions
- [SYNCOPE-1236] - Pagination error for executed tasks
- [SYNCOPE-1239] - Missing specified plain attr values if plain attr step is the last one of the any management wizard
- [SYNCOPE-1241] - Under high load propagation after pull might fail
- [SYNCOPE-1244] - Error creating bean with name 'logicInitializer' on startup related to quartz clustering
- [SYNCOPE-1246] - Group membership search stucks with several thousands of groups
- [SYNCOPE-1247] - Group search and auto-completion does not work with several thousands of groups
- [SYNCOPE-1248] - Password policy history error when the user is updated before being approved
- [SYNCOPE-1250] - Missing attributes layout order
- [SYNCOPE-1251] - UserTO variable is not updated during Update Activiti Task
- [SYNCOPE-1252] - Search failing for non-string attributes from Admin Console
- [SYNCOPE-1253] - Pulled users have password set even if no mapping was provided
Improvement
- [SYNCOPE-1138] - Update RelationshipTO to also report the "left" end of a relationship
- [SYNCOPE-1228] - Parent should be passed once for Realm create
- [SYNCOPE-1234] - SyncDelta pre-processing
- [SYNCOPE-1237] - Copy table row element key to clipboard by clicking on its name in toggle menu
- [SYNCOPE-1238] - Terminate Topology background checks once completed
- [SYNCOPE-1242] - Simple way to see elements full text value in Palette Panels
- [SYNCOPE-1243] - Add information to GroupTO about user and AnyObject membership counts
- [SYNCOPE-1255] - Dynamic group/role create/update can result in timeout error in case of a great number of members
New Feature
- [SYNCOPE-152] - Support SCIM REST API
- [SYNCOPE-1249] - Support for mustChangePassword mapping
2.0.6 (October 9th, 2017)
Apache Syncope 2.0.6 Jazz is a maintenance release.
Upgrade procedure
Upgrading from 2.0.5? There are some notes about this process.
Issues
Bug
- [SYNCOPE-1205] - Serialization exception in the logs when editing users pending approval
- [SYNCOPE-1206] - Dynamic membership updates not considered for provisioning during update
- [SYNCOPE-1207] - Audit: incorrect output element reported for Pull Tasks
- [SYNCOPE-1210] - Random password generation fails for push tasks
- [SYNCOPE-1211] - syncope migration 1.2 to 2.0 users blocked to 200
- [SYNCOPE-1213] - Syncope console should advice user about exceeded file size
- [SYNCOPE-1214] - Error when sorting Users by Realm
- [SYNCOPE-1215] - Multivalue readonly fields allow frontend deletion
- [SYNCOPE-1217] - Using the JAVA API is possible to create a Realm with the same name in the same parent realm
Improvement
- [SYNCOPE-1212] - Allow for easier Pull / Push processes customization
Task
- [SYNCOPE-1186] - Remove copy of SAMLSSOResponseValidator and SSOValidatorResponse when CXF 3.1.13 is out
2.0.5 (September 6th, 2017)
One year after 2.0.0, here it comes Apache Syncope 2.0.5 Jazz bringing fixes, new features and improvements.
Upgrade procedure
Upgrading from 2.0.4? There are some notes about this process.
New and noteworthy
SAML 2.0 Service Provider improvements
The SAML 2.0 Service Provider extension - e.g. the ability to SSO into Admin Console, Enduser UI and any other Java EE application properly enabled - was provided with several enhancements:
- allow to define complete mapping between Syncope Schema and SAML 2.0 attributes
- allow to specify custom IdP Actions - which can be used, among other things, for flexible Role assignment based on SAML 2.0 statements
- consent to on-the-fly creation of unmatched SAML 2.0 users, allowing users not pre-existing in a given Apache Syncope deployment to be created in case of SAML 2.0 SSO
- strict validation of SAML 2.0 payloads
- signature of the generated Service Provider Metadata
- support for IdP-initiated SSO
Realm provision enhancements
Introduced in earlier versions, Realm provisioning is now feature-equivalent to Users, Groups and Any Objects provisioning, with complete mapping, resource exploration and more.
Audit Appenders
It is now possible to configure Audit Appenders, which allow to route audit messages, with optional transformation (rewrite), to files, queues, sockets, syslog, etc.
Delegated Administration for Connectors and External Resources
Connectors now requires to specify a Realm, which is then used to evaluate the entitlements owned by administrators when performing management operations on Connectors and their External Resources.
Moreover, changes in Connectors and External Resources configuration are now tracked by default and allow to revert unwanted / breaking changes at hand.
Portions of this software are developed by the support of iWelcome, European Identity & Access Management as-a-Service (IDaaS) provider.
Issues
Bug
- [SYNCOPE-1139] - StackOverflowError while serializing AuditEntry after propagation
- [SYNCOPE-1140] - Error when trying to assign a relationship
- [SYNCOPE-1141] - Error when getting /numbers with application/xml
- [SYNCOPE-1149] - Access token still required for the third party JWT SSO integration scenario
- [SYNCOPE-1150] - Invalid property set for propagation task modal page header
- [SYNCOPE-1151] - Glinch in the root realm information
- [SYNCOPE-1158] - Misleading Push Task reports
- [SYNCOPE-1162] - Change to Connector's display name not reflected by contextual menu
- [SYNCOPE-1163] - External Resource priority is never NULL
- [SYNCOPE-1166] - No propagation task is created for resources where the password is not propagated
- [SYNCOPE-1168] - Encryptor pads short secret keys with "0" instead of random characters
- [SYNCOPE-1169] - Operation not supported error when trying to run a bulk action for users
- [SYNCOPE-1170] - Can't remove a "Dynamic USER assignment"
- [SYNCOPE-1174] - NPE in AccessTokenDataBinderImpl if no 'jwt.lifetime.minutes' schema is present
- [SYNCOPE-1175] - Password Reset Token Generation Not Working After Upgrading to 2.0.4
- [SYNCOPE-1178] - PlainSchema page empty while self update on Enduser
- [SYNCOPE-1179] - JWT "Date" claims are interpreted using milliseconds instead of seconds
- [SYNCOPE-1180] - No e-mail debug output
- [SYNCOPE-1184] - In the "Attributes to be displayed" sellection show the ones already displayed by default
- [SYNCOPE-1188] - NPE Message while saving Dynamic Realm with empty key
- [SYNCOPE-1189] - Realms page not accessible when user has permissions on dynamic realms
- [SYNCOPE-1190] - Username not refreshed on toggle menu after user update
- [SYNCOPE-1193] - Add the option to update a user via REST by using the username as key
- [SYNCOPE-1199] - Syncope performance: AnyObjectTO's creation time grows with it's quantity
- [SYNCOPE-1203] - Not possible to add provision rules for "Realm" type
Improvement
- [SYNCOPE-1096] - Download button should be disabled while populating for the first time a binary attribute
- [SYNCOPE-1097] - Downloaded file for binary attribute better naming
- [SYNCOPE-1115] - Display attributes for propagation tasks
- [SYNCOPE-1143] - Fine-grained administration rights for Connector and Resources
- [SYNCOPE-1146] - On-the-fly creation of unmatched users logging via SAML 2.0
- [SYNCOPE-1147] - Extend SAML 2.0 IdP mapping to Roles
- [SYNCOPE-1152] - Clear out unneeded anonymous authenticated services
- [SYNCOPE-1153] - Push Tasks result to show "no operation" when operation is not enabled
- [SYNCOPE-1154] - Edit resource to show always in the same order in list of object provision rules
- [SYNCOPE-1155] - Hard-coded /syncope-enduser HTTP subcontext
- [SYNCOPE-1159] - Allow to set Realm for Push Tasks
- [SYNCOPE-1164] - Complete mapping for Realm provisioning
- [SYNCOPE-1167] - Preliminary AnyType selection when adding new provision rule
- [SYNCOPE-1171] - Skip Relationships page when no relationship types exist
- [SYNCOPE-1172] - Error message of "Malformed Path" could be made a little clearer
- [SYNCOPE-1173] - Replace List<String> dynGroups with List<MembershipTO> dynMemberships
- [SYNCOPE-1176] - Edit provisioning rules menu is flat and not toggle
- [SYNCOPE-1177] - Configuration Parameter deletion should ask for confirmation
- [SYNCOPE-1182] - Use Remote Key in the Mapping to fetch external entities
- [SYNCOPE-1183] - Realm attribute available (as a detail) to use as a column in the "realm view" object list
- [SYNCOPE-1185] - Further validate SAML responses with CXF's SAMLSSOResponseValidator
- [SYNCOPE-1192] - Provide latest GIT commit hash alongside with version number
- [SYNCOPE-1194] - Sign the SAML SSO Service Provider Metadata
- [SYNCOPE-1196] - Binary previewer also for configuration parameters
- [SYNCOPE-1197] - Enduser console doesn't specify "SAML 2.0" as per the admin console
- [SYNCOPE-1198] - Make the signature algorithm configurable for SAML SSO
- [SYNCOPE-1200] - Allow to update user data during approval
- [SYNCOPE-1201] - Allow AnyType-based conditions for DynRealms
- [SYNCOPE-1202] - Support IdP Initiated SAML SSO
New Feature
- [SYNCOPE-1144] - Customizable Audit appender
- [SYNCOPE-1145] - Connector and Resource configuration versioning
Task
- [SYNCOPE-1195] - Remove copy of OpenSAMLUtil when WSS4J 2.1.11 is out
Wish
- [SYNCOPE-1161] - Option to clone a resource
2.0.4 (July 3rd, 2017)
The brand new Apache Syncope 2.0.4 Jazz keeps bringing fixes, new features and improvements.
