Gluu Roadmap

See where the Gluu Server is headed to determine which version is right for your project. We support each release for at least 18 months.

CE 3.1.4 Roadmap

Latest stable release

Highlights

  • Inbound identity improvements
  • OpenID Connect Token Bound Authentication 1.0
  • UMA Client improvements, including the ability to restrict access to resources by associated client
  • Improvements to authentication script API
  • Persist client authorizations
  • Add support for Client metadata: software_id, software_version, software_statement
  • LDAP passwords migration from BCRYPT to SSHA
  • Support JWT access tokens
  • Allow configuration of JWT for access token on a per client basis

Install Gluu 3.1.4

Issues

oxAuth

  • #910 Authorization Endpoint does not respect expired access_token
  • #908 Changing "accessTokenLifetime" nside Configuration Doesn't impact Access Token Lifetime
  • #907 OTP doesn't work in centos6
  • #905 Issues with Passport custom script's SAML branch
  • #899 Cache clean service remove active Unathenticated Sessions
  • #898 Remove URL remove rewrite servlet dependecy
  • #897 Blocked account starts countdown again
  • #892 Extra string on OTP login screen
  • #891 Extra string on OTP login screen
  • #889 Introspect endpoint has to return 401 https status code instead of 400 in case of invalid authorization header
  • #887 No info about blocked account
  • #885 Error Message on Login page must appear in one place
  • #881 Implement token expiration logic for password reset
  • #880 Enhance password reset email
  • #879 Weird password reset message
  • #878 Dead link in Super Gluu login
  • #877 No info about blocked account
  • #875 Add better handling for session expired events
  • #874 SuperGluu screen throws error
  • #873 Add backwards compatibility configuration switch
  • #871 Twilio phone error
  • #870 OTP login failure -- 2 error messages
  • #867 Review the ui_locales param (Authentication Request)
  • #866 Unwanted http redirection
  • #864 Customized logo should apply to every public facing pages
  • #863 Update lock account to include expiration
  • #862 Add brute force protection to default password authentication
  • #852 Introspection response must return `scope` instead of `scopes`.
  • #851 Fixing broken server side tests for 3.1.4
  • #850 New FIDO configuration endpoint
  • #846 Combined Super Gluu / SMS authn script
  • #845 Broken server side test marked as successfull
  • #844 UMA Scope Expression evaluator
  • #843 Expiration with session
  • #840 OpenID Connect Token Bound Authentication 1.0
  • #837 Different clients must receive a different sub value also when the sector identifier is the same
  • #836 Certification for the FormPost Response Mode Implementation
  • #834 Remove the sign up link present in the login page for passport
  • #833 Set default values for RPT and PCT expiration
  • #832 JKS expiration should be checked
  • #831 A few issues with OIDC logout flow
  • #829 It is possible to invoke refresh_token flow with access_token (instead of refresh_token)
  • #826 UMA 2 : Fix NPE if required claims_redirect_uri is not passed
  • #824 UMA : Introduce separate ticket lifetime configuration
  • #821 Remove hardcoded code from passport page
  • #820 Stack trace on 'Failed to load session from LDAP'
  • #819 UMA 2 : restrict access to resource by associated client (make it configurable)
  • #817 Add startSession and endSession methods to application_session script
  • #816 Review the prepareForStep method of passport social script
  • #812 Restrict requesting claims individually
  • #807 OTP 2FA / enrollment page + login page
  • #803 "acr_values" contains "null" in introspection endpoint's response
  • #802 NPE during end_session if client is expired and does not exist in LDAP anymore
  • #801 Getting NullPointerException whlie authorizing user
  • #799 If custom script getPageForStep throws error Authenticator shoudl redirect to error page
  • #798 Relax log level when claims gathering script name is blank
  • #797 Implemented migration password script from BCRYPT to SSHA
  • #796 User should be redirect to error page instead of login when an exception occurs during external authentication
  • #791 Dynamic Registration: Minor request - add new info logger
  • #787 Supply more external methods for client operations
  • #778 Update crypto-js to latest version
  • #773 Persist Client Authorizations
  • #769 Restore authentication script parameters from session with right simple java type
  • #764 Create oxAuth JSON property to disable fido u2f endpoints
  • #753 Create Authorization Script to check BCrypt Hash
  • #745 Allow user to select type of cookie used by oxAuth
  • #654 Add support of "old" caching mode 'LDAP'
  • #638 Allow configuration of JWT for access token on a per client basis
  • #562 Made PAT configurable for introspection_endpoint protection

