2.0.0-M3 (June 3rd, 2016)

The third milestone release from the new major series Syncope 2.0 Jazz is now available, bearing a relevant number of fixes and improvements over 2.0.0-M2.

What's new

New Admin Console

Sub-task

• [SYNCOPE-719] - UI enhancements
• [SYNCOPE-745] - Complete Configuration
• [SYNCOPE-765] - Provide approval management

Bug

• [SYNCOPE-737] - UserWizardBuilder, the store internally password flag is not set properly
• [SYNCOPE-781] - Activiti Modeler breaks deployment from installer
• [SYNCOPE-783] - DateTime fields not correctly handled in Enduser
• [SYNCOPE-792] - Improve JEXL information text for "mandatory" when creating a new schema attribute
• [SYNCOPE-793] - Password" keys missing when creating a resource mapping
• [SYNCOPE-798] - Once authenticated to enduser, "Cancel" brings nowhere
• [SYNCOPE-799] - Do not allow admin user log in to enduser
• [SYNCOPE-800] - Synchronization fails in case of accountId mapped on derived attribute starting with literal
• [SYNCOPE-801] - Provisioning mappings are not saved
• [SYNCOPE-811] - Error message "'spinner' is required"
• [SYNCOPE-812] - Remove flickering
• [SYNCOPE-813] - Remove "mandatory" field from configuration parameter creation
• [SYNCOPE-814] - MasterContent.xml configuration is broken for "main"
• [SYNCOPE-817] - Switching between Connector Configuration tabs loses information
• [SYNCOPE-823] - Workflow XML editor pops up after closing Activiti Modeler
• [SYNCOPE-825] - CSS title under Realms: bad style
• [SYNCOPE-836] - On Firefox, once logged in can't log out and viceversa if cache is not have been cleared
• [SYNCOPE-837] - Bad appearance for + / - buttons under Chrome / Chromium
• [SYNCOPE-839] - Syncope 2.0.0-M2 has a missing dependency syncope-fit-build-build-tools
• [SYNCOPE-844] - When showing propagation task details stacktrace is reported instead
• [SYNCOPE-846] - Annoying flickering
• [SYNCOPE-847] - When creating virtual schema, the new item is not shown in the list
• [SYNCOPE-849] - Task execution popup does not resize properly on Chrome
• [SYNCOPE-850] - Heart icon to check connector connectivity does not show feedback panel on Chrome

Improvement

• [SYNCOPE-791] - Update UI to display what you're adding when creating a role
• [SYNCOPE-796] - Add favicon to enduser
• [SYNCOPE-797] - Automatically select a unique version for a Connector
• [SYNCOPE-802] - Improve Connector "Capabilities" layout
• [SYNCOPE-803] - Improve explanation for on/off buttons in the Connector Configuration
• [SYNCOPE-804] - Support the explanation of the Connector Configuration properties
• [SYNCOPE-805] - Select destination realm from a drop down list when creating a task
• [SYNCOPE-806] - Validate "standalone" resource provisioning
• [SYNCOPE-807] - When editing realms, select account and password policies from combo box
• [SYNCOPE-810] - Allow generated projects to include extensions in embedded mode
• [SYNCOPE-815] - Configure standalone to log under $CATALINA_HOME/logs
• [SYNCOPE-816] - Add message when no "plain" attributes available
• [SYNCOPE-818] - Allow to optionally specify the MappingItemTransformer class, for each mapping item
• [SYNCOPE-819] - Add deletion query across all components
• [SYNCOPE-820] - Allow to optionally specify user / group / any object template(s) for pull tasks
• [SYNCOPE-821] - Allow capability override on resources
• [SYNCOPE-822] - Replace Long autogenerated keys with UUIDs
• [SYNCOPE-824] - Push/Pull task "names" not marked as mandatory in the console
• [SYNCOPE-826] - Allow to specify any templates and logic actions from realm
• [SYNCOPE-830] - Associate notification tasks to related notifications
• [SYNCOPE-834] - Single WebSocketBehavior per page
• [SYNCOPE-835] - Allow to configure groups' type extensions
• [SYNCOPE-838] - review of logging state of the syncope enduser
• [SYNCOPE-841] - Admin console small tweaks and fixes
• [SYNCOPE-842] - Use gzip compression by default
• [SYNCOPE-848] - Include provision information in VirSchemaTO
• [SYNCOPE-851] - Add title per wizard step about user/group/anyobject
• [SYNCOPE-855] - Synchronization token management enhancement in case of errors
• [SYNCOPE-857] - JEXL-based transformation for mapping items
• [SYNCOPE-858] - Ensure afterObject is provided after propagation