Upgrade procedure
Upgrading from 2.0.3? There are some notes about this process.
New and noteworthy
Netbeans Plugin
Besides the consolidated Eclipse IDE Plugin, a new plugin is now available for Apache Netbeans, with similar features.
Elasticsearch-based Search Engine
Especially suitable for large deployments, a new search engine relying on an external Elasticsearch cluster is provided, dramatically improving the overall search performance when the number of managed entities (Users, Groups and Any Objects) raises above tens of thousands.
Dynamic Realms
In addition to static containment provided by Realms, Dynamic Realms can be used to identify Users, Groups and Any Objects according to some attributes' value, resource assignment, group membership or any other condition available, with purpose of granting delegated administration rights.
Flexible Quartz configuration in clusters
The Quartz scheduler is largely used within Syncope Core to schedule the execution of jobs, including pull, push, notification and custom tasks, and reportlets.
By default, Quartz is configured for clustering, where all cluster nodes are equally selectable for processing jobs. Individual cluster nodes can now be disabled for jobs processing.
JWT and security improvements
SSO header change for RESTful services
In Apache Syncope 2.0.3, SSO support was added (SYNCOPE-1035 - JWT-based access to REST services CLOSED) for RESTful services by sending a JWT Token using the X-Syncope-Token
header, e.g.:
curl -H "X-Syncope-Token: eyJ0e..." http://localhost:8080/syncope/rest/users/self
From Syncope 2.0.4 onwards (SYNCOPE-1120 - Use the standard Bearer Authorization header for JWT tokens CLOSED), this header value is no longer supported. Instead, you must use the standard Authorization
Bearer header, e.g.:
curl -H "Authorization: Bearer eyJ0e..." http://localhost:8080/syncope/rest/users/self
Third Party JWT SSO integration
Besides validating and accepting the JSON Web Tokens generated during the authentication process as sketched above, Apache Syncope can be enabled to cope with tokens generated by third parties.
JWS signing key reference
In Apache Syncope 2.0.3, the default signing JWS key was referenced in securityContext.xml
as follows:
"${jwsKey}.bytes"
However, this was incorrect and results in the key value with ".bytes"
appended to it. In Syncope 2.0.4, the following value should be used instead
"#{jwsKey.getBytes()}"
Default key and password checking
In Apache Syncope 2.0.4, a warning is logged if the default JWS key is used to either create / update an access token, or is used to invoke on a RESTful service. A similar warning is logged if the default anonymous key is used to invoke on a RESTful service. A warning is also logged if the default admin password or anonymous key are detected.
If you see these warnings in the logs then it is critical to change the default values.
More information about the internal authorization process is now available in the Reference Guide.
HikariCP for JDBC connection pool
The internal storage connection pool is now based by default on the high-performance HikariCP.
Improved UX in Admin Console
Up to Syncope 2.0.3, the general interaction paradigm for data tables in Admin Console used to be based on showing several icons for each row, following the various actions available for the given entity:
With the increasing number of potential actions, this mechanism proved to be poor: now, instead, a contextual menu will appear after clicking on any row, reporting all the available actions for the selected entity.
Issues
Sub-task
- [SYNCOPE-808] - Netbeans plugin
Bug
- [SYNCOPE-1066] - WADL servlet uses request url to provide wadl
- [SYNCOPE-1069] - Incomplete HA setup instructions
- [SYNCOPE-1070] - Conversion pattern ignored for date, long and double values during propagation
- [SYNCOPE-1071] - The executed notification tasks are not displaying on the console
- [SYNCOPE-1075] - User lastChangeDate attribute is not displayed correctly
- [SYNCOPE-1076] - The console doesn't allow to download the report in various formats
- [SYNCOPE-1078] - Activiti modeler window doesn't open on click
- [SYNCOPE-1079] - Missing toggle panel for the job control widget of the administration console dashboard
- [SYNCOPE-1081] - Console: new toggle panel behavior anomalies
- [SYNCOPE-1082] - Concurrent CRUD random failures with dynamic memberships
- [SYNCOPE-1085] - Custom tasks modal page shouldn't show "Cancel" button
- [SYNCOPE-1089] - Improve provisioning mapping page in order to avoid duplicates in internal attribute name list
- [SYNCOPE-1090] - Error defining clause to search for group owners
- [SYNCOPE-1091] - Error while downloading Jpeg binary attribute content
- [SYNCOPE-1094] - Out of memory error while rendering PDF
- [SYNCOPE-1098] - User edit modal page opening takes long in case of a lot of groups defined
- [SYNCOPE-1099] - Dynamic group membership does not trigger propagation
- [SYNCOPE-1101] - Error showing action icons on Notidfication events managements
- [SYNCOPE-1104] - Missing autocomplete for ConnId object class when defining new provision
- [SYNCOPE-1107] - The installer fails with a NoClassDefFoundError
- [SYNCOPE-1108] - NullPointerException while saving an empty template
- [SYNCOPE-1109] - Installer fails to setup Activiti
- [SYNCOPE-1110] - Error replacing group/auxclass/resource during self-management operation
- [SYNCOPE-1111] - New any type not shown unders Realms
- [SYNCOPE-1112] - Error searching for user/group/anyobject by providing conditions on attribute with schema type Long
- [SYNCOPE-1114] - Dynamic group information not available during propagation
- [SYNCOPE-1121] - Enduser form customization does not work with empty section in edit mode
- [SYNCOPE-1122] - Enduser must show all attributes when customForm.json has empty section with show=true
- [SYNCOPE-1123] - Enduser UserRequestValidator NPE on custom form empty sections
- [SYNCOPE-1125] - Password on external resource not updated via Enduser
- [SYNCOPE-1127] - Membership attribute values are not shown
- [SYNCOPE-1128] - Content exporter does not sort for internal foreign keys
- [SYNCOPE-1130] - NPE refreshing realm page after realm creation
- [SYNCOPE-1131] - Cannot delete resources owned by realms
- [SYNCOPE-1133] - Search panel used for relationships definition does not work
- [SYNCOPE-1134] - Action menu not working after page refresh
- [SYNCOPE-1135] - Groups list not refreshing after realm change
Improvement
- [SYNCOPE-1047] - Replace ActionLinksPanel with TogglePanel
- [SYNCOPE-1053] - Show actual pending modifications during approval
- [SYNCOPE-1067] - More flexible delegated administration model
- [SYNCOPE-1068] - Console: CSRF protection
- [SYNCOPE-1072] - Display or enable add button only to realms were CREATE is owned
- [SYNCOPE-1073] - Hide realm management if no realm entitlement are owned
- [SYNCOPE-1074] - Realm navigator: show only relevant realms for delegated admin
- [SYNCOPE-1083] - ConnInstance location is not normalized
- [SYNCOPE-1084] - Switch to HikariCP for Core's default DataSource definitions
- [SYNCOPE-1086] - Avoid to read whole entities to check ETag
- [SYNCOPE-1087] - Avoid to read input entities if no notification or audit are requested
- [SYNCOPE-1088] - Store authorizations with access tokens
- [SYNCOPE-1093] - Add some feedbacks when linking not existing groups/resources to existing user
- [SYNCOPE-1100] - Provide JWT expiration information to self
- [SYNCOPE-1103] - Option to disable Quartz instances across cluster