oxTrust

  • #1277 Dropdown for SCIM Attribute shouldn't have "SCIM Attribute"
  • #1276 Enhance icons for multivalued Attributes
  • #1274 Too many popups for already used reset pwd email
  • #1272 Adjust metric changes
  • #1270 Logo inconsistency
  • #1268 Problems with public-facing pages
  • #1265 Change button location in Cache Refresh
  • #1259 oxtrust allows user to delete email and username
  • #1257 Issues when adding several redirect_uri for an OIDC client's entry
  • #1255 Make logo on password reminder page customizable
  • #1252 Captcha on Forgot password
  • #1250 Fix Manage authetication captcha
  • #1248 Make Registration page logo customizable
  • #1246 Pressing Enter in Any Field For Organization Configuration Will Default to SMTP
  • #1242 Change User password from profile page don't take effect
  • #1239 Change Bind Password under "Manage Authentication" not working
  • #1238 It is not possible to set oxIdTokenTokenBindingCnf client property via oxTrust (required for Token Binding)
  • #1235 Unify button color
  • #1234 Password reset UI enhancements
  • #1233 Buggy preview
  • #1231 Unable to change OIDC client secret
  • #1228 User registration not working when captcha is enabled
  • #1227 Change password expiration time
  • #1226 Adjust space Log viewer configuration
  • #1224 Fix mail expiration message
  • #1222 User registration is failing
  • #1218 Update of pre-installed client fail with Oops page
  • #1216 Adjust Cache Refresh fields
  • #1214 User registration has Test too tip field
  • #1213 Disappearing error button
  • #1210 Export Attribute | Add Export button at top
  • #1208 Adding password ( popup ) from CR config - oxTrust crashing
  • #1207 Placeholders not cleared & keys editable
  • #1205 Center string in registration page
  • #1204 Correct strings in Oops page
  • #1203 SCIM Group creation or update returns the same member list provided in input
  • #1200 Password reset mail should inform user about the expiration time
  • #1198 Add QA identifiers
  • #1197 Add new method getBindCredentials method to CR script to allow dynamically change AD password
  • #1195 Users import should support custom attribute too
  • #1191 Unify field/dropdown/radio button design
  • #1190 Disappearing icons in Passport Authentication method
  • #1188 User form misaligned
  • #1186 Fix feature *Change user password**
  • #1180 UMA resource fields moved to the right
  • #1178 Validation of Import People causes error
  • #1174 Extra string on OTP login screen
  • #1173 Empty page in update OIDC client
  • #1172 Not able to add user
  • #1171 Email validation on add user screen
  • #1169 Ubuntu 16 - Oxtrust - no option to add password in "Add User"
  • #1164 Messed up checkboxes in Register Attribute
  • #1163 Unable to add custom attribute in openDJ
  • #1158 align "remove source server" in CR Source Backend server tab
  • #1157 Attribute mapping entries on Cache Refresh becomes empty
  • #1156 Setting OIDC expiration date to 2099 delete the client few minutes after update
  • #1153 Persistent placeholders, no ^ v symbols
  • #1152 Weird password reset message
  • #1151 Enhance password reset email
  • #1150 Unable to add/update same Login Redirect URL or Post Logout URL in Gluu server
  • #1148 Unable to create TR from "Federation" Entity Type
  • #1146 oxTrust Auditing Log Fixes
  • #1145 No info about blocked account
  • #1144 Dead link in Super Gluu login page
  • #1143 custom scripts levels all in zero
  • #1140 Login fails after switching back to auth_ldap_server method
  • #1139 Admin password can be seen when adding person
  • #1138 Email validation on Edit profile page
  • #1137 Register attribute page fields are misaligned
  • #1131 Bugged user search validation
  • #1129 Fix typo
  • #1126 Scopes Not Appearing While Adding New OpenID Client
  • #1122 "Enter your client id here" and "Enter your client secret here" must be placeholders Passport strategies
  • #1120 Cache refresh
  • #1117 Change user password feature not working
  • #1116 Error when editing existing user
  • #1115 Validate user email when adding new new via Admin Ui
  • #1109 Impossible to add new user via admin Ui
  • #1103 Hide Client secret on OpenID Connect page
  • #1099 Gender field should be a dropdown on Profile page, User add/Update Page
  • #1092 Enhance error message
  • #1091 Placeholder instead of Build Number
  • #1090 Email validation in System Configuration
  • #1083 Client secret expires in...?
  • #1082 Weird Client Secret behavior
  • #1081 Clear search fields
  • #1080 Uncaught TypeError
  • #1079 Unify upload interface
  • #1078 Attribute import message
  • #1077 Offer means to create UMA resource and edit associated client
  • #1074 View log tab should show the name of the current log file
  • #1073 Fix misleading oxMemCache-Config title
  • #1072 Move captcha setting to "Manage Authentication" into new tab
  • #1071 Reset password form should has captcha
  • #1070 Update base libs
  • #1068 Typo in Cache Refresh configuration page
  • #1064 Uploading org_logo and org_favicon is throwing error / not uploading
  • #1061 add search to oxtrust attribute page
  • #1060 editing attribute has unacceptable value for "multivalued" by default
  • #1056 Remove Level feature from Cache Refresh config
  • #1053 Fix duplicate source server name:
  • #1051 Validate contact values entered in openID clients form
  • #1048 The button to remove Source Ldap Server under LDAP Manage Authentication don't shows up on every screen.
  • #1043 Manage LDAP Authentication duplicated name
  • #1041 oxTrust Auditing
  • #1040 Pretty Print OpenID Client Config
  • #1037 Remove requiredness for streetAddress in scim
  • #1033 Error message on logout from client side
  • #1032 Non-Fatal Error in oxTrust "SecurityEvaluationException"
  • #1028 Oxtrust allow to update user with duplicate uid when users are created through SCIM
  • #1027 Lists at "Manage Sector Identifiers" pages are skewed
  • #1025 Remove the sign up link present in the login page for passport
  • #1024 Add i18n support to passwordReminder.xhtml
  • #1020 Add clientID and clientSecret rows by default in passport
  • #1018 New redis configuration ssl parameters support
  • #1014 Ability to Disable Gathering Of Metrics
  • #1012 The notification bubble that appears after updating the manage authentication seems a little off
  • #1011 Better Button Locations in OpenID Connect Client Configuration
  • #1009 The person import feature thrown error when the excel file upload has been created via a recent Excel version
  • #1007 All file upload features in Gluu 3.1.3 don't works
  • #1002 Adding organization logo throw an exception
  • #996 Log login initator exception with TRACE level only
  • #975 Password Reset: Reset link should be send only if the provide email exists in LDAP
  • #970 OTP 2FA / enrollment page + login page
  • #966 Validate sector_identifier_uri on Create/Update Client
  • #953 Auto-generate client secret
  • #952 log statements of level lower than INFO not shown after start
  • #949 Relax requiredness for attributes in oxtrust's user form?
  • #941 Replace Apache Velocity with Apache FreeMarker
  • #913 Move texts from xhtml/java into oxtrust_en.properties
  • #907 In Add Person form user is not able to navigate to next input field by pressing the [Tab] button in keyboard
  • #865 Use JSON Logic GUI to display scope expression
  • #808 Remove UMA > "Add Resource" Button
  • #703 Update OpenID Client page to support JWT access tokens
  • #557 Improve Passport.js user experience

