Gluu Roadmap

See where the product is headed to determine which version is right for your project. Gluu supports each release for at least 18 months.

CE 3.1.2 Roadmap

Latest stable release

Highlights

  • #658 Make implicit flow configurable and persist all related objects into cache (no ldap at all)
  • #679 Dynamic OpenID Authz script
  • #767 Add new default designs for U2F, OTP and SMS OTP auth pages
  • Inbound SAML SSO via passport.js
  • #686 UMA 2 : Allow access token for authentication at UMA token
    endpoint
  • #604 UMA 2 : support “and”, “or” logical operations for scopes
    (including nested)
  • #13 Add “clear-logs” option to gluu-server init script to clear logs

Install Gluu 3.1.2

Issues

oxAuth

  • #728 Username remember me feature in login page
  • #727 U2F not working on reboot
  • #724 Support JSONObject and List<Object>
  • #707 "subject_type" metadata element is rejected during OIDC Dynamic Registration client update flow
  • #700 Invalid "scopes" field in Dynamic Client Registration request and response
  • #699 Create new JWK for use=enc for Client and Server tests
  • #696 Introspection response `exp` field must return value in seconds
  • #695 Introspection : add `sub` field value to introspection response
  • #681 Allow to use custom script OC
  • #679 Multi-Step OpenID Connect Authorization Script
  • #677 Basic Auth for token endpoint not compliant with OAuth2.0 spec
  • #675 Restore parameters from session automatically
  • #672 OIDC authorization page throws an error
  • #670 Only first value of multi-valued claim is returned in id_token
  • #668 Log denied Dynamic Client Registration Requests at INFO level
  • #662 Improve oxAuth authz checking mechanism
  • #661 Fix Password Expiration authentication script
  • #659 External authN not working in 3.1.1beta2
  • #658 Make implicit flow configurable and persist all related objects into cache (no ldap at all)
  • #653 NPE when requesting authorization with acr param
  • #600 OIDC returning arrays incorrectly
  • #584 Call instance.destroy on manually created object on destory
  • #574 No support for "popup" value of "display" request parameter, while we claim we support it in metadata
  • #479 SuperGluu Script: add link to download app
  • #391 Introspection API Docs: Missing Response
  • #91 Add support for encrypting Request Objects sent to the OP

oxTrust

  • #817 NPE when serializing Fido devices via SCIM service
  • #791 Cannot specify a location path for a custom script
  • #789 Activate/Deactive LDAP server feature of "Manage authentication" page is broken
  • #788 Federated SP EntityID is not inserting properly
  • #780 On profile update applciation should call update person custom script
  • #779 Add post add/update/delete methods to update user script
  • #723 Cache Provider Configuration settings fix
  • #717 Super Gluu Enroll + Subsequent Auths page
  • #633 Images in developer setup are too small
  • #629 Add option to mail configuration to enable implicit trust to host mail server
  • #604 show u2f creds in user page
  • #599 Register page is not working.
  • #536 MAX_COUNT in SCIM Client negative test cases

oxShibboleth

oxcore

  • #59 Use same connection in count method
  • #56 Redis : avoid NPE if key is null

gluu-passport

  • #7 Controls the number of seconds after which Passport refuses authentication
  • #6 Support other SAML params
  • #5 Support SAML response encryption

community-edition-setup

  • #384 Upgrade from 3.0.1 to 3.1.1: oxAuth login failing with identity/error
  • #352 Setup.py needs to re-prompt for ip address upon invalid entry
  • #350 Wrong directory in gluu-server uninstall notification
  • #345 Stopping Gluu Server does not stop memcached in 3.1
  • #134 Cron jobs don't start inside of the container of 2.4.3 CE deb packages
  • #30 Don't allow to run setup.py after installation

SCIM-Client

  • #66 SCIM client stop work after few minutes
  • #63 Gluu3.1.2 QA - User status not ACTIVE when created using SCIM Client
  • #55 Deserialization of custom attributes not taking place in client-side

gluu-asimba

  • #44 An Asimba setting which controls the number of seconds after which Asimba refuses authentication based on AuthInstant
  • #43 Asimba Script's reaction for AuthnFailed message from Asimba

 


CE 3.1.3 Roadmap

24 April, 2018

Highlights

  • #687 UMA 2 : RPT introspection endpoint has to return all claims in response that are stored in PCT
  • #664 Support extra parameters sent during UMA permission ticket request