- [SYNCOPE-1106] - Remove misleading getAttrMap and similar methods from TOs
- [SYNCOPE-1117] - Make it more obvious that the jwsKey needs to be changed
- [SYNCOPE-1118] - Update docs to explain what "anonymousKey" refers to
- [SYNCOPE-1119] - Make it more obvious that the default admin password needs to be changed
- [SYNCOPE-1120] - Use the standard Bearer Authorization header for JWT tokens
- [SYNCOPE-1124] - Support functions for internal JEXL engine
- [SYNCOPE-1126] - Include realms into the Explore Resource feature
- [SYNCOPE-1136] - Groups list reset always after realm change
New Feature
- [SYNCOPE-1077] - Extension: Elasticsearch-based search engine
- [SYNCOPE-1095] - Provide preview for JSON and XML binary field
- [SYNCOPE-1129] - Third Party JWT SSO integration
Task
- [SYNCOPE-1080] - Update swagger-jaxrs dependency to 1.5.13
2.0.3 (April 15th, 2017)
Despite being a minor release, and besides the high number of fixes provided, Apache Syncope 2.0.3 Jazz brings several new features and improvements.
Upgrade procedure
Upgrading from 2.0.2? There are some notes about this process.
New and noteworthy
SAML 2.0 Service Provider features
SYNCOPE-1041 provides an extension enabling Apache Syncope to act as as SAML 2.0 Service Provider.
Once an Apache Syncope deployment - enabled with this extension - is properly configured, and the Syncope Core application is running, the Syncope Admin UI and the Syncope Enduser UI can be enabled to allow SAML-based SSO. The global result is that Admin UI and / or Enduser UI can be accessed after user authentication against (one of configured) SAML 2.0 Identity Provider(s).
Portions of this software are developed by the support of the University of Helsinki, the largest university in Finland with 35,000 degree students and some 8,000 employees.
Enduser UI: form customization
After SYNCOPE-1009, the Enduser UI now features a JSON-based high-level form customization mechanism which further enhances its adaptation capabilities.
Via this enhancement, it is possible to dynamically configure the user form to:
hide / show attributes
set attributes read-only for users
provide default value(s)
Flowable user workflow adapter
SYNCOPE-1055 adds native support for the Flowable Java BPM Engine, besides the one based on Activiti.
Extended support for workflow sub-process management
SYNCOPE-1020 enhances the support for managing BPMN sub-processes, which can now be explicitly defined, managed via Activiti Modeler (if available) and invoked from the main process through the call-activity
construct.
Authentication / Authorization improvements
Up to Apache Syncope 2.0.2, each REST invocation required - at least in the default configuration - to inject the invoker credentials via the Authorization
HTTP header.
After SYNCOPE-1035, the process is more structured and requires an initial authentication step which returns an unique JSON Web Token, which can be used for further invocations. This renewed mechanism is the basis for easier inclusion of various authentication mechanisms, including SAML 2.0 - as provided by SYNCOPE-1041 - OAuth 2.0 and OpenID Connect.
Moreover, with SYNCOPE-1015 it is now possible to configure which user attribute(s) can be passed as login name for authentication, besides username
(default).
Issues
Bug
- [SYNCOPE-1003] - Error when accessing notification tasks for a given user
- [SYNCOPE-1004] - Notification tasks generated for self read event not linked to user
- [SYNCOPE-1007] - NPE in Console when on an empty search term for user assignment
- [SYNCOPE-1008] - Maven home directory not trimmed of whitespace
- [SYNCOPE-1010] - Some PushActions methods not invoked even if assigned
- [SYNCOPE-1012] - Security answer not recognized during password reset
- [SYNCOPE-1013] - Password reset link generated by default notification template does not trigger Enduser UI features
- [SYNCOPE-1014] - The list of security questions is not refreshed after creating new one
- [SYNCOPE-1016] - Last change date not updated for users when attributes are updated via pull
- [SYNCOPE-1022] - UTF-8 characters in security questions not correctly encoded by Enduser UI
- [SYNCOPE-1023] - Maven projects from archetype deploy test content with 'all' profile
- [SYNCOPE-1024] - Enduser does not manages properly ENUM schema labels
- [SYNCOPE-1025] - SYNCOPEAUDIT table not populated
- [SYNCOPE-1026] - Cannot remove group owner once set
- [SYNCOPE-1027] - Mapping errors cannot be fixed when defining provision rules for a new resource
- [SYNCOPE-1030] - Invalid DefaultAccountRule definition from Admin Console
- [SYNCOPE-1032] - Role key must be not modifiable during edit from Admin Console
- [SYNCOPE-1033] - NPE in Admin Console when working with Reconciliation Report
- [SYNCOPE-1034] - Assigned Auxiliary classes disappear in the Type Extensions panel when click on cancel
- [SYNCOPE-1036] - Notification icon does not refresh on new approval event
- [SYNCOPE-1037] - Pending approvals list is clickable
- [SYNCOPE-1038] - User create: finish button should remain clickable if the last step is reached
- [SYNCOPE-1039] - User attributes in user edit/create form are reset after validation error
- [SYNCOPE-1040] - Membership derived attributes cannot reference own plain attributes
- [SYNCOPE-1042] - Removal of all executed pull tasks via bulk action returns a missing resource exception
- [SYNCOPE-1043] - Improve JWT token expiration handling
- [SYNCOPE-1044] - By editing the provisioning rules, modal footer is not disabled
- [SYNCOPE-1045] - Activiti Modeler: log out from Admin Console in case of error
- [SYNCOPE-1046] - Console: task execution sort not working properly
- [SYNCOPE-1048] - Into the connector configuration page the same bundle appear more then once if different versions exist
- [SYNCOPE-1049] - Console returns an error if you try to explore Syncope as a remote object
- [SYNCOPE-1051] - It is possible to schedule task execution in the past
- [SYNCOPE-1052] - Enduser CAPTCHA not reloading
- [SYNCOPE-1057] - Type extensions cleared after group update during pull
- [SYNCOPE-1060] - Date in membership attribute is propagated as timestamp
- [SYNCOPE-1062] - Changes pulled from one resource not propagated externally
Improvement
[SYNCOPE-991] - Improve user password management / resource management
[SYNCOPE-1005] - Schema sorting should be done on JS side
- [SYNCOPE-1009] - Enduser must provide an easy way to enable/disable visualization and sorting of USER attributes
- [SYNCOPE-1020] - Support for BPMN call activity
- [SYNCOPE-1028] - Improve usability of the modal window for provision rules
- [SYNCOPE-1029] - Change modal window title and button bars background
- [SYNCOPE-1031] - Hide key when creating / editing Security Questions from Admin Console
- [SYNCOPE-1050] - Allow easier extension of REST interface exposed to AngularJS
- [SYNCOPE-1058] - Do not show time picker and values for date-only schemas
- [SYNCOPE-1059] - Remove final landing page after user create/update
- [SYNCOPE-1061] - Support SAML 2.0 Redirect profile
- [SYNCOPE-1063] - Incomplete title for modal windows from Topology
- [SYNCOPE-1064] - Improve security of customization mechanism
New Feature
[SYNCOPE-1015] - User Authentication using email
[SYNCOPE-1035] - JWT-based access to REST services
- [SYNCOPE-1041] - SAML 2.0 Service Provider feature
- [SYNCOPE-1055] - Provide Flowable 5.X-based workflow adapter
2.0.2 (January 27th, 2017)
The second maintenance release for Syncope 2.0 Jazz addressing some bugs and providing improvements, both on the Admin Console and Enduser application.