Community Edition Setup

  • #484 Build development package for CE
  • #481 low level creation of users with duplicate uids possible
  • #480 Update some scripts
  • #479 Hide LDAP selection typy if there is only one option
  • #477 Fix typo in installation progress
  • #475 Passport not started after 3.1.4 installation
  • #474 running setup.py shows IP address instead of hostname as default option
  • #473 Hide asimba in installation summary
  • #470 Updater should enable http-forwarder
  • #469 Use a real world value for OTP lookAheadWindow
  • #468 Passport Strategies are missing when migration from 3.1.2 to 3.1.3
  • #467 Create index for oxUmaResourcePermission & oxTicket
  • #465 Adjust, add or update all files required for Gluu Casa
  • #464 2.4.4 to 3.1.x migration - custom attribute migration
  • #461 Build package with token binding module for apache2
  • #460 Passport installation should be offline
  • #455 Add scopes to cred-manager client only if they are not already defaulted in CE installation
  • #447 Shibboleth IDP client should have its own OpenID client creds
  • #444 rename uma_client_authz_rpt_policy to scim_access_policy
  • #443 RHEL based gluu-server container now showing any message
  • #440 2.4.x to 3.1.3 upgrade ( OpenDJ --> OpenDJ ): don't export `100-user.ldif` schema
  • #439 OpenLDAP enabled Gluu to OpenDJ-Gluu upgrade: ldap search filter not updating
  • #437 Remove '99-user.ldif' schema related calling
  • #436 3.0.x to 3.1.x upgrade: metadata-provider template broken
  • #427 Asimba should be available in 3.1.4 as deprecated commmonent only
  • #425 Setup should prepare CE to work with dynamic IP correctly
  • #420 Update node passport init.d script
  • #100 Ensure 'hostname' is not 'localhost' by default

