Get the book about IAM today!

Learn how to use open source software to deploy an enterprise-grade identity system.

Get the book about IAM today!
20% OFF
with code: PERIMETER2019

Gluu Server Roadmap

See where the Gluu Server is headed to determine which version is right for your project. We support each release for at least 18 months.

CE 3.1.6 Roadmap

Latest stable release

Highlights

  • Support for Gluu Casa.
  • SAML Single Logout improvements
  • SAML Force Authentication
  • Better handling of cache

Install Gluu 3.1.6

Issues

GluuFederation/oxTrust

  • #1491 Wrong free memory status in Ubuntu 18
  • #1486 Problem to add users at the first time of login
  • #1485 NPE when removing devices in user's profile
  • #1484 Enhance how 2uf devices are displayed in user's profile
  • #1478 Oops page when deleting user
  • #1476 Exception when oxOTPDevices is set. Prevents users' edition
  • #1474 Issues after two successive logoffs take place
  • #1473 Logout trigger OP unauthneticated session creation
  • #1465 Determine facter version in order to prepare right command option
  • #1456 Force required permissions in jsf pages

GluuFederation/oxAuth

  • #993 Adjust passport cust script and pages to remove unnecessary endpoints
  • #992 Second logout request from another RP returns error
  • #991 Cache Native objects clean up not work properly
  • #990 Protect RP initiated logout flow against top-level browsing context changing from iframe
  • #989 IdTokenFactory has to fetch public key base on JWE algorithm.
  • #988 Don't show error message about missing consent cookie at Authorization flow start
  • #987 Adjust passport script to parameterize whether updates should be applied to user profile or not
  • #986 Consent form not shown when second client start authorization
  • #985 Load Fido2 protected device metadata
  • #984 Update session AuthZ parameters on ACR change
  • #977 Typo in otp_configuration.json
  • #901 Super Gluu created time needs time zone support
  • #589 Phone number verification message for Twilio

GluuFederation/oxcore

  • #107 Log all LDAP operation time to separate log

CE 4.0 Roadmap

ETA: June, 2019

Highlights

  • APIs for oxTrust
  • Abstracted DB layer, with additional support for Couchbase
  • Support for Gluu RADIUS server

Issues

oxAuth

  • #901 Super Gluu created time needs time zone support
  • #884 Don't return refresh token if client doesn't have refresh_token grant
  • #861 Request objects should have iat and expiration
  • #860 Move all integration pages and scripts into sub-project of oxAuth
  • #859 Improve Live Script Debug
  • #853 CAS logout with oxAuth-session script ( application_session )
  • #848 Move client side test requestAuthorizationForOpenIdScopeAndPairwiseId to server side test
  • #847 Bouncycastle throw ClassCastException after upgrade to 1.59
  • #839 Support for spontaneous scopes
  • #825 Group configuration properties to make it more user-friendly
  • #823 Authenitcator should not use "@!" to distingusih use/client credentials.
  • #822 Add a new attribute's type to handle attributes containing JSON data more gracefully in OIDC flows
  • #813 CleanupTimer has to run in own connection pool to not effect oxauth performance
  • #811 Upgrade to Jackson 2.x (from current Jackson 1.x)
  • #810 Add Opentracing support
  • #809 Add support for account switching
  • #804 pre-fix value for access token
  • #800 Userinfo can't be contacted with access_token issued during resource owner creds grant flow if redirect_uri is not specified for the client
  • #795 Allow to set the pairwiseIdType (algorithmic/persistent) on a client basis
  • #789 Add support for id token upon token refresh
  • #784 Add support for Token Revocation
  • #767 Could you add these authorization code request and response sections in a future version of oxauth-rp
  • #756 OAuth Scope Refactoring
  • #751 Update Saml script to allow sign request
  • #750 Add CIBA support to oxAuth
  • #748 UMA RPT Policy evaluator : if no policies it grants access. We have to make it configurable (e.g. deny instead of grant)
  • #742 Update Dynamic Registration Management
  • #734 `uniqueIdentifier` removal in replicated server / clustered Gluu Server
  • #720 Add support for DELETE request to OIDC Dynamic Registration endpoint
  • #719 Allow to update oxDisabled attribute using Dynamic Client Registration endpoint
  • #697 Performance : ˜40% of time is blocked by weld synchronization during high load (>800 threads).
  • #694 Support redis failover in standalone
  • #674 UMA: require client requested scopes to be pre-registered
  • #667 Custom interception authorization script for Connect.
  • #663 Cache UMA Permission Ticket
  • #657 Synchronize CAS logout with OpenID Connect logout
  • #640 Provide automatic deployment to build server in order to see real test results
  • #637 Create reusable login template
  • #602 Update client resets grant-types if it has no value
  • #589 Phone number verification message for Twilio
  • #586 UMA 2 : Add Selenium user emulation for Claims-Gathering test pages (country.xhtml and city.xhml)
  • #566 Introspection endpoint: Add support for basic authentication
  • #548 Add s_hash to id_Token
  • #535 Provide customization of front-channel generated html from /end_session
  • #505 Key History
  • #498 Strip querystring from logout redirect URI comparison
  • #485 Support OpenID Connect Claims Languages
  • #480 acr_values router script.
  • #469 Extend Session Endpoint
  • #460 Performance : go over oxauth threads blocks that appears after 140req/s
  • #447 Federation: Publish metadata_statement_uris
  • #446 Federation: add signed_jwks_uri
  • #445 Federation: add signing_keys_uri
  • #437 Implement better HTTP Header Security
  • #413 Increase size of oxAuth-rp text areas
  • #393 Collect performance stats in oxAuth
  • #373 Add support for response-type=None
  • #353 Change client secret to bcrypt
  • #313 Support Proof of Possession Tokens
  • #308 Support JWT Token Revocation
  • #303 OAuth2 Assertion Grant for SAML assertions and signed JWT's
  • #302 Client Registration: Validation user facing values
  • #296 [Feature Request] Please add RADIUS as GLUU custom authentication script
  • #273 RP-Demo configuration improvement
  • #267 IDP Initiated Authentication Script
  • #233 New iFrame implicit flow
  • #223 Add postLogin method for authentication script
  • #218 Implement U2F attestation certificate validation
  • #208 Provide endpoint with list of enabled custom autentication methods
  • #207 User Review of Persistent Client Scope Authorizations
  • #206 OpenID Connect Line Item Scope Approval
  • #195 remove code duplication
  • #141 Add Support for OAuth2 Device Flow
  • #89 Support for Software Statement Protected Client Registration
  • #87 Work with photo attributes
  • #70 Back-Channel Logout
  • #68 Add metric to store CPU/memory usage
  • #9 oxAuth client should support HTTP proxy