Most noticeable changes:
- case-insensitive search, selectable via REST and available by default from the Admin Console
- Enduser application's default HTML / CSS template now responsive
- sample External Resource provided, using the Scripted REST connector
- Apache FOP upgraded to the latest stable version available, providing major enhancements to report export as PDF and RTF
- brand new Log Viewer, which provides full access to Core logs from the Admin console
Upgrading from 2.0.1? There are some notes about this process.
Sub-task
- [SYNCOPE-984] - Errors when building on Windows for archetype and Eclipse plugin
- [SYNCOPE-985] - org.apache.syncope.client.cli.commands.MigrateTest Fails on Windows
Bug
- [SYNCOPE-965] - Cron expression for scheduled job is not saved from the console
- [SYNCOPE-966] - Exception reported when looking at propagation task details from user list
- [SYNCOPE-970] - On logout, page translation doesn't reset to default settings.
- [SYNCOPE-974] - Incorrect error reported when creating notification with missing events
- [SYNCOPE-975] - Search case insensitive ilike operator triggers search validation
- [SYNCOPE-976] - Duplicated events shown by admin console for notifications and audit
- [SYNCOPE-977] - style missing for captcha buttons in responsive template (under 800px width)
- [SYNCOPE-979] - resource id is missing in user propagation task table
- [SYNCOPE-980] - AnyObject search filter not honored with inGroups condition
- [SYNCOPE-981] - Oracle/SQLServer configuration does not work
- [SYNCOPE-982] - Notification tasks modal window does not provide access to actual HTML and TEXT e-mail body
- [SYNCOPE-987] - Build issues on Windows
- [SYNCOPE-990] - Explore resource detailed view always shows empty left column
- [SYNCOPE-992] - Date not registered in self registration
- [SYNCOPE-993] - Footer buttons positioning and resizing
- [SYNCOPE-994] - Character encoding not being respected
- [SYNCOPE-997] - Angular transition errors
- [SYNCOPE-999] - REST exception mapper overwrites Spring Security response
- [SYNCOPE-1000] - CSVDir connector unclear about required attributes/columns
- [SYNCOPE-1001] - Closing the Activiti Modeler popup does not make the spinner to disappear
- [SYNCOPE-1002] - Updating any objects' name via console is ineffective
Improvement
- [SYNCOPE-773] - Allow in-place edit in Job dashboard widget
- [SYNCOPE-779] - Use Kendo UI Boostrap DateTimePicker
- [SYNCOPE-967] - Enduser test update
- [SYNCOPE-971] - Case insensitive search
- [SYNCOPE-972] - Make Syncope Enduser template responsive
- [SYNCOPE-978] - Add sample REST external resource
- [SYNCOPE-983] - Search performance improvement with mandatory schemas only
- [SYNCOPE-989] - Upgrade FOP to 2.1
- [SYNCOPE-996] - Replace Angular Bootstrap DateTimePicker with Kendo UI DateTimePicker
New Feature
- [SYNCOPE-882] - Log viewer
Task
- [SYNCOPE-962] - Upgrade to Wicket 7.5.0
2.0.1 (October 21st, 2016)
The first maintenance release for Syncope 2.0 Jazz addressing some bugs and providing improvements, especially on the Enduser application.
Upgrading from 2.0.0? There are some notes about this process.
Bug
- [SYNCOPE-937] - Security question not loaded while resetting the user password
- [SYNCOPE-940] - Handle authorization issues more gracefully in the console
- [SYNCOPE-942] - Bug in changing security answer in the Enduser UI
- [SYNCOPE-944] - Cannot manually assign groups provided with dynamic assignment rules
- [SYNCOPE-946] - Encrypted attribute values not managed as password values
- [SYNCOPE-947] - Missing quotes defining realm (JEXL) expression in user/group/anyobject templates for realms
- [SYNCOPE-950] - Self-registration / self-update not working
- [SYNCOPE-953] - Enduser shows groups of the selected realm rather than groups assignable to users in the selected realm
Improvement
- [SYNCOPE-948] - Optionally provide schema information with attribute values
- [SYNCOPE-949] - Leave WebApplicationException to default processing
- [SYNCOPE-952] - Provide realm management to enduser
- [SYNCOPE-958] - Enduser improvements
- [SYNCOPE-959] - Specify working domain in enduser.properties
- [SYNCOPE-960] - Make the breadcrumb in creation navigable only when the Finish page has been reached
2.0.0 (September 9th, 2016)
The first stable version of Syncope 2.0 Jazz is finally available, finalizing almost 2 years of community effort.
What's new
- Identity Recertification
- Migration guide from Apache Syncope 1.2
Bug
- [SYNCOPE-738] - Startup errors with Wildfly due to Camel route loading
- [SYNCOPE-929] - Braces are ignored for FIQL strings
- [SYNCOPE-930] - Exception when dropping the last "Base Contexts to Synchronize" from LDAP connector
- [SYNCOPE-931] - Error in Camel route causes subsequent failures
- [SYNCOPE-933] - Dashboard: status COMPLETE is reported for running jobs
- [SYNCOPE-934] - Bad form (including login) appearance with IE 11
- [SYNCOPE-935] - Attribute 'type' shouldn't be available to create a group filter
- [SYNCOPE-936] - Sync token reset to NULL when no SyncDelta items are available
Improvement
- [SYNCOPE-853] - Add AngularJS tests for enduser
- [SYNCOPE-926] - Syncope 2.x startup improvements
- [SYNCOPE-932] - Search UI improvements
New Feature
- [SYNCOPE-880] - Identity Recertification
2.0.0.M5 (September 2nd, 2016)
The last milestone release from the new major series Syncope 2.0 Jazz is now available, bearing a relevant number of fixes and improvements over 2.0.0-M4.
What's new
Eclipse IDE Plugin
The Eclipse IDE plugin allows remote management of notification e-mail and report templates, and constitutes an example of a Java application relying on the Client Library for interacting with the Core via REST.
The plugin was developed as part of Google Summer of Code 2016.
Documentation
Possibly the major, long-lasting, most claimed missing feature of open source projects in general, and Apache Syncope in particular.
The brand new Getting Started guide and Reference Guide are now complete and available.
Migrating from older releases
The supporting tools are available and the procedure is now outlined and ready to be embedded into the Reference Guide.
