Gluu Roadmap

See where the Gluu Server is headed to determine which version is right for your project. We support each release for at least 18 months.

CE 3.1.3 Roadmap

Latest stable release

Highlights

  • Upgraded system components and libraries
  • Easier inbound identity
  • #664 Added support for sending extra parameters during UMA permission ticket requests
  • #687 the RPT introspection endpoint now returns in its response all claims stored in associated persisted claims token (PCT)
  • Gluu 3.1.3 includes updates and new features to its SCIM server, as well as a completely re-written SCIM client. Read the docs
  • #735 The text for oxAuth and oxTrust is now stored in a dedicated file, making it easier to update and manage translations
  • #821 Custom scripts are now checked for syntax and errors in the UI itself rather than waiting several seconds for an exception to appear in the oxauth_scripts log
  • #675 The custom scripts controller has been updated to restore script variables from a session automatically before calling the next script method

Install Gluu 3.1.3

Issues

oxAuth

  • #772 UMA Introspection endpoint throw NPE when access sub claim
  • #770 Fields don't match in userinfo and entrospection endpoints' responses
  • #768 oxAuth showing error when trying to SSO using SAML SP
  • #762 Multi LDAP basic authenticaton script should update authentication metrics
  • #758 FIDO U2F application id should be either IP/DNS
  • #755 Add creation and expiration dates to UMA resource entry
  • #754 Add description and oxdID to client metadata
  • #752 It seems oxAuth doesn't return claims in id_token when "response_type=id_token" is used
  • #749 Enable client to restrict javascript origin
  • #747 RPT introspection : we must keep it compatible with OAuth2 introspection and return seconds in exp
  • #746 add client_id to RPT introspection
  • #743 Add JSON property to enable admin to turn off authz for openid scope
  • #739 Fix the list of scopes in the authorization page
  • #738 Subject controlled scope
  • #735 Allow to customize messages.properties
  • #725 UmaRptIntrospectionService returning expiration time different than umaRptLifetime
  • #706 TOTP/HOTP cust script using lookAheadWindow=1 always
  • #664 Support extra parameters sent during UMA permission ticket request
  • #519 Dynamic scope should contains list of allowed claims

oxTrust

  • #877 Some meta information not retrieved via SCIM if user was not created or updated with the API itself
  • #876 Increase upper limit on max_count for scim json property and adjust descriptive text
  • #874 No certificate upload button available
  • #872 Show Clients using UMA Scope
  • #871 UMA scope Download/Link is 404
  • #870 Make oxTrust Favicon standard Gluu transparent icosahedron
  • #869 Re-login instead of displaying oops Page
  • #868 Avoid execution of sorting if no sortBy param is specified in SCIM searches
  • #866 'Add custom script configuration' drop down box
  • #864 Display Resource creation date and associated RS
  • #861 Overall user experience for adding a person by using the Add person form
  • #860 GUI problems in Manage Authentication
  • #858 Different lists on OIDC-related pages has remove controls' column skewed
  • #857 Add 'server:port' instead of 'server' in Cache Refresh
  • #854 Redirect URI delete icons don't line up
  • #853 'Inbound' button available though 'Asimba' is false
  • #850 AuthorizationProcessingFilter should check to which API client make an call
  • #847 "SAML-> Configure Custom NameId" page uses confusing names for its controls
  • #846 NameId form should update "saml-nameid.xml" too
  • #845 SCIM interceptor script should implement postAddUser/postUpdateUser/postDeleteUser
  • #844 UMA Resource Registration : Scope and Scope expression are mutually exclusive
  • #842 Unable to remove multivalue attribute value in person form
  • #841 Person form should display attribute mandatory correctly
  • #821 Validate custom scripts
  • #818 Multi value Gluu Person attribute delete clears all value
  • #787 oxTrust need to display and log explicit warnings about email non-uniqueness

oxShibboleth

  • #42 generate ZIP file - attribute-map.xml - released attribute strings are not replaced
  • #40 Error in relying-party.xml when "encryptNameIDs" set to "conditional"
  • #39 Delete custom NameID from the GUI
  • #38 Scope should use domain, not hostname
  • #37 Shib configuration is trying to load 'openldap.crt' in 'gluu-openDJ' setup
  • #36 Federated metadata is not loading in metadata-providers.xml

oxcore

  • #68 Sorting in operations facade is operating upon an empty list, not actual result set

gluu-passport

  • #10 Readability of passport log

community-edition-setup

SCIM-Client

  • #68 Scim client - test source resources references UMA1 instead of uma2 discovery

gluu-asimba


CE 3.1.4 Roadmap

18 September, 2018

Highlights

  • New endpoints for FIDO 2 / W3C web authentication
  • Inbound identity improvements
  • OpenID Connect Token Bound Authentication 1.0
  • UMA Client improvements, including the ability to restrict access to resources by associated client
  • Improvements to authentication script API
  • Persist client authorizations
  • Add support for Client metadata: software_id, software_version, software_statement
  • LDAP passwords migration from BCRYPT to SSHA
  • New UI to configure IDP Initiated SAML
  • Support JWT access tokens
  • Allow configuration of JWT for access token on a per client basis