SCIM-Client

  • #70 Add test cases for special chars handling
  • #69 Allow searching with startindex values higher than max_count

Gluu Passport

  • #45 HTTP ERROR 404 on /oxauth/postlogin
  • #44 login.errorSessionInvalidMessage after changing passport-saml-config.json
  • #43 Cannot find modules errors when starting passport
  • #41 Support multivalued attributes
  • #40 Build passport-node_modules.tar.gz during passport build
  • #39 Introduce step 2 for passport flow
  • #38 Rework flow and unify custom scripts
  • #37 Bundle passport with openid connect support
  • #35 `Error in parsing JSON in getJSON` in passport log at startup
  • #34 Provide an easier way to upload a strategy logo
  • #32 Make logging level a parameter in config file
  • #31 NPE upon start when no strategies are defined
  • #25 Log enhancement: declare missing resource ( lack of authN server )
  • #18 Passport should POST user data to /oxauth/postlogin
  • #14 Updating certain inbound attributes showing errors in log
  • #12 Re-attempt to get oxAuth metadata and token
  • #11 Passport should return non zero exit code on startup errors

oxCore

oxShibboleth

  • #44 Update Idp to V3.3.3
  • #43 eduPerson schema update

CE 3.1.5 Roadmap

December, 2018

oxTrust

  • #1372 SCIM group patch anomaly when member list ends up empty
  • #1371 Make email's uniqueness enforcement by oxTrust optional
  • #1368 Add Id to improve UI view for QA
  • #1364 Add visibility log for clean up services.
  • #1359 CE3.1.4: Missing Authentication Methods
  • #1356 Set default value for Require Auth Time
  • #1348 The OIDC field named Client's Registration Expires should be clear-able
  • #1347 The password reset message should be neutral
  • #1345 CE 3.1.4: recaptcha doesn't disappear from resetPassword form
  • #1344 Unify user email templates
  • #1340 Add `password` field for Redis cache configuration
  • #1339 'Test LDAP Connection' in Cache Refresh page
  • #1338 Ubuntu14+CE3.1.4: change string in Forgot Password Flow
  • #1334 Ubuntu18+CE3.1.4: Missing Dashboard values
  • #1331 Random dashboard statistics in Gluu Server cluster
  • #1329 Wrong error message when password reset token was expired
  • #1327 `Remember me` checkbox missing from login screens
  • #1323 It's possible to create OIDC scopes with duplicated names in oxTrust
  • #1322 Prevent duplicate scopes
  • #1312 'attribute-filter.xml.vm' template not 100% compatible in 3.1.4
  • #1311 Changing "oxTrust acr" to "default" in "Default Authentication Method" Deletes oxTrustAuthenticationMode Entry
  • #1308 Extra syntax / remove '222' thing
  • #1305 oxTrust Needs To Register A Front Channel Logout URI
  • #1304 Display available ACR options in client UI
  • #1303 Toggle Pairwise Subject type: algorithmic | peristent
  • #1295 OxTrust throws error few seconds after the first login.
  • #1294 Add a dedicated logger for Velocity's logs
  • #1293 Shorten long fields for brevity
  • #1292 Improve OpenID Scope selection UX
  • #1286 Cache Refresh metrics don't work as expected
  • #1285 Properties set via "Configure Relying Party" control don't have effect on TRs based on a federation's TR
  • #1284 Issues with "Client's registration expires" control of OIDC client's properties page
  • #1283 authenticationRecaptchaEnabled property in oxTrust configuration has invalid drop down menu action
  • #1282 Improve error messages when cust scripts have errors
  • #1275 Enhance error messages
  • #1273 "Failed to execute registration script" when hitting a non-existing /restv1 URL
  • #1269 Register page pop-up displayed for another user (the same browser)
  • #1264 Improve some public facing pages to match Gluu design
  • #1262 Suggestion for further re-work of "Add/Update OIDC client" page
  • #1258 Tabs should take users to new fields
  • #1219 Improvement : oxTrust automatically switch to another tab on update action.
  • #1196 Authentication graph improvement
  • #1176 Export Client Config
  • #1149 "uma grant" option not available in oxtrust OIDC client
  • #1112 Change menu item lbael "JSON Configuration" to "Base Configuration"
  • #1093 Improve layout and element design
  • #1034 'Authentication Requests' graph should only include oxAuth authentication
  • #1029 conversation_error, 30 mins of inactivity
  • #356 Default password reset email contents

