OSIAM v2.5

« Changelog History

OSIAM v2.5 Release Notes

• 🔄 Changelog

  OSIAM Auth Server 2.5

  🔋 Features

  👉 Use JDBC connection pooling

  0️⃣ By default the pool has a size of 10 and a timeout of 30s to acquire a connection.
  🔧 These settings can be changed with the following configuration properties:

  • org.osiam.auth-server.db.maximum-pool-size

  - org.osiam.auth-server.db.connection-timeout-ms

  👌 Support retrieving list of clients

  👉 Use the resource endpoint /Client with GET.

  🔧 Make number of parallel connections to the auth-server configurable

  🔧 The default is 40 and can be changed with the following configuration property:

  - org.osiam.resource-server.connector.max-connections

  🔧 Make timeouts of connections to auth-server configurable

  0️⃣ By default the read timeout is set to 10000ms and the connect timeout to 5000ms.
  🔧 These settings can be changed with the following configuration properties:

  • org.osiam.resource-server.connector.read-timeout-ms
  • org.osiam.resource-server.connector.connect-timeout-ms

  🔄 Changes

  ➕ Add Flyway migration to replace method-based scopes

  🚚 The migration removes all method-based scopes from the auth-server client and adds the scope ADMIN.

  0️⃣ Increase default timeouts for connections to resource-server

  0️⃣ By default the read timeout is set to 10000ms and the connect timeout to 5000ms.

  0️⃣ Increase default maximum number of parallel connections to resource-server

  0️⃣ The default is 40.

  Switch to Spring Boot

  🔨 Refactor database schema

  Note: Some fields in table osiam_client have been renamed:

  • accesstokenvalidityseconds becomes access_token_validity_seconds
  • refreshtokenvalidityseconds becomes refresh_token_validity_seconds
  • validityinseconds becomes validity_in_seconds

  ⚡️ Update your SQL scripts, if you add OAuth 2 clients via direct database manipulation.
  It's recommended to use the RESTful endpoints under /Client to manage Clients.

  🛠 Fixes

  Make sure access_token, refresh_token and token_type are added only
  🛠 once to the returned Access Token (Fixes #42).

  ✂ Remove scopes from the Access Token (Fixes #51).

  Prevent NPE when User#active is null

  🖐 Handle duplicate client creation error on application level

  Respond with Conflict 409 when a client with a requested client id already
  exists

  ⚡️ Updates

  • OSIAM connector4java 1.8
  • MySQL JDBC driver 5.1.37
  • PostgreSQL JDBC driver 9.4-1205
  • 🔒 OAuth2 for Spring Security 2.0.8

  OSIAM Resource Server 2.5

  🔋 Features

  👉 Use JDBC connection pooling

  0️⃣ By default the pool has a size of 10 and a timeout of 30s to acquire a connection.
  🔧 These settings can be changed with the following configuration properties:

  • org.osiam.resource-server.db.maximum-pool-size

  - org.osiam.resource-server.db.connection-timeout-ms

  Populate the type field of a Group's members

  Members of a Group have their type field set to either User or Group.

  🔧 Make number of parallel connections to the auth-server configurable

  🔧 The default is 40 and can be changed with the following configuration property:

  - org.osiam.auth-server.connector.max-connections

  🔧 Make timeouts of connections to auth-server configurable

  0️⃣ By default the read timeout is set to 10000ms and the connect timeout to 5000ms.
  🔧 These settings can be changed with the following configuration properties:

  • org.osiam.auth-server.connector.read-timeout-ms
  • org.osiam.auth-server.connector.connect-timeout-ms

  🔄 Changes

  0️⃣ Increase default timeouts for connections to auth-server

  0️⃣ By default the read timeout is set to 10000ms and the connect timeout to 5000ms.

  0️⃣ Increase default maximum number of parallel connections to auth-server

  0️⃣ The default is 40.

  Switch to Spring Boot

  🔨 Refactor database schema

  Note: Some fields in table scim_extension_field have been renamed:

  • extension_internal_id becomes extension;
  • is_required becomes required;

  ⚡️ Update your SQL scripts, if you add SCIM 2 extensions via direct database
  manipulation.

  🌲 Produce a meaningful log message and respond with 503 TEMPORARILY UNAVAILABLE
  instead of 409 CONFLICT if the auth-server cannot be reached to validate or
  revoke an access token.

  All invalid search queries now respond with a 400 BAD REQUEST instead of
  409 CONFLICT status code.

  Respond with 401 UNAUTHORIZED when revoking or validating an access token
  fails because of invalid access token.

  ✂ Remove configuration property org.osiam.resource-server.db.dialect

  ✂ Remove self written profiling solution since we now use the Metrics
  🔧 framework. This removes the configuration property org.osiam.resource-server.profiling

  👉 Make the generated errors SCIM compliant

  Error responses look like this according to Scim 2:

  {
    "schemas": ["urn:ietf:params:scim:api:messages:2.0:Error"],
    "detail": "Resource 2819c223-7f76-453a-919d-413861904646 not found",
    "status": "404"
  }
  

  🛠 Fixes

  Only set UserEntity#active if value is not null

  Prevents a NPE when storing users that have no value for the active field.

  👉 Use correct schema for Scim resources

  Affected resources and the changes are:

  • User: urn:scim:schemas:core:2.0:User becomes urn:ietf:params:scim:schemas:core:2.0:User
  • Group: urn:scim:schemas:core:2.0:Group becomes urn:ietf:params:scim:schemas:core:2.0:Group
  • ListResponse: urn:scim:schemas:core:2.0:User/urn:scim:schemas:core:2.0:Group becomes urn:ietf:params:scim:api:messages:2.0:ListResponse
  • ServiceProviderConfig: urn:scim:schemas:core:2.0:ServiceProviderConfig becomes urn:ietf:params:scim:schemas:core:2.0:ServiceProviderConfig

  ⚡️ Updates

  • OSIAM connector4java 1.8
  • MySQL JDBC driver 5.1.37
  • PostgreSQL JDBC driver 9.4-1205
  • AspectJ 1.8.7
  • Metrics Spring Integration 3.1.2

• All Versions
• Next v3.0.CR1
• Latest Version