Issues

oxAuth

  • #824 UMA : Introduce separate ticket lifetime configuration
  • #821 Remove hardcoded code from passport page
  • #820 Stack trace on 'Failed to load session from LDAP'
  • #819 UMA 2 : restrict access to resource by associated client (make it configurable)
  • #817 startSession and endSession to manage application_session
  • #816 Review the prepareForStep method of passport social script
  • #812 Restrict requesting claims individually
  • #807 OTP 2FA / enrollment page + login page
  • #804 pre-fix value for access token
  • #803 "acr_values" contains "null" in introspection endpoint's response
  • #802 NPE during end_session if client is expired and does not exist in LDAP anymore
  • #801 Getting NullPointerException whlie authorizing user
  • #800 Userinfo can't be contacted with access_token issued during resource owner creds grant flow if redirect_uri is not specified for the client
  • #799 If custom script getPageForStep throws error Authenticator shoudl redirect to error page
  • #798 Relax log level when claims gathering script name is blank
  • #797 Implemented migration password script from BCRYPT to SSHA
  • #796 User should be redirect to error page instead of login when an exception occurs during external authentication
  • #791 Dynamic Registration: Minor request - add new info logger
  • #789 Add support for id token upon token refresh
  • #764 Create oxAuth JSON property to disable fido u2f endpoints
  • #753 Create Authorization Script to check BCrypt Hash
  • #750 Add CIBA support to oxAuth
  • #704 Add support for Client metadata: software_id, software_version, software_statement
  • #638 Allow configuration of JWT for access token on a per client basis
  • #230 Resource Owner Password Credential Grant Interception Script

oxTrust

  • #1014 Ability to Disable Gathering Of Metrics
  • #1012 The notification bubble that appears after updating the manage authentication seems a little off
  • #1011 Better Button Locations in OpenID Connect Client Configuration
  • #1009 The person import feature thrown error when the excel file upload has been created via a recent Excel version
  • #1007 All file upload features in Gluu 3.1.3 don't works
  • #1002 Adding organization logo throw an exception
  • #996 Log login initator exception with TRACE level only
  • #953 Auto-generate client secret
  • #952 log statements of level lower than INFO not shown after start
  • #843 Use decorator for input elements
  • #769 Try to use JSF2 as mail templates
  • #768 Replace Richfaces with JSF2 and other JSF frameworks
  • #703 Update OpenID Client page to support JWT access tokens
  • #557 Improve Passport.js user experience
  • #531 Translate resource bundles

oxShibboleth

  • #44 Update Idp to V3.3.3
  • #43 eduPerson schema update
  • #41 Some SAML flows will fail when several tabs of the same browser window initiate them in a quick succession/simultaneously

oxcore

  • #60 Update to Weld 3.0.2.Final in all projects

gluu-passport

  • #37 Bundle passport with openid connect support
  • #35 `Error in parsing JSON in getJSON` in passport log at startup
  • #33 Overall logging enhancements
  • #32 Make logging level a parameter in config file
  • #31 NPE upon start when no strategies are defined
  • #29 IDP-inited flow for inbound identity - write custom script
  • #28 IDP-inited flow for inbound identity - AuthZ request + signed user profile
  • #27 IDP-inited flow for inbound identity - SP to OIDC client
  • #26 IDP-inited flow for inbound identity - Add enpoint to trigger flow
  • #24 Passport-Saml: IDP initiated flow fail
  • #20 Communication betwen passport and auth script should be protected by token
  • #19 Passport should support dynamic mapping
  • #18 Passport should POST user data to /oxauth/postlogin
  • #14 Updating certain inbound attributes showing errors in log
  • #12 Re-attempt to get oxAuth metadata and token
  • #11 Passport should return non zero exit code on startup errors

community-edition-setup

  • #440 2.4.x to 3.1.3 upgrade ( OpenDJ --> OpenDJ ): don't export `100-user.ldif` schema
  • #439 OpenLDAP enabled Gluu to OpenDJ-Gluu upgrade: ldap search filter not updating
  • #437 Remove '99-user.ldif' schema related calling
  • #436 3.0.x to 3.1.x upgrade: metadata-provider template broken
  • #431 Authentication scripts' levels need to be updated
  • #427 Asimba should be available in 3.1.4 as deprecated commmonent only
  • #426 Merge node and passport script
  • #425 Setup should prepare CE to work with dynamic IP correctly
  • #420 Update node passport init.d script
  • #100 Ensure 'hostname' is not 'localhost' by default