oxAuth

  • #954 oxauth-client should re-throw connection exception, so client app can handle it
  • #952 Invalidate OP session after consent flow is completed
  • #951 Introspect endpoint should return 200 OK with active=false if invalid token is provided
  • #948 Simplify passport cust scripts where possible
  • #941 Remove useless js dependency on Super Gluu QA Page
  • #939 Change error message and string in twiliosms page
  • #938 A NullPointerException is often throw during logout for some users
  • #936 Add support for multi facet app IDs for FIDO 2 impl
  • #934 Store metric records in separate backed o=metric
  • #933 Remove JCE Requirement From Gluu Server CE
  • #932 `Remember me` checkbox missing from login screen
  • #930 Add support to return RPT as JWT
  • #929 Introspection endpoint must return 200 http status code with active=false if token is not found on AS instead of 400
  • #927 oxAuth Does Not Enforce Registered `post_logout_redirect_uri`
  • #925 oxAuth client should log more self explanatory erorr message if oxAuth is not available
  • #924 Make ClientAuthorizations serializable otherwise redis will fail to save it into cache.
  • #917 Add dynamic scopes and claims to discovery
  • #914 All calls to oxauth fails when httpLoggingEnabled is set to true
  • #913 RP iframe Message Should Not Be Created In The Same Way As OP iframe Message
  • #912 Customized Authentication pages's logo
  • #911 Authorization Endpoint : revisit `access_token` parameter in Authorization Request
  • #906 On authentication session expiration and other errors, oxAuth should redirect user to intended RP
  • #896 Remove loginPage and authorizationPage properties
  • #883 Turn off client expiration by default and remove ability to update expiration via endpoint
  • #876 406 from .well-known/openid-configuration
  • #849 If session_id is not passed in logout request, oxAuth responds as if session termination succeed, while it didn't
  • #830 Client-specific access token expiration
  • #781 Add new endpoints for FIDO 2 / W3C web authentication
  • #704 Add support for Client metadata: software_id, software_version, software_statement
  • #566 Introspection endpoint: Add support for basic authentication
  • #230 Resource Owner Password Credential Grant Interception Script
  • #160 U2F: Add TLS Channel ID Binding

oxShibboleth

  • #46 Implement SSO from SP/IDP/oxAuth

Passport

  • #53 Adjust IDP linking URL for casa social plugin
  • #51 Passport service doesn't perform restart properly / Error: Received unexpected HTTP status code of 503
  • #49 Remove Start.log Requirement From Passport Startup
  • #48 Passport Log Should Read "passport.log" and archive as "passport-$DATE.log"
  • #47 Add logging transport for stdout
  • #46 More Verbose And Explicit Error Message Than "Go back and register!" On Failures
  • #33 Overall logging enhancements
  • #29 IDP-inited flow for inbound identity - write custom script
  • #28 IDP-inited flow for inbound identity - AuthZ request + signed user profile
  • #27 IDP-inited flow for inbound identity - SP to OIDC client
  • #26 IDP-inited flow for inbound identity - Add enpoint to trigger flow
  • #24 Passport-Saml: IDP initiated flow fail

CE Setup

  • #498 Why Do We Change The Hostname Inside The Chroot?
  • #497 OpenDJ init Script Fixes
  • #496 Change display name of casa client registration script
  • #495 Can we remove downloading oracle JCE in the installer?
  • #492 Avoid SCIM hardcoded value for UMA Resource Id
  • #491 Enable jetty threadlimit mod if needed
  • #489 Create Static Inum's
  • #488 Gluu-server should export JAVA_HOME, NODE_HOME and OPENDJ_HOME and modify PATH
  • #486 Clean Up Apache Config
  • #485 Abort setup.py if file descriptor is less than 64k

oxCore

  • #93 Misleading Exception throw in oxCore
  • #91 Improve Custom script error message