oxTrust

  • #1291 Show All attributes show error page
  • #1290 Impossible to add new TR
  • #1289 Impossible to add New user
  • #1220 Improvement : introduce toolbar for `page-wide` buttons.
  • #1219 Improvement : oxTrust automatically switch to another tab on update action.
  • #1147 Users Should Be Able to Add Custom ClientID On Client Creation
  • #1106 OpenID Client Auto-Generated Password Is Not Cryptographically Strong
  • #1096 User sync (cache refresh) in a containerised environment
  • #1088 SMTP Server Configuration Are Not Saved
  • #998 SCIM2 filter code should build filter graph to allow convert it in any filter type
  • #992 Use automate tests to test API insted of manual testing
  • #935 Server Log API
  • #934 Server Status API
  • #933 OxAuth configuration API
  • #932 OxTrust configuration API
  • #931 Registration API
  • #930 Custom Scripts API
  • #929 Certificates API
  • #928 Attributes API
  • #927 Authentication Method API
  • #926 Organization profile API
  • #925 Personal profile API
  • #924 Users API - People
  • #923 Users API - Groups
  • #922 CAS API
  • #921 UMA API
  • #920 OpenID Connect API
  • #919 SAML - Asimba API
  • #918 SAML - TrustRelationship API
  • #885 SCIM interception script: add handler for GET
  • #843 Use decorator for input elements
  • #820 Verify user's memberOf is synced when group members are changed via SCIM
  • #815 Show Modality accordign to requirement
  • #812 Rename @protected SCIM anddotation to @ScimProtectedApi
  • #803 Protect oxTrust apis by UMA
  • #786 Cover oxTrust API by tests
  • #785 Cover all oxTrust GUI by oxTrust API
  • #784 Prepare working prototype which demonstrates oxTrust API
  • #783 Prepare client/server code to protect oxTrust API endpoints using UMA
  • #769 Try to use JSF2 as mail templates
  • #762 Expose API's for everything
  • #758 Couchbase Support
  • #739 Commit with Comment
  • #697 Gluu Server memory usage (3.1.0)
  • #551 Remove ou=appliances
  • #531 Translate resource bundles
  • #467 Support FileBackedHTTPResource for Shibboleth Config Files
  • #389 Create UI to configure IDP Initiated SAML Authentication
  • #388 Support SCIM Password Management Spec
  • #135 Store user pictures in FS
  • #104 New custom script type to pull data from RDBMS and other sources

Gluu Passport

  • #20 Communication betwen passport and auth script should be protected by token
  • #19 Passport should support dynamic mapping
  • #4 rename repo to oxPassport