SCIM-Client

  • #70 Add test cases for special chars handling
  • #69 Search results count isn't accurate when startindex > 1

CE 4.0 Roadmap

15 January, 2019

Highlights

  • APIs for oxTrust
  • #57 Support Couchbase DB as an option for persistence

Issues

oxAuth

  • #767 Could you add these authorization code request and response sections in a future version of oxauth-rp
  • #756 OAuth Scope Refactoring
  • #751 Update Saml script to allow sign request
  • #748 UMA RPT Policy evaluator : if no policies it grants access. We have to make it configurable (e.g. deny instead of grant)
  • #745 Allow user to select type of cookie used by oxAuth
  • #742 Update Dynamic Registration Management
  • #734 `uniqueIdentifier` removal in replicated server / clustered Gluu Server
  • #697 Performance : 40% of time is blocked by weld synchronization during high load (>800 threads).
  • #694 Support redis failover in standalone
  • #674 UMA: require client requested scopes to be pre-registered
  • #667 Custom interception authorization script for Connect.
  • #663 Cache UMA Permission Ticket
  • #657 Synchronize CAS logout with OpenID Connect logout
  • #602 Update client resets grant-types if it has no value
  • #589 Phone number verification message for Twilio
  • #586 UMA 2 : Add Selenium user emulation for Claims-Gathering test pages (country.xhtml and city.xhml)
  • #566 Introspection endpoint: Add support for basic authentication
  • #562 Made PAT configurable for introspection_endpoint protection
  • #548 Add s_hash to id_Token
  • #535 Provide customization of front-channel generated html from /end_session
  • #505 Key History
  • #498 Strip querystring from logout redirect URI comparison
  • #485 Support OpenID Connect Claims Languages
  • #480 acr_values router script.
  • #469 Extend Session Endpoint
  • #460 Performance : go over oxauth threads blocks that appears after 140req/s
  • #447 Federation: Publish metadata_statement_uris
  • #446 Federation: add signed_jwks_uri
  • #445 Federation: add signing_keys_uri
  • #437 Implement better HTTP Header Security
  • #413 Increase size of oxAuth-rp text areas
  • #393 Collect performance stats in oxAuth
  • #373 Add support for response-type=None
  • #353 Change client secret to bcrypt
  • #313 Support Proof of Possession Tokens
  • #308 Support JWT Token Revocation
  • #303 OAuth2 Assertion Grant for SAML assertions and signed JWT's
  • #302 Client Registration: Validation user facing values
  • #296 [Feature Request] Please add RADIUS as GLUU custom authentication script
  • #273 RP-Demo configuration improvement
  • #267 IDP Initiated Authentication Script
  • #233 New iFrame implicit flow
  • #230 Resource Owner Password Credential Grant Interception Script
  • #223 Add postLogin method for authentication script
  • #218 Implement U2F attestation certificate validation
  • #208 Provide endpoint with list of enabled custom autentication methods
  • #207 User Review of Persistent Client Scope Authorizations
  • #206 OpenID Connect Line Item Scope Approval
  • #195 remove code duplication
  • #160 U2F: Add TLS Channel ID Binding
  • #141 Add Support for OAuth2 Device Flow
  • #89 Support for Software Statement Protected Client Registration
  • #87 Work with photo attributes
  • #70 Back-Channel Logout
  • #68 Add metric to store CPU/memory usage
  • #9 oxAuth client should support HTTP proxy

oxTrust

  • #935 Server Log API
  • #934 Server Status API
  • #933 OxAuth configuration API
  • #932 OxTrust configuration API
  • #931 Registration API
  • #930 Custom Scripts API
  • #929 Certificates API
  • #928 Attributes API
  • #927 Authentication Method API
  • #926 Organization profile API
  • #925 Personal profile API
  • #924 Users API - People
  • #923 Users API - Groups
  • #922 CAS API
  • #921 UMA API
  • #920 OpenID Connect API
  • #919 SAML - Asimba API
  • #918 SAML - TrustRelationship API
  • #820 Verify user's memberOf is synced when group members are changed via SCIM
  • #786 Cover oxTrust API by tests
  • #785 Cover all oxTrust GUI by oxTrust API
  • #784 Prepare working prototype which demonstrates oxTrust API
  • #783 Prepare client/server code to protect oxTrust API endpoints using UMA
  • #697 Gluu Server memory usage (3.1.0)
  • #557 Improve Passport.js user experience
  • #551 Remove ou=appliances
  • #135 Store user pictures in FS
  • #104 New custom script type to pull data from RDBMS and other sources