Issues

oxAuth

  • #772 UMA Introspection endpoint throw NPE when access sub claim
  • #770 Fields don't match in userinfo and entrospection endpoints' responses
  • #768 oxAuth showing error when trying to SSO using SAML SP
  • #762 Multi LDAP basic authenticaton script should update authentication metrics
  • #758 FIDO U2F application id should be either IP/DNS
  • #755 Add creation and expiration dates to UMA resource entry
  • #754 Add description and oxdID to client metadata
  • #752 It seems oxAuth doesn't return claims in id_token when "response_type=id_token" is used
  • #749 Enable client to restrict javascript origin
  • #747 RPT introspection : we must keep it compatible with OAuth2 introspection and return seconds in exp
  • #746 add client_id to RPT introspection
  • #743 Add JSON property to enable admin to turn off authz for openid scope
  • #739 Fix the list of scopes in the authorization page
  • #738 Subject controlled scope
  • #735 Allow to customize messages.properties
  • #725 UmaRptIntrospectionService returning expiration time different than umaRptLifetime
  • #706 TOTP/HOTP cust script using lookAheadWindow=1 always
  • #664 Support extra parameters sent during UMA permission ticket request
  • #519 Dynamic scope should contains list of allowed claims

oxTrust

  • #877 Some meta information not retrieved via SCIM if user was not created or updated with the API itself
  • #876 Increase upper limit on max_count for scim json property and adjust descriptive text
  • #874 No certificate upload button available
  • #872 Show Clients using UMA Scope
  • #871 UMA scope Download/Link is 404
  • #870 Make oxTrust Favicon standard Gluu transparent icosahedron
  • #869 Re-login instead of displaying oops Page
  • #868 Avoid execution of sorting if no sortBy param is specified in SCIM searches
  • #866 'Add custom script configuration' drop down box
  • #864 Display Resource creation date and associated RS
  • #861 Overall user experience for adding a person by using the Add person form
  • #860 GUI problems in Manage Authentication
  • #858 Different lists on OIDC-related pages has remove controls' column skewed
  • #857 Add 'server:port' instead of 'server' in Cache Refresh
  • #854 Redirect URI delete icons don't line up
  • #853 'Inbound' button available though 'Asimba' is false
  • #850 AuthorizationProcessingFilter should check to which API client make an call
  • #847 "SAML-> Configure Custom NameId" page uses confusing names for its controls
  • #846 NameId form should update "saml-nameid.xml" too
  • #845 SCIM interceptor script should implement postAddUser/postUpdateUser/postDeleteUser
  • #844 UMA Resource Registration : Scope and Scope expression are mutually exclusive
  • #842 Unable to remove multivalue attribute value in person form
  • #841 Person form should display attribute mandatory correctly
  • #821 Validate custom scripts
  • #818 Multi value Gluu Person attribute delete clears all value
  • #787 oxTrust need to display and log explicit warnings about email non-uniqueness

oxShibboleth

  • #42 generate ZIP file - attribute-map.xml - released attribute strings are not replaced
  • #40 Error in relying-party.xml when "encryptNameIDs" set to "conditional"
  • #39 Delete custom NameID from the GUI
  • #38 Scope should use domain, not hostname
  • #37 Shib configuration is trying to load 'openldap.crt' in 'gluu-openDJ' setup
  • #36 Federated metadata is not loading in metadata-providers.xml

oxcore

  • #68 Sorting in operations facade is operating upon an empty list, not actual result set

gluu-passport

  • #10 Readability of passport log

community-edition-setup

SCIM-Client

  • #68 Scim client - test source resources references UMA1 instead of uma2 discovery

gluu-asimba


CE 3.1.4 Roadmap

17 July, 2018

Issues

oxAuth

  • #773 Persist Client Authorizations
  • #769 Restore authentication script parameters from session with right simple java type
  • #764 Create oxAuth JSON property to disable fido u2f endpoints
  • #763 Allow to provide list of possible claims bound to a specific dynamic scope in corresponding OP's metadata elements
  • #750 Add CIBA support to oxAuth
  • #704 Add support for Client metadata: software_id, software_version, software_statement

oxTrust

  • #941 Replace Apache Velocity with Apache FreeMarker
  • #865 Use JSON Logic GUI to display scope expression
  • #843 Use decorator for input elements
  • #703 Update OpenID Client page to support JWT access tokens
  • #531 Translate resource bundles