Community Edition Setup

  • #462 Support Ubuntu 18.04.1 and deprecate 14.04 support
  • #452 Couchbase should not listen by default on all server IPs
  • #451 Don't prompt to install IDP if admin selected Couchbase as persistence DB
  • #450 Create additional Couchbase backends during install
  • #449 Command to import ldif into Couchbase
  • #448 Improve is couchbase up checking method
  • #431 Authentication scripts' levels need to be updated
  • #426 Merge node and passport script
  • #394 Strange attribute values in admin entry
  • #361 Upgrade: ldap data import too slow
  • #360 In setup script: allow selection of LDAP or Couchbase as the database
  • #351 Add oxMultivaluedAttribute to oxEnrollmentCode attribute
  • #284 Don't index binary tokens
  • #275 Configure firewall on host to open https port after installing CE
  • #254 Generate OP signing keys
  • #241 [Proposal] Staged Setup Process. Fixes #30
  • #219 Add command to generate JWKS
  • #170 Dockerizing Gluu Server
  • #102 Reporting metrics and statistics gathering in CE
  • #11 Add more attributes to admin user entry

oxShibboleth

  • #41 Some SAML flows will fail when several tabs of the same browser window initiate them in a quick succession/simultaneously
  • #35 Create authentication flow to replace RemoteUser flow
  • #30 SAML metadata is not processing properly
  • #25 Don't show stacktrace... ever
  • #24 SLO binding links are breaking IDP metadata
  • #16 /opt/shibboleth-idp/metadata/idp-metadata.xml (No such file or directory)
  • #15 Map AuthnContextClassRef --> acr in OpenID Connect
  • #10 Support ForceAuthn=true
  • #5 Override Logout Functionality

oxCore

  • #87 Merge 3.1.4 into Master
  • #85 Use JSON data types to store in Couchabse entries
  • #84 Move Persistence Factory crfeation code from oxAuth/oxTrust to oxPersistence
  • #83 Add new CacheProvider to store data in LDAp under ou=session
  • #82 Use one Coucbase environment
  • #81 Move Cocubase statistic to application-persistence.log
  • #80 Ldap persistence mechanism should support encryption methods which LDAP server doesn't support
  • #79 Update oxAuth/oxTrust to use oxLdap/oxCouchbase
  • #78 oxCouchbase should use SSL to connect server
  • #77 oxCouchbase should support LDAP CRYPT and SHA authentication mechanism
  • #74 findEntriesVirtualListView throwing exception if search takes longer than certain threshold
  • #67 Move ou=appliances under o=orgInum
  • #60 Update to Weld 3.0.2.Final in all projects
  • #58 Change org.xdi -> org.gluu
  • #57 Support Couchbase
  • #50 Add Jedis SSL support for redis cache communication
  • #44 Enable style checker maven plugin
  • #41 Implement weld extension to add Faces messages based on method outcome
  • #28 Create generic CacheService (without dependencies to ehcache)
  • #10 Specify Different Write / Read LDAP servers in ldap.properties
  • #9 Specify "failover" | "round robin" connection pool strategy in ldap.properties
  • #8 Map LDAP credentials to backend

SCIM-Client

  • #62 Add support for boolean custom attributes
  • #61 Migrate to com.fasterxml jackson serialization library
  • #60 Service metadata endpoints must reject the presence of filter query param
  • #59 Wrong modeling of SearchRequest and its schema
  • #57 Bugs in filter functionality
  • #56 Refactor Bulk Operation service code
  • #54 Move SCIM-related oxtrust.properties inside the "ScimProperties" object
  • #53 cases 10.2/10.3, Delete a user with If-Match etag
  • #52 cases 7.2/7.3, Retrieve a user with If-None-Match etag
  • #51 cases 5.13/5.14, Update a user with If-Match etag header
  • #49 case 6.3, Add a value to a multi-valued attribute with PATCH
  • #48 case 6.2, Update a multi-valued attribute with PATCH
  • #47 case 6.1, Update a simple attribute with PATCH
  • #45 cases 11.1/11.2, Searching with POST /.search
  • #44 cases 4.4/5.4/5.5/5.6, Handling of immutable attribute
  • #43 Groups endpoint allows writing non-existing members
  • #42 Group assignment for users should be done at /Group not through /Users endpoint
  • #41 Adjust /Schemas endpoint impl to pick attributes characteristics automatically
  • #40 cases 8.11/8.12, Retrieve a list of users with attributes query param (POST)
  • #39 Replace deprecated ProxyFactory usage in client code
  • #38 cases 7.4/7.5, Retrieve a user with attributes query param
  • #37 cases 8.3/8.4, Retrieve a list of users with attributes query param
  • #36 cases 5.8/5.9, Update a user with attributes query param
  • #35 cases 4.5/4.6, Create a user with attributes query param
  • #34 Remove hard-coded list of ISO3166 countries
  • #33 Enhance ResourceTypes endpoint
  • #32 Add a logging framework
  • #31 Remove redundant code in authorization check for SCIM service
  • #30 Service does not handle properly the attributes/excludedAttributes parameters
  • #29 Add support for PATCH verb to service
  • #28 In user retrieval JSON response has the type attribute malformed for certain multi-valued attributes
  • #27 Creating and retrieval operations return unexpected attributes
  • #26 Validate locale attribute
  • #25 Validate timezone attribute

CE 4.1 Roadmap

ETA: August, 2019

Highlights

  • Support for CIBA
  • Mutual TLS between OAuth client and server
  • Features related to the OpenID Connect FAPI profile
  • More auditing features