GluuFederation/SCIM-Client

  • #71 NoHttpResponseException: failed to respond

CE 4.0 Roadmap

ETA: February, 2019

Highlights

  • APIs for oxTrust
  • Abstracted DB layer, with additional support for Couchbase

Issues

oxAuth

  • #901 Super Gluu created time needs time zone support
  • #884 Don't return refresh token if client doesn't have refresh_token grant
  • #861 Request objects should have iat and expiration
  • #860 Move all integration pages and scripts into sub-project of oxAuth
  • #859 Improve Live Script Debug
  • #853 CAS logout with oxAuth-session script ( application_session )
  • #848 Move client side test requestAuthorizationForOpenIdScopeAndPairwiseId to server side test
  • #847 Bouncycastle throw ClassCastException after upgrade to 1.59
  • #839 Support for spontaneous scopes
  • #825 Group configuration properties to make it more user-friendly
  • #823 Authenitcator should not use "@!" to distingusih use/client credentials.
  • #822 Add a new attribute's type to handle attributes containing JSON data more gracefully in OIDC flows
  • #813 CleanupTimer has to run in own connection pool to not effect oxauth performance
  • #811 Upgrade to Jackson 2.x (from current Jackson 1.x)
  • #810 Add Opentracing support
  • #809 Add support for account switching
  • #804 pre-fix value for access token
  • #800 Userinfo can't be contacted with access_token issued during resource owner creds grant flow if redirect_uri is not specified for the client
  • #795 Allow to set the pairwiseIdType (algorithmic/persistent) on a client basis
  • #789 Add support for id token upon token refresh
  • #784 Add support for Token Revocation
  • #767 Could you add these authorization code request and response sections in a future version of oxauth-rp
  • #756 OAuth Scope Refactoring
  • #751 Update Saml script to allow sign request
  • #750 Add CIBA support to oxAuth
  • #748 UMA RPT Policy evaluator : if no policies it grants access. We have to make it configurable (e.g. deny instead of grant)
  • #742 Update Dynamic Registration Management
  • #734 `uniqueIdentifier` removal in replicated server / clustered Gluu Server
  • #720 Add support for DELETE request to OIDC Dynamic Registration endpoint
  • #719 Allow to update oxDisabled attribute using Dynamic Client Registration endpoint
  • #697 Performance : ˜40% of time is blocked by weld synchronization during high load (>800 threads).
  • #694 Support redis failover in standalone
  • #674 UMA: require client requested scopes to be pre-registered
  • #667 Custom interception authorization script for Connect.
  • #663 Cache UMA Permission Ticket
  • #657 Synchronize CAS logout with OpenID Connect logout
  • #640 Provide automatic deployment to build server in order to see real test results
  • #637 Create reusable login template
  • #602 Update client resets grant-types if it has no value
  • #589 Phone number verification message for Twilio
  • #586 UMA 2 : Add Selenium user emulation for Claims-Gathering test pages (country.xhtml and city.xhml)
  • #566 Introspection endpoint: Add support for basic authentication
  • #548 Add s_hash to id_Token
  • #535 Provide customization of front-channel generated html from /end_session
  • #505 Key History
  • #498 Strip querystring from logout redirect URI comparison
  • #485 Support OpenID Connect Claims Languages
  • #480 acr_values router script.
  • #469 Extend Session Endpoint
  • #460 Performance : go over oxauth threads blocks that appears after 140req/s
  • #447 Federation: Publish metadata_statement_uris
  • #446 Federation: add signed_jwks_uri
  • #445 Federation: add signing_keys_uri
  • #437 Implement better HTTP Header Security
  • #413 Increase size of oxAuth-rp text areas
  • #393 Collect performance stats in oxAuth
  • #373 Add support for response-type=None
  • #353 Change client secret to bcrypt
  • #313 Support Proof of Possession Tokens
  • #308 Support JWT Token Revocation
  • #303 OAuth2 Assertion Grant for SAML assertions and signed JWT's
  • #302 Client Registration: Validation user facing values
  • #296 [Feature Request] Please add RADIUS as GLUU custom authentication script
  • #273 RP-Demo configuration improvement
  • #267 IDP Initiated Authentication Script
  • #233 New iFrame implicit flow
  • #223 Add postLogin method for authentication script
  • #218 Implement U2F attestation certificate validation
  • #208 Provide endpoint with list of enabled custom autentication methods
  • #207 User Review of Persistent Client Scope Authorizations
  • #206 OpenID Connect Line Item Scope Approval
  • #195 remove code duplication
  • #141 Add Support for OAuth2 Device Flow
  • #89 Support for Software Statement Protected Client Registration
  • #87 Work with photo attributes
  • #70 Back-Channel Logout
  • #68 Add metric to store CPU/memory usage
  • #9 oxAuth client should support HTTP proxy

