2.0.7 (December 22nd, 2017)

Apache Syncope 2.0.7 Jazz is a maintenance release.

Upgrading from 2.0.6? There are some notes about this process.

New and noteworthy

SCIM 2.0

The SCIM extension is now available, allowing to provision users and groups through the new /scim REST endpoint according to the SCIM (System for Cross-domain Identity Management) 2.0 specifications.

Issues

Bug

Improvement

New Feature

2.0.6 (October 9th, 2017)

Apache Syncope 2.0.6 Jazz is a maintenance release.

Upgrading from 2.0.5? There are some notes about this process.

Issues

Bug

Improvement

Task

2.0.5 (September 6th, 2017)

One year after 2.0.0, here it comes Apache Syncope 2.0.5 Jazz bringing fixes, new features and improvements.

Upgrading from 2.0.4? There are some notes about this process.

New and noteworthy

SAML 2.0 Service Provider improvements

The SAML 2.0 Service Provider extension - e.g. the ability to SSO into Admin Console, Enduser UI and any other Java EE application properly enabled - was provided with several enhancements:

  1. allow to define complete mapping between Syncope Schema and SAML 2.0 attributes
  2. allow to specify custom IdP Actions - which can be used, among other things, for flexible Role assignment based on SAML 2.0 statements
  3. consent to on-the-fly creation of unmatched SAML 2.0 users, allowing users not pre-existing in a given Apache Syncope deployment to be created in case of SAML 2.0 SSO
  4. strict validation of SAML 2.0 payloads
  5. signature of the generated Service Provider Metadata
  6. support for IdP-initiated SSO

Realm provision enhancements

Introduced in earlier versions, Realm provisioning is now feature-equivalent to Users, Groups and Any Objects provisioning, with complete mapping, resource exploration and more.

Audit Appenders

It is now possible to configure Audit Appenders, which allow to route audit messages, with optional transformation (rewrite), to files, queues, sockets, syslog, etc.

Delegated Administration for Connectors and External Resources

Connectors now requires to specify a Realm, which is then used to evaluate the entitlements owned by administrators when performing management operations on Connectors and their External Resources.

Moreover, changes in Connectors and External Resources configuration are now tracked by default and allow to revert unwanted / breaking changes at hand.

Portions of this software are developed by the support of iWelcome, European Identity & Access Management as-a-Service (IDaaS) provider.

Issues

Bug

Improvement

New Feature

Task

Wish

2.0.4 (July 3rd, 2017)

The brand new Apache Syncope 2.0.4 Jazz keeps bringing fixes, new features and improvements.

Upgrading from 2.0.3? There are some notes about this process.

New and noteworthy

Netbeans Plugin

Besides the consolidated Eclipse IDE Plugin, a new plugin is now available for Apache Netbeans, with similar features.

Elasticsearch-based Search Engine

Especially suitable for large deployments, a new search engine relying on an external Elasticsearch cluster is provided, dramatically improving the overall search performance when the number of managed entities (Users, Groups and Any Objects) raises above tens of thousands.

Dynamic Realms

In addition to static containment provided by Realms, Dynamic Realms can be used to identify Users, Groups and Any Objects according to some attributes' value, resource assignment, group membership or any other condition available, with purpose of granting delegated administration rights.

Flexible Quartz configuration in clusters

The Quartz scheduler is largely used within Syncope Core to schedule the execution of jobs, including pull, push, notification and custom tasks, and reportlets.

By default, Quartz is configured for clustering, where all cluster nodes are equally selectable for processing jobs. Individual cluster nodes can now be disabled for jobs processing.

JWT and security improvements

SSO header change for RESTful services

In Apache Syncope 2.0.3, SSO support was added (SYNCOPE-1035 - JWT-based access to REST services CLOSED) for RESTful services by sending a JWT Token using the X-Syncope-Token header, e.g.:

curl -H "X-Syncope-Token: eyJ0e..." http://localhost:8080/syncope/rest/users/self

From Syncope 2.0.4 onwards (SYNCOPE-1120 - Use the standard Bearer Authorization header for JWT tokens CLOSED), this header value is no longer supported. Instead, you must use the standard Authorization Bearer header, e.g.:

curl -H "Authorization: Bearer eyJ0e..." http://localhost:8080/syncope/rest/users/self

Third Party JWT SSO integration

Besides validating and accepting the JSON Web Tokens generated during the authentication process as sketched above, Apache Syncope can be enabled to cope with tokens generated by third parties.

JWS signing key reference

In Apache Syncope 2.0.3, the default signing JWS key was referenced in securityContext.xml as follows:

"${jwsKey}.bytes"

However, this was incorrect and results in the key value with ".bytes" appended to it. In Syncope 2.0.4, the following value should be used instead

"#{jwsKey.getBytes()}"

Default key and password checking

In Apache Syncope 2.0.4, a warning is logged if the default JWS key is used to either create / update an access token, or is used to invoke on a RESTful service. A similar warning is logged if the default anonymous key is used to invoke on a RESTful service. A warning is also logged if the default admin password or anonymous key are detected.