Sub-task
- [SYNCOPE-809] - Eclipse plugin
Bug
- [SYNCOPE-872] - Type extensions not considered for user form
- [SYNCOPE-878] - Failure on bulk deletion of users
- [SYNCOPE-879] - Auto-completion not working for internal and external attribute names
- [SYNCOPE-881] - Users not removed from transitive external resources when deleted
- [SYNCOPE-883] - Can't access REST API via browser
- [SYNCOPE-884] - Error in REST API when specifying application/xml accept header
- [SYNCOPE-886] - Error enablig/disabling user on a single resource
- [SYNCOPE-887] - Hidden password in pull task user template
- [SYNCOPE-888] - No error thrown if resource mapping internal attribute doesn't exist
- [SYNCOPE-891] - Resource Provisioning Error
- [SYNCOPE-892] - RuntimeException when resizing tables
- [SYNCOPE-893] - International characters in group name
- [SYNCOPE-898] - Cannot set realm in user / group / any object templates for pull task
- [SYNCOPE-899] - neighborhood relationship type has no description
- [SYNCOPE-900] - Can't edit Camel routes in Console
- [SYNCOPE-901] - Syncope 2.0.0.X maven source artifacts missing
- [SYNCOPE-905] - Wrong entitlement evaluation
- [SYNCOPE-907] - Creating any object with relationship to another results in self-relationship
- [SYNCOPE-908] - Exception when searching for any object to fill relationship
- [SYNCOPE-911] - Enduser should allow empty values on non required select fields
- [SYNCOPE-912] - Registered users receive an error message after saving their own profile
- [SYNCOPE-915] - When changing connector's display name, the topology is not refreshed
- [SYNCOPE-916] - Content exporter includes unwanted items
- [SYNCOPE-918] - When a user has been successfully updated, logout link doesn't bring back to home page.
- [SYNCOPE-921] - Approval list not reloaded after approve/reject operations
- [SYNCOPE-923] - Sync / Pull task not configured for delete causes incremental sync to prematurely stop
- [SYNCOPE-927] - User creation randomly fails if capctha check has been disabled
- [SYNCOPE-928] - Table that stores user passwords store duplicate entries
Improvement
- [SYNCOPE-700] - Documentation artifacts
- [SYNCOPE-854] - Uploaded file preview for enduser
- [SYNCOPE-894] - Allow international characters in username, group's and any object's names
- [SYNCOPE-895] - Enable Secure Processing on all DocumentBuilderFactory/TransfomerFactory instances
- [SYNCOPE-896] - Non-mandatory DropDown attributes should show a blank value when no value is specified
- [SYNCOPE-902] - Provide helper method to retrieve all the groups of a user
- [SYNCOPE-906] - Allow reference to username and group / any object name as search parameters
- [SYNCOPE-909] - Consolidate Camel Processors
- [SYNCOPE-910] - Introduce new Camel propagation component
- [SYNCOPE-913] - Add and remove buttons in multivalue fields are not aligned
- [SYNCOPE-914] - Spinner should be always in front of any other element
- [SYNCOPE-919] - Adjust activiti user workflow to be able to remove users in createApproval status
- [SYNCOPE-920] - Allow to specify recipients provider class for notifications
- [SYNCOPE-925] - Allow domain selection from Swagger UI
Wish
- [SYNCOPE-885] - Skip configuration screen if no applicable values
- [SYNCOPE-890] - Display information on "Enable Realm Provisioning"
2.0.0-M4 (June 24th, 2016)
The forth milestone release from the new major series Syncope 2.0 Jazz is now available, bearing a relevant number of fixes and improvements over 2.0.0-M3.
Bug
- [SYNCOPE-845] - Type extensions not considered for user and any objects forms
- [SYNCOPE-863] - Pull policy correlation rule plain attributes palette doesn't work fine
- [SYNCOPE-865] - Random ConcurrentModificationException reported in the logs
- [SYNCOPE-867] - Creating a new notification template the list of available templates are not updated after submit
- [SYNCOPE-868] - Submit and cancel button not available in create report template modal page
- [SYNCOPE-869] - Missing notification in case of success after create and update
- [SYNCOPE-875] - Can't test LDAP Connector in admin console
- [SYNCOPE-876] - Fake after object reported by propagation in case of delete
Improvement
- [SYNCOPE-827] - Allow to specify user / group / any object filters for push tasks
- [SYNCOPE-829] - Use actual pagination for resource explore
- [SYNCOPE-852] - Add a good title including report/reportlet name modal used to edit report and reportlet
- [SYNCOPE-862] - Membership and type extension improvements
- [SYNCOPE-866] - Check for existence of key before adding template
- [SYNCOPE-870] - Refer to users and groups by their names in Activiti workflow definition
- [SYNCOPE-871] - Link NumberWidgets on the dashboard to their respective pages
- [SYNCOPE-873] - Remove list() methods from User, Group and AnyObject REST APIs
New Feature
- [SYNCOPE-721] - Enduser i18n
- [SYNCOPE-859] - External Resource bulk operations
- [SYNCOPE-860] - Allow listing group / role members
- [SYNCOPE-864] - Support for Payara
- [SYNCOPE-874] - Realm provisioning
2.0.0-M3 (June 3rd, 2016)
The third milestone release from the new major series Syncope 2.0 Jazz is now available, bearing a relevant number of fixes and improvements over 2.0.0-M2.
What's new
New Admin Console
Apache Syncope admin UI has been shining for the past five years, emerging as a beautiful gem from the old-fashioned and morose traditional IdM tools. But time flies, several competitors projects have built their own interfaces in the meanwhile, and it was about time to renew Apache Syncope primacy in this respect.
The admin UI is also available in Russian - besides English, Italian and Brazilian Portuguese.
This application is now feature-complete and ready to amaze with its complete, rich and dynamic UI.
Work In Progress: Documentation
Possibly the major, long-lasting, most claimed missing feature of open source projects in general, and Apache Syncope in particular.
The Apache Syncope team is currently producing a Getting Started guide (almost complete) and a Reference Guide with purpose of eliminating this Achilles' heel.
Migrating from older releases
The supporting tools are available and the procedure is now outlined and ready to be embedded into the Reference Guide.