oxShibboleth

  • #41 Some SAML flows will fail when several tabs of the same browser window initiate them in a quick succession/simultaneously

oxcore

gluu-passport

community-edition-setup

SCIM-Client

gluu-asimba


CE 3.2.0 Roadmap

19 November, 2018

Issues

oxAuth

  • #767 Could you add these authorization code request and response sections in a future version of oxauth-rp
  • #756 OAuth Scope Refactoring
  • #751 Update Saml script to allow sign request
  • #748 UMA RPT Policy evaluator : if no policies it grants access. We have to make it configurable (e.g. deny instead of grant)
  • #745 Allow user to select type of cookie used by oxAuth
  • #742 Update Dynamic Registration Management
  • #734 `uniqueIdentifier` removal in replicated server / clustered Gluu Server
  • #697 Performance : 40% of time is blocked by weld synchronization during high load (>800 threads).
  • #694 Support redis failover in standalone
  • #674 UMA: require client requested scopes to be pre-registered
  • #667 Custom interception authorization script for Connect.
  • #663 Cache UMA Permission Ticket
  • #657 Synchronize CAS logout with OpenID Connect logout
  • #602 Update client resets grant-types if it has no value
  • #589 Phone number verification message for Twilio
  • #586 UMA 2 : Add Selenium user emulation for Claims-Gathering test pages (country.xhtml and city.xhml)
  • #566 Introspection endpoint: Add support for basic authentication
  • #562 Made PAT configurable for introspection_endpoint protection
  • #548 Add s_hash to id_Token
  • #535 Provide customization of front-channel generated html from /end_session
  • #505 Key History
  • #498 Strip querystring from logout redirect URI comparison
  • #485 Support OpenID Connect Claims Languages
  • #480 acr_values router script.
  • #469 Extend Session Endpoint
  • #460 Performance : go over oxauth threads blocks that appears after 140req/s
  • #447 Federation: Publish metadata_statement_uris
  • #446 Federation: add signed_jwks_uri
  • #445 Federation: add signing_keys_uri
  • #437 Implement better HTTP Header Security
  • #413 Increase size of oxAuth-rp text areas
  • #393 Collect performance stats in oxAuth
  • #373 Add support for response-type=None
  • #353 Change client secret to bcrypt
  • #313 Support Proof of Possession Tokens
  • #308 Support JWT Token Revocation
  • #303 OAuth2 Assertion Grant for SAML assertions and signed JWT's
  • #302 Client Registration: Validation user facing values
  • #296 [Feature Request] Please add RADIUS as GLUU custom authentication script
  • #273 RP-Demo configuration improvement
  • #267 IDP Initiated Authentication Script
  • #233 New iFrame implicit flow
  • #230 Resource Owner Password Credential Grant Interception Script
  • #223 Add postLogin method for authentication script
  • #218 Implement U2F attestation certificate validation
  • #208 Provide endpoint with list of enabled custom autentication methods
  • #207 User Review of Persistent Client Scope Authorizations
  • #206 OpenID Connect Line Item Scope Approval
  • #195 remove code duplication
  • #160 U2F: Add TLS Channel ID Binding
  • #141 Add Support for OAuth2 Device Flow
  • #89 Support for Software Statement Protected Client Registration
  • #87 Work with photo attributes
  • #70 Back-Channel Logout
  • #68 Add metric to store CPU/memory usage
  • #9 oxAuth client should support HTTP proxy

oxTrust

  • #935 Server Log API
  • #934 Server Status API
  • #933 OxAuth configuration API
  • #932 OxTrust configuration API
  • #931 Registration API
  • #930 Custom Scripts API
  • #929 Certificates API
  • #928 Attributes API
  • #927 Authentication Method API
  • #926 Organization profile API
  • #925 Personal profile API
  • #924 Users API - People
  • #923 Users API - Groups
  • #922 CAS API
  • #921 UMA API
  • #920 OpenID Connect API
  • #919 SAML - Asimba API
  • #918 SAML - TrustRelationship API
  • #820 Verify user's memberOf is synced when group members are changed via SCIM
  • #786 Cover oxTrust API by tests
  • #785 Cover all oxTrust GUI by oxTrust API
  • #784 Prepare working prototype which demonstrates oxTrust API
  • #783 Prepare client/server code to protect oxTrust API endpoints using UMA
  • #697 Gluu Server memory usage (3.1.0)
  • #557 Improve Passport.js user experience
  • #551 Remove ou=appliances
  • #135 Store user pictures in FS
  • #104 New custom script type to pull data from RDBMS and other sources