New Feature

• [SYNCOPE-156] - New admin UI
• [SYNCOPE-701] - New end-user UI
• [SYNCOPE-788] - Show the propagation task(s) linked to a given user / group / any object
• [SYNCOPE-789] - Browse objects on external resources
• [SYNCOPE-790] - Allow user / group / any object admin form customization
• [SYNCOPE-828] - Russian translation for admin console
• [SYNCOPE-856] - Allow to provision all group's members upon request

Task

• [SYNCOPE-753] - Settle how to migrate from 1.2
• [SYNCOPE-777] - Update IzPack to 5.0.8
• [SYNCOPE-785] - Provide demo page on website
• [SYNCOPE-786] - Automatic demo deploy upon Jenkins build
• [SYNCOPE-787] - Enable Activiti Modeler for demo

2.0.0-M2 (March 21st, 2016)

3 months, 256 commits and 1.536 files changed after 2.0.0-M1, here is the second release from the new major series Syncope 2.0 Jazz.

What's new

End-user

As system integrators know, each single customer running an IdM solution requires to customize the end-user web interface (addressing self-registration, self-management and password reset) as much as possible, to match organization's needs, processes and look & feel.

Such brand new application is now complete, which allows extreme customization for each deployment.

Work In Progress: New Admin Console

Apache Syncope admin UI has been shining for the past five years, emerging as a beautiful gem from the old-fashioned and morose traditional IdM tools. But time flies, several competitors projects have built their own interfaces in the meanwhile, and it was about time to renew Apache Syncope primacy in this respect.

This new release, besides several improvements, brings a full-working dashboard, providing overview and control of several core aspects of the system.

Work In Progress: Documentation

Possibly the major, long-lasting, most claimed missing feature of open source projects in general, and Apache Syncope in particular.

The Apache Syncope team is currently producing a Getting Started guide (almost complete) and a Reference Guide with purpose of eliminating this Achilles' heel.

Migrating from older releases

This is work-in-progress, tracked as SYNCOPE-753.

Sub-task

• [SYNCOPE-720] - Unauthenticated password reset functionality
• [SYNCOPE-743] - Complete Topology
• [SYNCOPE-744] - Provide dashboard
• [SYNCOPE-746] - Migrate console extension mechanism from 1.2
• [SYNCOPE-752] - Re-enable console tests

Bug

• [SYNCOPE-730] - Datetime picker component is not working properly with some date formats
• [SYNCOPE-756] - Relationships with USERs on the right side have to be forbidden
• [SYNCOPE-758] - Workflow diagram not updated after saving from XML editor modal window
• [SYNCOPE-759] - Creation of a new AnyTypeClass doesn't check if the key is already used
• [SYNCOPE-762] - Last execution date value is always null for Sched, Sync and Push tasks
• [SYNCOPE-768] - Missing records in case of user list ordered by nullable schema
• [SYNCOPE-769] - Sync performance decrease
• [SYNCOPE-774] - Cannot update resource mapping
• [SYNCOPE-775] - Error when adding a dynamic user membership condition to a role
• [SYNCOPE-776] - Standalone 2.0.0-M1 does not start up
• [SYNCOPE-780] - On logout session is not completely cleared out
• [SYNCOPE-782] - DateParamConverterProvider not working with Widlfly 9

Improvement

• [SYNCOPE-155] - Better way to override console pages
• [SYNCOPE-742] - Upgrade to CXF 3.1.5
• [SYNCOPE-760] - Allow dynamic reloading of mail templates
• [SYNCOPE-761] - Allow dynamic reloading of report stylesheets
• [SYNCOPE-763] - Provide sample Audit reportlet
• [SYNCOPE-767] - Password Policy: mustn't contain value of the following attributes case insensitive
• [SYNCOPE-771] - Rename Sync to Pull
• [SYNCOPE-778] - Allow admins to force users' password change at next login