If you see these warnings in the logs then it is critical to change the default values.

More information about the internal authorization process is now available in the Reference Guide.

HikariCP for JDBC connection pool

The internal storage connection pool is now based by default on the high-performance HikariCP.

Improved UX in Admin Console

Up to Syncope 2.0.3, the general interaction paradigm for data tables in Admin Console used to be based on showing several icons for each row, following the various actions available for the given entity:

With the increasing number of potential actions, this mechanism proved to be poor: now, instead, a contextual menu will appear after clicking on any row, reporting all the available actions for the selected entity. 

Issues

Sub-task

Bug

Improvement

New Feature

Task

2.0.3 (April 15th, 2017)

Despite being a minor release, and besides the high number of fixes provided, Apache Syncope 2.0.3 Jazz brings several new features and improvements.

Upgrading from 2.0.2? There are some notes about this process.

New and noteworthy

SAML 2.0 Service Provider features

SYNCOPE-1041 provides an extension enabling Apache Syncope to act as as SAML 2.0 Service Provider.

Once an Apache Syncope deployment - enabled with this extension - is properly configured, and the Syncope Core application is running, the Syncope Admin UI and the Syncope Enduser UI can be enabled to allow SAML-based SSO. The global result is that Admin UI and / or Enduser UI can be accessed after user authentication against (one of configured) SAML 2.0 Identity Provider(s).

Portions of this software are developed by the support of the University of Helsinki, the largest university in Finland with 35,000 degree students and some 8,000 employees.

Enduser UI: form customization

After SYNCOPE-1009, the Enduser UI now features a JSON-based high-level form customization mechanism which further enhances its adaptation capabilities.

Via this enhancement, it is possible to dynamically configure the user form to:

Flowable user workflow adapter

SYNCOPE-1055 adds native support for the Flowable Java BPM Engine, besides the one based on Activiti.

Extended support for workflow sub-process management

SYNCOPE-1020 enhances the support for managing BPMN sub-processes, which can now be explicitly defined, managed via Activiti Modeler (if available) and invoked from the main process through the call-activity construct.

Authentication / Authorization improvements

Up to Apache Syncope 2.0.2, each REST invocation required - at least in the default configuration - to inject the invoker credentials via the Authorization HTTP header.
After SYNCOPE-1035, the process is more structured and requires an initial authentication step which returns an unique JSON Web Token, which can be used for further invocations. This renewed mechanism is the basis for easier inclusion of various authentication mechanisms, including SAML 2.0 - as provided by SYNCOPE-1041 - OAuth 2.0 and OpenID Connect.

Moreover, with SYNCOPE-1015 it is now possible to configure which user attribute(s) can be passed as login name for authentication, besides username (default).

Issues

Bug

Improvement

New Feature

2.0.2 (January 27th, 2017)

The second maintenance release for Syncope 2.0 Jazz addressing some bugs and providing improvements, both on the Admin Console and Enduser application.

Most noticeable changes:

Upgrading from 2.0.1? There are some notes about this process.

Sub-task

Bug

Improvement

New Feature

Task

2.0.1 (October 21st, 2016)

The first maintenance release for Syncope 2.0 Jazz addressing some bugs and providing improvements, especially on the Enduser application.

Upgrading from 2.0.0? There are some notes about this process.

Bug

Improvement

2.0.0 (September 9th, 2016)

The first stable version of Syncope 2.0 Jazz is finally available, finalizing almost 2 years of community effort.

What's new

  1. Identity Recertification
  2. Migration guide from Apache Syncope 1.2

Bug

Improvement

New Feature

2.0.0.M5 (September 2nd, 2016)

The last milestone release from the new major series Syncope 2.0 Jazz is now available, bearing a relevant number of fixes and improvements over 2.0.0-M4.

What's new

Eclipse IDE Plugin

The Eclipse IDE plugin allows remote management of notification e-mail and report templates, and constitutes an example of a Java application relying on the Client Library for interacting with the Core via REST.

The plugin was developed as part of Google Summer of Code 2016.

Documentation

Possibly the major, long-lasting, most claimed missing feature of open source projects in general, and Apache Syncope in particular.

The brand new Getting Started guide and Reference Guide are now complete and available.

Migrating from older releases

The supporting tools are available and the procedure is now outlined and ready to be embedded into the Reference Guide.

Sub-task

Bug

Improvement

Wish

2.0.0-M4 (June 24th, 2016)

The forth milestone release from the new major series Syncope 2.0 Jazz is now available, bearing a relevant number of fixes and improvements over 2.0.0-M3.