oxTrust

  • #1291 Show All attributes show error page
  • #1290 Impossible to add new TR
  • #1289 Impossible to add New user
  • #1220 Improvement : introduce toolbar for `page-wide` buttons.
  • #1219 Improvement : oxTrust automatically switch to another tab on update action.
  • #1147 Users Should Be Able to Add Custom ClientID On Client Creation
  • #1106 OpenID Client Auto-Generated Password Is Not Cryptographically Strong
  • #1096 User sync (cache refresh) in a containerised environment
  • #1088 SMTP Server Configuration Are Not Saved
  • #998 SCIM2 filter code should build filter graph to allow convert it in any filter type
  • #992 Use automate tests to test API insted of manual testing
  • #935 Server Log API
  • #934 Server Status API
  • #933 OxAuth configuration API
  • #932 OxTrust configuration API
  • #931 Registration API
  • #930 Custom Scripts API
  • #929 Certificates API
  • #928 Attributes API
  • #927 Authentication Method API
  • #926 Organization profile API
  • #925 Personal profile API
  • #924 Users API - People
  • #923 Users API - Groups
  • #922 CAS API
  • #921 UMA API
  • #920 OpenID Connect API
  • #919 SAML - Asimba API
  • #918 SAML - TrustRelationship API
  • #885 SCIM interception script: add handler for GET
  • #843 Use decorator for input elements
  • #820 Verify user's memberOf is synced when group members are changed via SCIM
  • #815 Show Modality accordign to requirement
  • #812 Rename @protected SCIM anddotation to @ScimProtectedApi
  • #803 Protect oxTrust apis by UMA
  • #786 Cover oxTrust API by tests
  • #785 Cover all oxTrust GUI by oxTrust API
  • #784 Prepare working prototype which demonstrates oxTrust API
  • #783 Prepare client/server code to protect oxTrust API endpoints using UMA
  • #769 Try to use JSF2 as mail templates
  • #762 Expose API's for everything
  • #758 Couchbase Support
  • #739 Commit with Comment
  • #697 Gluu Server memory usage (3.1.0)
  • #551 Remove ou=appliances
  • #531 Translate resource bundles
  • #467 Support FileBackedHTTPResource for Shibboleth Config Files
  • #389 Create UI to configure IDP Initiated SAML Authentication
  • #388 Support SCIM Password Management Spec
  • #135 Store user pictures in FS
  • #104 New custom script type to pull data from RDBMS and other sources

Gluu Passport

  • #20 Communication betwen passport and auth script should be protected by token
  • #19 Passport should support dynamic mapping
  • #4 rename repo to oxPassport

Community Edition Setup

  • #462 Support Ubuntu 18.04.1 and deprecate 14.04 support
  • #452 Couchbase should not listen by default on all server IPs
  • #451 Don't prompt to install IDP if admin selected Couchbase as persistence DB
  • #450 Create additional Couchbase backends during install
  • #449 Command to import ldif into Couchbase
  • #448 Improve is couchbase up checking method
  • #431 Authentication scripts' levels need to be updated
  • #426 Merge node and passport script
  • #394 Strange attribute values in admin entry
  • #361 Upgrade: ldap data import too slow
  • #360 In setup script: allow selection of LDAP or Couchbase as the database
  • #351 Add oxMultivaluedAttribute to oxEnrollmentCode attribute
  • #284 Don't index binary tokens
  • #275 Configure firewall on host to open https port after installing CE
  • #254 Generate OP signing keys
  • #241 [Proposal] Staged Setup Process. Fixes #30
  • #219 Add command to generate JWKS
  • #170 Dockerizing Gluu Server
  • #102 Reporting metrics and statistics gathering in CE
  • #11 Add more attributes to admin user entry