New Feature

• [SYNCOPE-750] - Statistics
• [SYNCOPE-766] - Reconciliation reportlet

Task

• [SYNCOPE-764] - Replace Hibernate Validator with Apache BVal

2.0.0-M1 (December 23rd, 2015)

More than one year, about 1000 commits and 200 issues resolved after Syncope 1.2 Intermezzo, here it comes the first release from the new major series Syncope 2.0 Jazz.

What's new

Any Objects

Traditional Identity Management and Provisioning used to care only about users and groups (or roles, depending on the terminology); with Syncope 2.0 instead, new object types can be defined so that any objects data can be managed: workstations, printers, folders, sensors, services, and so on. This positions Apache Syncope at the forefront for bringing Identity Management in the IoT world.

New Authorization Model

Permissions to operate in delegated administration are now granted on the basis of widespread concepts of realms and entitlements.
This also allows maintaining a hierarchical structure where to manage users, groups and any objects.

Multi-tenancy

A single Apache Syncope instance can now be shared by different tenants (domains), while keeping every domain's data in separate DBMS instances.
This simplifies handling of as-a-service scenarios for Apache Syncope.

CLI

DevOps and SysAdmins love it, it definitely represents one of the pillars of IT automation: Apache Syncope finally gains a full-fledged command-line administration tool.

Work In Progress: New Admin Console

Apache Syncope admin UI has been shining for the past five years, emerging as a beautiful gem from the old-fashioned and morose traditional IdM tools. But time flies, several competitors projects have built their own interfaces in the meanwhile, and it was about time to renew Apache Syncope primacy in this respect.

While still in progress, a completely new admin console is being built, with several features already ready for use.

Work In Progress: End-user

As system integrators know, each single customer running an IdM solution requires to customize the end-user web interface (addressing self-registration, self-management and password reset) as much as possible, to match organization's needs, processes and look & feel.

A brand new application is under development, while already being usable, which allows extreme customization for each deployment.

Work In Progress: Documentation

Possibly the major, long-lasting, most claimed missing feature of open source projects in general, and Apache Syncope in particular.

The Apache Syncope team is currently producing a Getting Started guide (almost complete) and a Reference Guide with purpose of eliminating this Achilles' heel.

...and much much more

1. Several REST enhancements and increased compliance with standards and best-practices
2. Swagger UI integration
3. Code Refactoring
   Every single line of code has been ported from Syncope 1.2 to 2.0 taking into account all sorts of enhancements and optimizations; moreover, the whole code organization was reviewed in order to increase the overall quality and allow easier manageability and extendability.

Migrating from older releases

This is work-in-progress, tracked as SYNCOPE-753.

Sub-task

• [SYNCOPE-552] - Provide Activiti modeler installation feature to installer
• [SYNCOPE-580] - Add user services to command line interface
• [SYNCOPE-581] - Add configuration services to command line interface
• [SYNCOPE-582] - Add connector services to command line interface
• [SYNCOPE-583] - Add entitlement services to command line interface
• [SYNCOPE-584] - Add logger services to command line interface
• [SYNCOPE-585] - Add notification services to command line interface
• [SYNCOPE-586] - Add policy services to command line interface
• [SYNCOPE-587] - Add report services to command line interface
• [SYNCOPE-588] - Add resource services to command line interface
• [SYNCOPE-589] - Add role services to command line interface
• [SYNCOPE-590] - Add schema services to command line interface
• [SYNCOPE-591] - Add security question services to command line interface
• [SYNCOPE-592] - Add task services to command line interface
• [SYNCOPE-595] - Add workflow services to command line interface
• [SYNCOPE-626] - make it possible to disallow using the username as password
• [SYNCOPE-636] - Include proper LICENSE & NOTICE in the dist artifact
• [SYNCOPE-711] - Add domain services to command line interface
• [SYNCOPE-718] - Add missing integrations
• [SYNCOPE-722] - CLI documentation
• [SYNCOPE-723] - Create bash script file to wrap java command
• [SYNCOPE-724] - create properties file as help messages
• [SYNCOPE-727] - Integration test
• [SYNCOPE-728] - Delete all users
• [SYNCOPE-740] - Website update for 2.0.0