Bug

Improvement

New Feature

2.0.0-M3 (June 3rd, 2016)

The third milestone release from the new major series Syncope 2.0 Jazz is now available, bearing a relevant number of fixes and improvements over 2.0.0-M2.

What's new

New Admin Console

Apache Syncope admin UI has been shining for the past five years, emerging as a beautiful gem from the old-fashioned and morose traditional IdM tools. But time flies, several competitors projects have built their own interfaces in the meanwhile, and it was about time to renew Apache Syncope primacy in this respect.

The admin UI is also available in Russian - besides English, Italian and Brazilian Portuguese.

This application is now feature-complete and ready to amaze with its complete, rich and dynamic UI.

Work In Progress: Documentation

Possibly the major, long-lasting, most claimed missing feature of open source projects in general, and Apache Syncope in particular.

The Apache Syncope team is currently producing a Getting Started guide (almost complete) and a Reference Guide with purpose of eliminating this Achilles' heel.

Migrating from older releases

The supporting tools are available and the procedure is now outlined and ready to be embedded into the Reference Guide.

Sub-task

Bug

Improvement

New Feature

Task

2.0.0-M2 (March 21st, 2016)

3 months, 256 commits and 1.536 files changed after 2.0.0-M1, here is the second release from the new major series Syncope 2.0 Jazz.

What's new

End-user

As system integrators know, each single customer running an IdM solution requires to customize the end-user web interface (addressing self-registration, self-management and password reset) as much as possible, to match organization's needs, processes and look & feel.

Such brand new application is now complete, which allows extreme customization for each deployment.

Work In Progress: New Admin Console

Apache Syncope admin UI has been shining for the past five years, emerging as a beautiful gem from the old-fashioned and morose traditional IdM tools. But time flies, several competitors projects have built their own interfaces in the meanwhile, and it was about time to renew Apache Syncope primacy in this respect.

This new release, besides several improvements, brings a full-working dashboard, providing overview and control of several core aspects of the system.

Work In Progress: Documentation

Possibly the major, long-lasting, most claimed missing feature of open source projects in general, and Apache Syncope in particular.

The Apache Syncope team is currently producing a Getting Started guide (almost complete) and a Reference Guide with purpose of eliminating this Achilles' heel.

Migrating from older releases

This is work-in-progress, tracked as SYNCOPE-753.

Sub-task

Bug

Improvement

New Feature

Task

2.0.0-M1 (December 23rd, 2015)

More than one year, about 1000 commits and 200 issues resolved after Syncope 1.2 Intermezzo, here it comes the first release from the new major series Syncope 2.0 Jazz.

What's new

Any Objects

Traditional Identity Management and Provisioning used to care only about users and groups (or roles, depending on the terminology); with Syncope 2.0 instead, new object types can be defined so that any objects data can be managed: workstations, printers, folders, sensors, services, and so on. This positions Apache Syncope at the forefront for bringing Identity Management in the IoT world.

New Authorization Model

Permissions to operate in delegated administration are now granted on the basis of widespread concepts of realms and entitlements.
This also allows maintaining a hierarchical structure where to manage users, groups and any objects.

Multi-tenancy

A single Apache Syncope instance can now be shared by different tenants (domains), while keeping every domain's data in separate DBMS instances.
This simplifies handling of as-a-service scenarios for Apache Syncope.

CLI

DevOps and SysAdmins love it, it definitely represents one of the pillars of IT automation: Apache Syncope finally gains a full-fledged command-line administration tool.

Work In Progress: New Admin Console

Apache Syncope admin UI has been shining for the past five years, emerging as a beautiful gem from the old-fashioned and morose traditional IdM tools. But time flies, several competitors projects have built their own interfaces in the meanwhile, and it was about time to renew Apache Syncope primacy in this respect.

While still in progress, a completely new admin console is being built, with several features already ready for use.

Work In Progress: End-user

As system integrators know, each single customer running an IdM solution requires to customize the end-user web interface (addressing self-registration, self-management and password reset) as much as possible, to match organization's needs, processes and look & feel.

A brand new application is under development, while already being usable, which allows extreme customization for each deployment.

Work In Progress: Documentation

Possibly the major, long-lasting, most claimed missing feature of open source projects in general, and Apache Syncope in particular.

The Apache Syncope team is currently producing a Getting Started guide (almost complete) and a Reference Guide with purpose of eliminating this Achilles' heel.

...and much much more

  1. Several REST enhancements and increased compliance with standards and best-practices
  2. Swagger UI integration
  3. Code Refactoring
    Every single line of code has been ported from Syncope 1.2 to 2.0 taking into account all sorts of enhancements and optimizations; moreover, the whole code organization was reviewed in order to increase the overall quality and allow easier manageability and extendability.

Migrating from older releases

This is work-in-progress, tracked as SYNCOPE-753.

Sub-task

Bug

Improvement

New Feature

Task

Wish

Bug

Improvement

Task