Sub-task
- [SYNCOPE-719] - UI enhancements
- [SYNCOPE-745] - Complete Configuration
- [SYNCOPE-765] - Provide approval management
Bug
- [SYNCOPE-737] - UserWizardBuilder, the store internally password flag is not set properly
- [SYNCOPE-781] - Activiti Modeler breaks deployment from installer
- [SYNCOPE-783] - DateTime fields not correctly handled in Enduser
- [SYNCOPE-792] - Improve JEXL information text for "mandatory" when creating a new schema attribute
- [SYNCOPE-793] - Password" keys missing when creating a resource mapping
- [SYNCOPE-798] - Once authenticated to enduser, "Cancel" brings nowhere
- [SYNCOPE-799] - Do not allow admin user log in to enduser
- [SYNCOPE-800] - Synchronization fails in case of accountId mapped on derived attribute starting with literal
- [SYNCOPE-801] - Provisioning mappings are not saved
- [SYNCOPE-811] - Error message "'spinner' is required"
- [SYNCOPE-812] - Remove flickering
- [SYNCOPE-813] - Remove "mandatory" field from configuration parameter creation
- [SYNCOPE-814] - MasterContent.xml configuration is broken for "main"
- [SYNCOPE-817] - Switching between Connector Configuration tabs loses information
- [SYNCOPE-823] - Workflow XML editor pops up after closing Activiti Modeler
- [SYNCOPE-825] - CSS title under Realms: bad style
- [SYNCOPE-836] - On Firefox, once logged in can't log out and viceversa if cache is not have been cleared
- [SYNCOPE-837] - Bad appearance for + / - buttons under Chrome / Chromium
- [SYNCOPE-839] - Syncope 2.0.0-M2 has a missing dependency syncope-fit-build-build-tools
- [SYNCOPE-844] - When showing propagation task details stacktrace is reported instead
- [SYNCOPE-846] - Annoying flickering
- [SYNCOPE-847] - When creating virtual schema, the new item is not shown in the list
- [SYNCOPE-849] - Task execution popup does not resize properly on Chrome
- [SYNCOPE-850] - Heart icon to check connector connectivity does not show feedback panel on Chrome
Improvement
- [SYNCOPE-791] - Update UI to display what you're adding when creating a role
- [SYNCOPE-796] - Add favicon to enduser
- [SYNCOPE-797] - Automatically select a unique version for a Connector
- [SYNCOPE-802] - Improve Connector "Capabilities" layout
- [SYNCOPE-803] - Improve explanation for on/off buttons in the Connector Configuration
- [SYNCOPE-804] - Support the explanation of the Connector Configuration properties
- [SYNCOPE-805] - Select destination realm from a drop down list when creating a task
- [SYNCOPE-806] - Validate "standalone" resource provisioning
- [SYNCOPE-807] - When editing realms, select account and password policies from combo box
- [SYNCOPE-810] - Allow generated projects to include extensions in embedded mode
- [SYNCOPE-815] - Configure standalone to log under $CATALINA_HOME/logs
- [SYNCOPE-816] - Add message when no "plain" attributes available
- [SYNCOPE-818] - Allow to optionally specify the MappingItemTransformer class, for each mapping item
- [SYNCOPE-819] - Add deletion query across all components
- [SYNCOPE-820] - Allow to optionally specify user / group / any object template(s) for pull tasks
- [SYNCOPE-821] - Allow capability override on resources
- [SYNCOPE-822] - Replace Long autogenerated keys with UUIDs
- [SYNCOPE-824] - Push/Pull task "names" not marked as mandatory in the console
- [SYNCOPE-826] - Allow to specify any templates and logic actions from realm
- [SYNCOPE-830] - Associate notification tasks to related notifications
- [SYNCOPE-834] - Single WebSocketBehavior per page
- [SYNCOPE-835] - Allow to configure groups' type extensions
- [SYNCOPE-838] - review of logging state of the syncope enduser
- [SYNCOPE-841] - Admin console small tweaks and fixes
- [SYNCOPE-842] - Use gzip compression by default
- [SYNCOPE-848] - Include provision information in VirSchemaTO
- [SYNCOPE-851] - Add title per wizard step about user/group/anyobject
- [SYNCOPE-855] - Synchronization token management enhancement in case of errors
- [SYNCOPE-857] - JEXL-based transformation for mapping items
- [SYNCOPE-858] - Ensure afterObject is provided after propagation
New Feature
- [SYNCOPE-156] - New admin UI
- [SYNCOPE-701] - New end-user UI
- [SYNCOPE-788] - Show the propagation task(s) linked to a given user / group / any object
- [SYNCOPE-789] - Browse objects on external resources
- [SYNCOPE-790] - Allow user / group / any object admin form customization
- [SYNCOPE-828] - Russian translation for admin console
- [SYNCOPE-856] - Allow to provision all group's members upon request
Task
- [SYNCOPE-753] - Settle how to migrate from 1.2
- [SYNCOPE-777] - Update IzPack to 5.0.8
- [SYNCOPE-785] - Provide demo page on website
- [SYNCOPE-786] - Automatic demo deploy upon Jenkins build
- [SYNCOPE-787] - Enable Activiti Modeler for demo
2.0.0-M2 (March 21st, 2016)
3 months, 256 commits and 1.536 files changed after 2.0.0-M1, here is the second release from the new major series Syncope 2.0 Jazz.
What's new
End-user
As system integrators know, each single customer running an IdM solution requires to customize the end-user web interface (addressing self-registration, self-management and password reset) as much as possible, to match organization's needs, processes and look & feel.
Such brand new application is now complete, which allows extreme customization for each deployment.
Work In Progress: New Admin Console
Apache Syncope admin UI has been shining for the past five years, emerging as a beautiful gem from the old-fashioned and morose traditional IdM tools. But time flies, several competitors projects have built their own interfaces in the meanwhile, and it was about time to renew Apache Syncope primacy in this respect.
This new release, besides several improvements, brings a full-working dashboard, providing overview and control of several core aspects of the system.
Work In Progress: Documentation
Possibly the major, long-lasting, most claimed missing feature of open source projects in general, and Apache Syncope in particular.
The Apache Syncope team is currently producing a Getting Started guide (almost complete) and a Reference Guide with purpose of eliminating this Achilles' heel.
Migrating from older releases
This is work-in-progress, tracked as SYNCOPE-753.
Sub-task
- [SYNCOPE-720] - Unauthenticated password reset functionality
- [SYNCOPE-743] - Complete Topology
- [SYNCOPE-744] - Provide dashboard
- [SYNCOPE-746] - Migrate console extension mechanism from 1.2
- [SYNCOPE-752] - Re-enable console tests
Bug
- [SYNCOPE-730] - Datetime picker component is not working properly with some date formats
- [SYNCOPE-756] - Relationships with USERs on the right side have to be forbidden
- [SYNCOPE-758] - Workflow diagram not updated after saving from XML editor modal window
- [SYNCOPE-759] - Creation of a new AnyTypeClass doesn't check if the key is already used
- [SYNCOPE-762] - Last execution date value is always null for Sched, Sync and Push tasks
- [SYNCOPE-768] - Missing records in case of user list ordered by nullable schema
- [SYNCOPE-769] - Sync performance decrease
- [SYNCOPE-774] - Cannot update resource mapping
- [SYNCOPE-775] - Error when adding a dynamic user membership condition to a role
- [SYNCOPE-776] - Standalone 2.0.0-M1 does not start up
- [SYNCOPE-780] - On logout session is not completely cleared out
- [SYNCOPE-782] - DateParamConverterProvider not working with Widlfly 9
Improvement
- [SYNCOPE-155] - Better way to override console pages
- [SYNCOPE-742] - Upgrade to CXF 3.1.5
- [SYNCOPE-760] - Allow dynamic reloading of mail templates
- [SYNCOPE-761] - Allow dynamic reloading of report stylesheets
- [SYNCOPE-763] - Provide sample Audit reportlet
- [SYNCOPE-767] - Password Policy: mustn't contain value of the following attributes case insensitive
- [SYNCOPE-771] - Rename Sync to Pull
- [SYNCOPE-778] - Allow admins to force users' password change at next login
New Feature
- [SYNCOPE-750] - Statistics
- [SYNCOPE-766] - Reconciliation reportlet
Task
- [SYNCOPE-764] - Replace Hibernate Validator with Apache BVal
2.0.0-M1 (December 23rd, 2015)
More than one year, about 1000 commits and 200 issues resolved after Syncope 1.2 Intermezzo, here it comes the first release from the new major series Syncope 2.0 Jazz.
What's new
Any Objects
Traditional Identity Management and Provisioning used to care only about users and groups (or roles, depending on the terminology); with Syncope 2.0 instead, new object types can be defined so that any objects data can be managed: workstations, printers, folders, sensors, services, and so on. This positions Apache Syncope at the forefront for bringing Identity Management in the IoT world.
New Authorization Model
Permissions to operate in delegated administration are now granted on the basis of widespread concepts of realms and entitlements.
This also allows maintaining a hierarchical structure where to manage users, groups and any objects.
Multi-tenancy
A single Apache Syncope instance can now be shared by different tenants (domains), while keeping every domain's data in separate DBMS instances.
This simplifies handling of as-a-service scenarios for Apache Syncope.
CLI
DevOps and SysAdmins love it, it definitely represents one of the pillars of IT automation: Apache Syncope finally gains a full-fledged command-line administration tool.
Work In Progress: New Admin Console
Apache Syncope admin UI has been shining for the past five years, emerging as a beautiful gem from the old-fashioned and morose traditional IdM tools. But time flies, several competitors projects have built their own interfaces in the meanwhile, and it was about time to renew Apache Syncope primacy in this respect.