Bug

• [SYNCOPE-532] - Installer does not pick Syncope version from POM
• [SYNCOPE-539] - Edit user with resources causes Ajax failure
• [SYNCOPE-540] - Console build fails on Windows
• [SYNCOPE-543] - Role's "Inherit Attributes" does not inherit from parent role for check box attribute
• [SYNCOPE-545] - Date field without conversion pattern specified goes in NPE if deleting date
• [SYNCOPE-547] - Cannot send e-mails out when SMTP server requires authentication
• [SYNCOPE-548] - Provide Activiti Modeler setup instructions
• [SYNCOPE-549] - Activiti Modeler always show the default workflow definition
• [SYNCOPE-551] - Admin console shows 24 roles at most in the role tree
• [SYNCOPE-553] - Internal Server Error when creating account policy
• [SYNCOPE-554] - Class Cast Exception when syncronization task starts
• [SYNCOPE-556] - Error in the enum schema when trying to add new enumeration value/label
• [SYNCOPE-557] - Exception during report execution when matching condition is not provided for user and role reportlets
• [SYNCOPE-560] - build-tools classes artifact not published to Maven repository
• [SYNCOPE-561] - HTML reports not displayed correctly with no external resources
• [SYNCOPE-562] - Duplicated configuration parameters in the CATTR table
• [SYNCOPE-564] - Error while viewing user details in approval request workflow from Approvers login
• [SYNCOPE-565] - Error on ResourceModalPage when override a SpinnerField in the ConnectorModalPage
• [SYNCOPE-566] - Name attribute value disappears after changing attribute type during schema manipulation
• [SYNCOPE-567] - Security question is not displayed correctly during password reset
• [SYNCOPE-568] - Connectors configuration "check connection"
• [SYNCOPE-569] - The user status is not propagated on the resources
• [SYNCOPE-571] - ResourceConnConfPanel feedback panel does not work
• [SYNCOPE-572] - overridable resource connector properties cannot be changed
• [SYNCOPE-574] - NullPointerException in ConnInstanceDataBinder with Java 8
• [SYNCOPE-576] - The values of configuration parameters are not saved
• [SYNCOPE-578] - Role bulk delete not working
• [SYNCOPE-596] - Standalone persistence not configured for H2
• [SYNCOPE-597] - Error when serializating SyncToken with byte array type during sync task from Active Directory
• [SYNCOPE-598] - Push Task fails on role with LDAP resource with rolemapping defined
• [SYNCOPE-600] - Approval chains do not work from second form onwards
• [SYNCOPE-601] - AD deleted object synchronization fails if a sync policy is specified on one or more attributes that can have no values on Syncope
• [SYNCOPE-603] - Remote unauthorized exception when a user makes a request to add a role to his profile
• [SYNCOPE-605] - Impossible to update the connector capabilities
• [SYNCOPE-607] - Error when adding a value to a multivalue configuration parameter of type long
• [SYNCOPE-608] - Cannot configure audit for AuthenticationController
• [SYNCOPE-610] - Installer doesn't update the console.properties with the container port
• [SYNCOPE-611] - An approver displays all approval tasks including those not assigned to him
• [SYNCOPE-613] - delete overridable connector configuration property of type array String in resource edit panel