oxShibboleth

  • #35 Create authentication flow to replace RemoteUser flow
  • #30 SAML metadata is not processing properly
  • #25 Don't show stacktrace... ever
  • #24 SLO binding links are breaking IDP metadata
  • #16 /opt/shibboleth-idp/metadata/idp-metadata.xml (No such file or directory)
  • #15 Map AuthnContextClassRef --> acr in OpenID Connect
  • #10 Support ForceAuthn=true
  • #5 Override Logout Functionality

oxcore

  • #67 Move ou=appliances under o=orgInum
  • #60 Update to Weld 3.0.2.Final in all projects
  • #58 Change org.xdi -> org.gluu
  • #57 Support Couchbase
  • #44 Enable style checker maven plugin
  • #41 Implement weld extension to add Faces messages based on method outcome
  • #28 Create generic CacheService (without dependencies to ehcache)
  • #10 Specify Different Write / Read LDAP servers in ldap.properties
  • #9 Specify "failover" | "round robin" connection pool strategy in ldap.properties
  • #8 Map LDAP credentials to backend

gluu-passport

  • #4 rename repo to oxPassport

community-edition-setup

  • #351 Add oxMultivaluedAttribute to oxEnrollmentCode attribute
  • #284 Don't index binary tokens
  • #219 Add command to generate JWKS
  • #170 Dockerizing Gluu Server
  • #102 Reporting metrics and statistics gathering in CE
  • #100 Ensure 'hostname' is not 'localhost' by default
  • #11 Add more attributes to admin user entry

SCIM-Client

  • #62 Add support for boolean custom attributes
  • #61 Migrate to com.fasterxml jackson serialization library
  • #60 Service metadata endpoints must reject the presence of filter query param
  • #59 Wrong modeling of SearchRequest and its schema
  • #57 Bugs in filter functionality
  • #56 Refactor Bulk Operation service code
  • #54 Move SCIM-related oxtrust.properties inside the "ScimProperties" object
  • #53 cases 10.2/10.3, Delete a user with If-Match etag
  • #52 cases 7.2/7.3, Retrieve a user with If-None-Match etag
  • #51 cases 5.13/5.14, Update a user with If-Match etag header
  • #49 case 6.3, Add a value to a multi-valued attribute with PATCH
  • #48 case 6.2, Update a multi-valued attribute with PATCH
  • #47 case 6.1, Update a simple attribute with PATCH
  • #45 cases 11.1/11.2, Searching with POST /.search
  • #44 cases 4.4/5.4/5.5/5.6, Handling of immutable attribute
  • #43 Groups endpoint allows writing non-existing members
  • #42 Group assignment for users should be done at /Group not through /Users endpoint
  • #41 Adjust /Schemas endpoint impl to pick attributes characteristics automatically
  • #40 cases 8.11/8.12, Retrieve a list of users with attributes query param (POST)
  • #39 Replace deprecated ProxyFactory usage in client code
  • #38 cases 7.4/7.5, Retrieve a user with attributes query param
  • #37 cases 8.3/8.4, Retrieve a list of users with attributes query param
  • #36 cases 5.8/5.9, Update a user with attributes query param
  • #35 cases 4.5/4.6, Create a user with attributes query param
  • #34 Remove hard-coded list of ISO3166 countries
  • #33 Enhance ResourceTypes endpoint
  • #32 Add a logging framework
  • #31 Remove redundant code in authorization check for SCIM service
  • #30 Service does not handle properly the attributes/excludedAttributes parameters
  • #29 Add support for PATCH verb to service
  • #28 In user retrieval JSON response has the type attribute malformed for certain multi-valued attributes
  • #27 Creating and retrieval operations return unexpected attributes
  • #26 Validate locale attribute
  • #25 Validate timezone attribute

gluu-asimba

  • #39 Potentially unintended Asimba's behavour
  • #33 Create 'saml.pem' inside /etc/certs/
  • #32 Check SAML protocol logout behaviour
  • #27 Update opensaml dependency to latest version