While still in progress, a completely new admin console is being built, with several features already ready for use.
Work In Progress: End-user
As system integrators know, each single customer running an IdM solution requires to customize the end-user web interface (addressing self-registration, self-management and password reset) as much as possible, to match organization's needs, processes and look & feel.
A brand new application is under development, while already being usable, which allows extreme customization for each deployment.
Work In Progress: Documentation
Possibly the major, long-lasting, most claimed missing feature of open source projects in general, and Apache Syncope in particular.
The Apache Syncope team is currently producing a Getting Started guide (almost complete) and a Reference Guide with purpose of eliminating this Achilles' heel.
...and much much more
- Several REST enhancements and increased compliance with standards and best-practices
- Swagger UI integration
- Code Refactoring
Every single line of code has been ported from Syncope 1.2 to 2.0 taking into account all sorts of enhancements and optimizations; moreover, the whole code organization was reviewed in order to increase the overall quality and allow easier manageability and extendability.
Migrating from older releases
This is work-in-progress, tracked as SYNCOPE-753.
Sub-task
- [SYNCOPE-552] - Provide Activiti modeler installation feature to installer
- [SYNCOPE-580] - Add user services to command line interface
- [SYNCOPE-581] - Add configuration services to command line interface
- [SYNCOPE-582] - Add connector services to command line interface
- [SYNCOPE-583] - Add entitlement services to command line interface
- [SYNCOPE-584] - Add logger services to command line interface
- [SYNCOPE-585] - Add notification services to command line interface
- [SYNCOPE-586] - Add policy services to command line interface
- [SYNCOPE-587] - Add report services to command line interface
- [SYNCOPE-588] - Add resource services to command line interface
- [SYNCOPE-589] - Add role services to command line interface
- [SYNCOPE-590] - Add schema services to command line interface
- [SYNCOPE-591] - Add security question services to command line interface
- [SYNCOPE-592] - Add task services to command line interface
- [SYNCOPE-595] - Add workflow services to command line interface
- [SYNCOPE-626] - make it possible to disallow using the username as password
- [SYNCOPE-636] - Include proper LICENSE & NOTICE in the dist artifact
- [SYNCOPE-711] - Add domain services to command line interface
- [SYNCOPE-718] - Add missing integrations
- [SYNCOPE-722] - CLI documentation
- [SYNCOPE-723] - Create bash script file to wrap java command
- [SYNCOPE-724] - create properties file as help messages
- [SYNCOPE-727] - Integration test
- [SYNCOPE-728] - Delete all users
- [SYNCOPE-740] - Website update for 2.0.0
Bug
- [SYNCOPE-532] - Installer does not pick Syncope version from POM
- [SYNCOPE-539] - Edit user with resources causes Ajax failure
- [SYNCOPE-540] - Console build fails on Windows
- [SYNCOPE-543] - Role's "Inherit Attributes" does not inherit from parent role for check box attribute
- [SYNCOPE-545] - Date field without conversion pattern specified goes in NPE if deleting date
- [SYNCOPE-547] - Cannot send e-mails out when SMTP server requires authentication
- [SYNCOPE-548] - Provide Activiti Modeler setup instructions
- [SYNCOPE-549] - Activiti Modeler always show the default workflow definition
- [SYNCOPE-551] - Admin console shows 24 roles at most in the role tree
- [SYNCOPE-553] - Internal Server Error when creating account policy
- [SYNCOPE-554] - Class Cast Exception when syncronization task starts
- [SYNCOPE-556] - Error in the enum schema when trying to add new enumeration value/label
- [SYNCOPE-557] - Exception during report execution when matching condition is not provided for user and role reportlets
- [SYNCOPE-560] - build-tools classes artifact not published to Maven repository
- [SYNCOPE-561] - HTML reports not displayed correctly with no external resources
- [SYNCOPE-562] - Duplicated configuration parameters in the CATTR table
- [SYNCOPE-564] - Error while viewing user details in approval request workflow from Approvers login
- [SYNCOPE-565] - Error on ResourceModalPage when override a SpinnerField in the ConnectorModalPage
- [SYNCOPE-566] - Name attribute value disappears after changing attribute type during schema manipulation
- [SYNCOPE-567] - Security question is not displayed correctly during password reset
- [SYNCOPE-568] - Connectors configuration "check connection"
- [SYNCOPE-569] - The user status is not propagated on the resources
- [SYNCOPE-571] - ResourceConnConfPanel feedback panel does not work
- [SYNCOPE-572] - overridable resource connector properties cannot be changed
- [SYNCOPE-574] - NullPointerException in ConnInstanceDataBinder with Java 8
- [SYNCOPE-576] - The values of configuration parameters are not saved
- [SYNCOPE-578] - Role bulk delete not working
- [SYNCOPE-596] - Standalone persistence not configured for H2
- [SYNCOPE-597] - Error when serializating SyncToken with byte array type during sync task from Active Directory
- [SYNCOPE-598] - Push Task fails on role with LDAP resource with rolemapping defined
- [SYNCOPE-600] - Approval chains do not work from second form onwards
- [SYNCOPE-601] - AD deleted object synchronization fails if a sync policy is specified on one or more attributes that can have no values on Syncope
- [SYNCOPE-603] - Remote unauthorized exception when a user makes a request to add a role to his profile
- [SYNCOPE-605] - Impossible to update the connector capabilities
- [SYNCOPE-607] - Error when adding a value to a multivalue configuration parameter of type long
- [SYNCOPE-608] - Cannot configure audit for AuthenticationController
- [SYNCOPE-610] - Installer doesn't update the console.properties with the container port
- [SYNCOPE-611] - An approver displays all approval tasks including those not assigned to him
- [SYNCOPE-613] - delete overridable connector configuration property of type array String in resource edit panel
- [SYNCOPE-614] - NotificationJob fails with NullPointerException
- [SYNCOPE-615] - Updating properties and xml files of the installer module with the current version
- [SYNCOPE-617] - User/role schema attribute with minus symbol in name
- [SYNCOPE-625] - Build fails with Java 6
- [SYNCOPE-629] - ATTRTEMPLATE entities not exported
- [SYNCOPE-632] - Errors during update propagation when derived attribute is configured as account id
- [SYNCOPE-638] - MAttrTemplate and RAttrTemplate sequence values are not managed in content.xml
- [SYNCOPE-639] - Notification 'recipientAttrType' and 'recipientAttrName' are not required
- [SYNCOPE-641] - Concurrency issues with multiple client threads
- [SYNCOPE-643] - WorkflowResult provides unmodifiable collection for performed tasks
- [SYNCOPE-644] - Error during synchronization of roles when using a RoleSchema as accountId
- [SYNCOPE-647] - Problem during propagation of an updated membership on a resource
- [SYNCOPE-649] - Paged lists not working properly
- [SYNCOPE-654] - Some generic and uninformative error messages
- [SYNCOPE-656] - Debian configuration files overwrittern
- [SYNCOPE-658] - Duplicate derived attribute after sync task when it is configured as accountid for the synched resource
- [SYNCOPE-659] - Wrong fasterxml.jackson, common-lang3 version in the Import-Package in the syncope-common, syncope-client
- [SYNCOPE-664] - Empty string values not allowed with Oracle DB
- [SYNCOPE-668] - JobInstanceLoader class is not able to return the correct Task id or Report id from its job name
- [SYNCOPE-669] - Search filter in the notifications doesn't work properly
- [SYNCOPE-670] - Prpagation miss all UserMod's changes performed by the Activiti update service task
- [SYNCOPE-671] - Changed password value is not propagated to external resources on successful password reset
- [SYNCOPE-672] - Console doesn't display the right condition when configuring a search filter with a resource
- [SYNCOPE-673] - Null ids in SyncJob report
- [SYNCOPE-678] - Password generation fails with no password policy or no min / max length
- [SYNCOPE-684] - Password not updated on external resources from self-service
- [SYNCOPE-686] - Indirect LDAP resource provisioning fails on missing password
- [SYNCOPE-688] - JSON (de)serialization not working in Glassfish 4.1
- [SYNCOPE-691] - Multivalue virtual attribute does not work
- [SYNCOPE-702] - Documentation issue on Architecture section
- [SYNCOPE-703] - Static WADL is missing extension services
- [SYNCOPE-706] - INTERNAL_SERVER_ERROR when authenticating with non existing username
- [SYNCOPE-707] - ConfigurationLogic doesn't check the existence of key during deletion.