• [SYNCOPE-614] - NotificationJob fails with NullPointerException
• [SYNCOPE-615] - Updating properties and xml files of the installer module with the current version
• [SYNCOPE-617] - User/role schema attribute with minus symbol in name
• [SYNCOPE-625] - Build fails with Java 6
• [SYNCOPE-629] - ATTRTEMPLATE entities not exported
• [SYNCOPE-632] - Errors during update propagation when derived attribute is configured as account id
• [SYNCOPE-638] - MAttrTemplate and RAttrTemplate sequence values are not managed in content.xml
• [SYNCOPE-639] - Notification 'recipientAttrType' and 'recipientAttrName' are not required
• [SYNCOPE-641] - Concurrency issues with multiple client threads
• [SYNCOPE-643] - WorkflowResult provides unmodifiable collection for performed tasks
• [SYNCOPE-644] - Error during synchronization of roles when using a RoleSchema as accountId
• [SYNCOPE-647] - Problem during propagation of an updated membership on a resource
• [SYNCOPE-649] - Paged lists not working properly
• [SYNCOPE-654] - Some generic and uninformative error messages
• [SYNCOPE-656] - Debian configuration files overwrittern
• [SYNCOPE-658] - Duplicate derived attribute after sync task when it is configured as accountid for the synched resource
• [SYNCOPE-659] - Wrong fasterxml.jackson, common-lang3 version in the Import-Package in the syncope-common, syncope-client
• [SYNCOPE-664] - Empty string values not allowed with Oracle DB
• [SYNCOPE-668] - JobInstanceLoader class is not able to return the correct Task id or Report id from its job name
• [SYNCOPE-669] - Search filter in the notifications doesn't work properly
• [SYNCOPE-670] - Prpagation miss all UserMod's changes performed by the Activiti update service task
• [SYNCOPE-671] - Changed password value is not propagated to external resources on successful password reset
• [SYNCOPE-672] - Console doesn't display the right condition when configuring a search filter with a resource
• [SYNCOPE-673] - Null ids in SyncJob report
• [SYNCOPE-678] - Password generation fails with no password policy or no min / max length
• [SYNCOPE-684] - Password not updated on external resources from self-service
• [SYNCOPE-686] - Indirect LDAP resource provisioning fails on missing password
• [SYNCOPE-688] - JSON (de)serialization not working in Glassfish 4.1
• [SYNCOPE-691] - Multivalue virtual attribute does not work
• [SYNCOPE-702] - Documentation issue on Architecture section
• [SYNCOPE-703] - Static WADL is missing extension services
• [SYNCOPE-706] - INTERNAL_SERVER_ERROR when authenticating with non existing username
• [SYNCOPE-707] - ConfigurationLogic doesn't check the existence of key during deletion.
• [SYNCOPE-710] - Password propagation not occuring if other updates are set on different resources
• [SYNCOPE-717] - Inconsistent double attribute value management
• [SYNCOPE-729] - Skipped remote update during resource assignment if connector CREATE capability is not provided
• [SYNCOPE-733] - Table sort does not work fine in case of multi paged result
• [SYNCOPE-735] - Acitiviti history tables uncontrolled growth
• [SYNCOPE-739] - Virtual attributes are not updated after a sync task
• [SYNCOPE-741] - Tasks page unusable when a task has thousand executions