oxShibboleth

  • #41 Some SAML flows will fail when several tabs of the same browser window initiate them in a quick succession/simultaneously
  • #35 Create authentication flow to replace RemoteUser flow
  • #30 SAML metadata is not processing properly
  • #25 Don't show stacktrace... ever
  • #24 SLO binding links are breaking IDP metadata
  • #16 /opt/shibboleth-idp/metadata/idp-metadata.xml (No such file or directory)
  • #15 Map AuthnContextClassRef --> acr in OpenID Connect
  • #10 Support ForceAuthn=true
  • #5 Override Logout Functionality

oxCore

  • #87 Merge 3.1.4 into Master
  • #85 Use JSON data types to store in Couchabse entries
  • #84 Move Persistence Factory crfeation code from oxAuth/oxTrust to oxPersistence
  • #83 Add new CacheProvider to store data in LDAp under ou=session
  • #82 Use one Coucbase environment
  • #81 Move Cocubase statistic to application-persistence.log
  • #80 Ldap persistence mechanism should support encryption methods which LDAP server doesn't support
  • #79 Update oxAuth/oxTrust to use oxLdap/oxCouchbase
  • #78 oxCouchbase should use SSL to connect server
  • #77 oxCouchbase should support LDAP CRYPT and SHA authentication mechanism
  • #74 findEntriesVirtualListView throwing exception if search takes longer than certain threshold
  • #67 Move ou=appliances under o=orgInum
  • #60 Update to Weld 3.0.2.Final in all projects
  • #58 Change org.xdi -> org.gluu
  • #57 Support Couchbase
  • #50 Add Jedis SSL support for redis cache communication
  • #44 Enable style checker maven plugin
  • #41 Implement weld extension to add Faces messages based on method outcome
  • #28 Create generic CacheService (without dependencies to ehcache)
  • #10 Specify Different Write / Read LDAP servers in ldap.properties
  • #9 Specify "failover" | "round robin" connection pool strategy in ldap.properties
  • #8 Map LDAP credentials to backend

SCIM-Client

  • #62 Add support for boolean custom attributes
  • #61 Migrate to com.fasterxml jackson serialization library
  • #60 Service metadata endpoints must reject the presence of filter query param
  • #59 Wrong modeling of SearchRequest and its schema
  • #57 Bugs in filter functionality
  • #56 Refactor Bulk Operation service code
  • #54 Move SCIM-related oxtrust.properties inside the "ScimProperties" object
  • #53 cases 10.2/10.3, Delete a user with If-Match etag
  • #52 cases 7.2/7.3, Retrieve a user with If-None-Match etag
  • #51 cases 5.13/5.14, Update a user with If-Match etag header
  • #49 case 6.3, Add a value to a multi-valued attribute with PATCH
  • #48 case 6.2, Update a multi-valued attribute with PATCH
  • #47 case 6.1, Update a simple attribute with PATCH
  • #45 cases 11.1/11.2, Searching with POST /.search
  • #44 cases 4.4/5.4/5.5/5.6, Handling of immutable attribute
  • #43 Groups endpoint allows writing non-existing members
  • #42 Group assignment for users should be done at /Group not through /Users endpoint
  • #41 Adjust /Schemas endpoint impl to pick attributes characteristics automatically
  • #40 cases 8.11/8.12, Retrieve a list of users with attributes query param (POST)
  • #39 Replace deprecated ProxyFactory usage in client code
  • #38 cases 7.4/7.5, Retrieve a user with attributes query param
  • #37 cases 8.3/8.4, Retrieve a list of users with attributes query param
  • #36 cases 5.8/5.9, Update a user with attributes query param
  • #35 cases 4.5/4.6, Create a user with attributes query param
  • #34 Remove hard-coded list of ISO3166 countries
  • #33 Enhance ResourceTypes endpoint
  • #32 Add a logging framework
  • #31 Remove redundant code in authorization check for SCIM service
  • #30 Service does not handle properly the attributes/excludedAttributes parameters
  • #29 Add support for PATCH verb to service
  • #28 In user retrieval JSON response has the type attribute malformed for certain multi-valued attributes
  • #27 Creating and retrieval operations return unexpected attributes
  • #26 Validate locale attribute
  • #25 Validate timezone attribute