- [SYNCOPE-710] - Password propagation not occuring if other updates are set on different resources
- [SYNCOPE-717] - Inconsistent double attribute value management
- [SYNCOPE-729] - Skipped remote update during resource assignment if connector CREATE capability is not provided
- [SYNCOPE-733] - Table sort does not work fine in case of multi paged result
- [SYNCOPE-735] - Acitiviti history tables uncontrolled growth
- [SYNCOPE-739] - Virtual attributes are not updated after a sync task
- [SYNCOPE-741] - Tasks page unusable when a task has thousand executions
Improvement
- [SYNCOPE-120] - Avoid duplication in console's authorization management
- [SYNCOPE-139] - Support OpenICF connector bundles
- [SYNCOPE-141] - Concurrent propagation
- [SYNCOPE-142] - Asynchronous propagation
- [SYNCOPE-391] - Make password management optional
- [SYNCOPE-536] - Upgrade to Activiti 5.16
- [SYNCOPE-538] - Externalize all WAR configuration
- [SYNCOPE-550] - Provide cleaner user workflow definition for production
- [SYNCOPE-555] - check for id != 0 in *Controller.resolveReference()
- [SYNCOPE-570] - Remove usage of deprecated com.thoughtworks.selenium.Selenium
- [SYNCOPE-575] - Choose between stable and snapshot release
- [SYNCOPE-599] - Enhance console's authorization.xml parsing
- [SYNCOPE-602] - Make form approver available as workflow variable
- [SYNCOPE-604] - allow configuring empty connid location list
- [SYNCOPE-612] - explicit configuration of Velocity logging
- [SYNCOPE-616] - Improving the management of the xml and properties files inside the installer
- [SYNCOPE-618] - Upgrade Activiti to 5.17
- [SYNCOPE-620] - Code re-organization
- [SYNCOPE-621] - Reduce log level of bean validation errors (in data binder)
- [SYNCOPE-622] - Improve VirAttrCache management
- [SYNCOPE-627] - Camel provisioning manager: separate user / role route management and introduce Unit Test
- [SYNCOPE-630] - Eliminate duplicate Syncope WADL methods
- [SYNCOPE-634] - performance optimization for content loading
- [SYNCOPE-637] - Let user choose extensions
- [SYNCOPE-640] - Allow MariaDB to be chosen with installer
- [SYNCOPE-645] - Provide validation error message when add a role attribute in a user mapping as accountId
- [SYNCOPE-646] - Do not propagate password if not explicitely requested
- [SYNCOPE-648] - Notification Configuration: missing some labels in events
- [SYNCOPE-651] - SyncopeUser:checkToken() should fail if token is not set on user
- [SYNCOPE-660] - Extend control over asynchronous job execution
- [SYNCOPE-661] - Remove overloaded methods from REST services
- [SYNCOPE-663] - Option to ignore users / roles during synchronization or push
- [SYNCOPE-665] - Introduce LogicActions for users and groups
- [SYNCOPE-674] - NotificationManager should be able to return a list of created task ids
- [SYNCOPE-676] - Option for getting simplified list of users and roles
- [SYNCOPE-679] - Deferred tasks
- [SYNCOPE-680] - Recipient provider extension class
- [SYNCOPE-692] - List and search on external resources
- [SYNCOPE-694] - PATCH and PUT update for users, groups and any objects
- [SYNCOPE-696] - Allow to restrict task list
- [SYNCOPE-705] - Support gzip compression for REST services
- [SYNCOPE-708] - Conform the Logger "service stack" to others
- [SYNCOPE-709] - Virtual attributes management refactoring
- [SYNCOPE-713] - Remove ConfTO object from ConfigurationService
- [SYNCOPE-714] - Add the possibility to override the capabilities of the connector
- [SYNCOPE-715] - Configure whether password hash values should be returned via REST calls
- [SYNCOPE-725] - Derived attributes management refactoring
- [SYNCOPE-731] - Fine-grained entitlements for any objects
- [SYNCOPE-732] - Filtered reconciliation for synchronization
- [SYNCOPE-736] - Exchange JSON by default
- [SYNCOPE-747] - Option to disable tasks / reports
- [SYNCOPE-748] - Selectively delete task and report executions
- [SYNCOPE-749] - Human-readable date values for JSON payloads
- [SYNCOPE-751] - Preview for PDF binary values
New Feature
- [SYNCOPE-119] - Realm-based authorization
- [SYNCOPE-135] - Password reset
- [SYNCOPE-140] - Dynamic role and group memberships
- [SYNCOPE-143] - GUI Installer
- [SYNCOPE-158] - CLI admin tool
- [SYNCOPE-558] - Ability to configure which user, role and membership attributes to display, and in which order
- [SYNCOPE-623] - Provisioning manager integration
- [SYNCOPE-650] - Handling errors for external resource operations
- [SYNCOPE-652] - Domains
- [SYNCOPE-666] - Any objects
- [SYNCOPE-685] - Custom Account / Password policy specifications
- [SYNCOPE-690] - Must change password at next login
- [SYNCOPE-693] - Use ConnId 1.4 pagination API
- [SYNCOPE-695] - REST endpoints for attribute CRUD
- [SYNCOPE-698] - Pluggable transformation for resource mapping items
- [SYNCOPE-704] - Swagger extension
Task
- [SYNCOPE-494] - Set Java 7 as minimum requirement
- [SYNCOPE-537] - Upgrade to ConnId 1.4.0.0
- [SYNCOPE-573] - Upgrade ConnId connectors to latest versions featuring ConnId 1.4.0.0
- [SYNCOPE-633] - Add support for MariaDB
- [SYNCOPE-635] - Upgrade CSVDir connector bundle dependency version
- [SYNCOPE-642] - Upgrade to ConnId 1.4.1.0
- [SYNCOPE-653] - Upgrade Spring Security to 4.0.0.RELEASE
- [SYNCOPE-657] - Enable build-time Checkstyle checks
- [SYNCOPE-662] - Upgrade to OpenJPA 2.4.0
- [SYNCOPE-697] - Clean up ONE_PHASE / TWO_PHASES
Wish
- [SYNCOPE-535] - Provide Debian packages for Apache Syncope
Bug
- [SYNCOPE-1205] - Serialization exception in the logs when editing users pending approval
- [SYNCOPE-1206] - Dynamic membership updates not considered for provisioning during update
- [SYNCOPE-1207] - Audit: incorrect output element reported for Pull Tasks
- [SYNCOPE-1210] - Random password generation fails for push tasks
- [SYNCOPE-1211] - syncope migration 1.2 to 2.0 users blocked to 200
- [SYNCOPE-1213] - Syncope console should advice user about exceeded file size
- [SYNCOPE-1214] - Error when sorting Users by Realm
- [SYNCOPE-1215] - Multivalue readonly fields allow frontend deletion
- [SYNCOPE-1217] - Using the JAVA API is possible to create a Realm with the same name in the same parent realm
Improvement
- [SYNCOPE-1212] - Allow for easier Pull / Push processes customization
Task
- [SYNCOPE-1186] - Remove copy of SAMLSSOResponseValidator and SSOValidatorResponse when CXF 3.1.13 is out