Improvement

• [SYNCOPE-120] - Avoid duplication in console's authorization management
• [SYNCOPE-139] - Support OpenICF connector bundles
• [SYNCOPE-141] - Concurrent propagation
• [SYNCOPE-142] - Asynchronous propagation
• [SYNCOPE-391] - Make password management optional
• [SYNCOPE-536] - Upgrade to Activiti 5.16
• [SYNCOPE-538] - Externalize all WAR configuration
• [SYNCOPE-550] - Provide cleaner user workflow definition for production
• [SYNCOPE-555] - check for id != 0 in *Controller.resolveReference()
• [SYNCOPE-570] - Remove usage of deprecated com.thoughtworks.selenium.Selenium
• [SYNCOPE-575] - Choose between stable and snapshot release
• [SYNCOPE-599] - Enhance console's authorization.xml parsing
• [SYNCOPE-602] - Make form approver available as workflow variable
• [SYNCOPE-604] - allow configuring empty connid location list
• [SYNCOPE-612] - explicit configuration of Velocity logging
• [SYNCOPE-616] - Improving the management of the xml and properties files inside the installer
• [SYNCOPE-618] - Upgrade Activiti to 5.17
• [SYNCOPE-620] - Code re-organization
• [SYNCOPE-621] - Reduce log level of bean validation errors (in data binder)
• [SYNCOPE-622] - Improve VirAttrCache management
• [SYNCOPE-627] - Camel provisioning manager: separate user / role route management and introduce Unit Test
• [SYNCOPE-630] - Eliminate duplicate Syncope WADL methods
• [SYNCOPE-634] - performance optimization for content loading
• [SYNCOPE-637] - Let user choose extensions
• [SYNCOPE-640] - Allow MariaDB to be chosen with installer
• [SYNCOPE-645] - Provide validation error message when add a role attribute in a user mapping as accountId
• [SYNCOPE-646] - Do not propagate password if not explicitely requested
• [SYNCOPE-648] - Notification Configuration: missing some labels in events
• [SYNCOPE-651] - SyncopeUser:checkToken() should fail if token is not set on user
• [SYNCOPE-660] - Extend control over asynchronous job execution
• [SYNCOPE-661] - Remove overloaded methods from REST services
• [SYNCOPE-663] - Option to ignore users / roles during synchronization or push
• [SYNCOPE-665] - Introduce LogicActions for users and groups
• [SYNCOPE-674] - NotificationManager should be able to return a list of created task ids
• [SYNCOPE-676] - Option for getting simplified list of users and roles
• [SYNCOPE-679] - Deferred tasks
• [SYNCOPE-680] - Recipient provider extension class
• [SYNCOPE-692] - List and search on external resources
• [SYNCOPE-694] - PATCH and PUT update for users, groups and any objects
• [SYNCOPE-696] - Allow to restrict task list
• [SYNCOPE-705] - Support gzip compression for REST services
• [SYNCOPE-708] - Conform the Logger "service stack" to others
• [SYNCOPE-709] - Virtual attributes management refactoring
• [SYNCOPE-713] - Remove ConfTO object from ConfigurationService
• [SYNCOPE-714] - Add the possibility to override the capabilities of the connector
• [SYNCOPE-715] - Configure whether password hash values should be returned via REST calls
• [SYNCOPE-725] - Derived attributes management refactoring
• [SYNCOPE-731] - Fine-grained entitlements for any objects
• [SYNCOPE-732] - Filtered reconciliation for synchronization
• [SYNCOPE-736] - Exchange JSON by default
• [SYNCOPE-747] - Option to disable tasks / reports
• [SYNCOPE-748] - Selectively delete task and report executions
• [SYNCOPE-749] - Human-readable date values for JSON payloads
• [SYNCOPE-751] - Preview for PDF binary values

New Feature

• [SYNCOPE-119] - Realm-based authorization
• [SYNCOPE-135] - Password reset
• [SYNCOPE-140] - Dynamic role and group memberships
• [SYNCOPE-143] - GUI Installer
• [SYNCOPE-158] - CLI admin tool
• [SYNCOPE-558] - Ability to configure which user, role and membership attributes to display, and in which order
• [SYNCOPE-623] - Provisioning manager integration
• [SYNCOPE-650] - Handling errors for external resource operations
• [SYNCOPE-652] - Domains
• [SYNCOPE-666] - Any objects
• [SYNCOPE-685] - Custom Account / Password policy specifications
• [SYNCOPE-690] - Must change password at next login
• [SYNCOPE-693] - Use ConnId 1.4 pagination API
• [SYNCOPE-695] - REST endpoints for attribute CRUD
• [SYNCOPE-698] - Pluggable transformation for resource mapping items
• [SYNCOPE-704] - Swagger extension

Task

• [SYNCOPE-494] - Set Java 7 as minimum requirement
• [SYNCOPE-537] - Upgrade to ConnId 1.4.0.0
• [SYNCOPE-573] - Upgrade ConnId connectors to latest versions featuring ConnId 1.4.0.0
• [SYNCOPE-633] - Add support for MariaDB
• [SYNCOPE-635] - Upgrade CSVDir connector bundle dependency version
• [SYNCOPE-642] - Upgrade to ConnId 1.4.1.0
• [SYNCOPE-653] - Upgrade Spring Security to 4.0.0.RELEASE
• [SYNCOPE-657] - Enable build-time Checkstyle checks
• [SYNCOPE-662] - Upgrade to OpenJPA 2.4.0
• [SYNCOPE-697] - Clean up ONE_PHASE / TWO_PHASES

Wish

• [SYNCOPE-535] - Provide Debian packages for Apache Syncope