oxShibboleth

  • #35 Create authentication flow to replace RemoteUser flow
  • #30 SAML metadata is not processing properly
  • #25 Don't show stacktrace... ever
  • #24 SLO binding links are breaking IDP metadata
  • #16 /opt/shibboleth-idp/metadata/idp-metadata.xml (No such file or directory)
  • #15 Map AuthnContextClassRef --> acr in OpenID Connect
  • #10 Support ForceAuthn=true
  • #5 Override Logout Functionality

oxcore

  • #67 Move ou=appliances under o=orgInum
  • #60 Update to Weld 3.0.2.Final in all projects
  • #58 Change org.xdi -> org.gluu
  • #57 Support Couchbase
  • #44 Enable style checker maven plugin
  • #41 Implement weld extension to add Faces messages based on method outcome
  • #28 Create generic CacheService (without dependencies to ehcache)
  • #10 Specify Different Write / Read LDAP servers in ldap.properties
  • #9 Specify "failover" | "round robin" connection pool strategy in ldap.properties
  • #8 Map LDAP credentials to backend

gluu-passport

  • #4 rename repo to oxPassport

community-edition-setup

  • #351 Add oxMultivaluedAttribute to oxEnrollmentCode attribute
  • #284 Don't index binary tokens
  • #219 Add command to generate JWKS
  • #170 Dockerizing Gluu Server
  • #102 Reporting metrics and statistics gathering in CE
  • #100 Ensure 'hostname' is not 'localhost' by default
  • #11 Add more attributes to admin user entry

SCIM-Client

  • #62 Add support for boolean custom attributes
  • #61 Migrate to com.fasterxml jackson serialization library
  • #60 Service metadata endpoints must reject the presence of filter query param
  • #59 Wrong modeling of SearchRequest and its schema
  • #57 Bugs in filter functionality
  • #56 Refactor Bulk Operation service code
  • #54 Move SCIM-related oxtrust.properties inside the "ScimProperties" object
  • #53 cases 10.2/10.3, Delete a user with If-Match etag
  • #52 cases 7.2/7.3, Retrieve a user with If-None-Match etag
  • #51 cases 5.13/5.14, Update a user with If-Match etag header
  • #49 case 6.3, Add a value to a multi-valued attribute with PATCH
  • #48 case 6.2, Update a multi-valued attribute with PATCH
  • #47 case 6.1, Update a simple attribute with PATCH
  • #45 cases 11.1/11.2, Searching with POST /.search
  • #44 cases 4.4/5.4/5.5/5.6, Handling of immutable attribute
  • #43 Groups endpoint allows writing non-existing members
  • #42 Group assignment for users should be done at /Group not through /Users endpoint
  • #41 Adjust /Schemas endpoint impl to pick attributes characteristics automatically
  • #40 cases 8.11/8.12, Retrieve a list of users with attributes query param (POST)
  • #39 Replace deprecated ProxyFactory usage in client code
  • #38 cases 7.4/7.5, Retrieve a user with attributes query param
  • #37 cases 8.3/8.4, Retrieve a list of users with attributes query param
  • #36 cases 5.8/5.9, Update a user with attributes query param
  • #35 cases 4.5/4.6, Create a user with attributes query param
  • #34 Remove hard-coded list of ISO3166 countries
  • #33 Enhance ResourceTypes endpoint
  • #32 Add a logging framework
  • #31 Remove redundant code in authorization check for SCIM service
  • #30 Service does not handle properly the attributes/excludedAttributes parameters
  • #29 Add support for PATCH verb to service
  • #28 In user retrieval JSON response has the type attribute malformed for certain multi-valued attributes
  • #27 Creating and retrieval operations return unexpected attributes
  • #26 Validate locale attribute
  • #25 Validate timezone attribute

gluu-asimba

  • #39 Potentially unintended Asimba's behavour
  • #33 Create 'saml.pem' inside /etc/certs/
  • #32 Check SAML protocol logout behaviour
  • #27 Update opensaml dependency to latest version