Release notes - Publisher
Latest release
Release date: 2 December 2024
Notable changes:
- [CSP-5141/5149] - enhanced the buttons and lists for applications and connections
Previous releases
Release date: 15 October 2024
Notable changes:
- [CSP-5016] - Support for PKCE added to Keystone
- [CSP-5184] - Make service more fault tolerant to IdP metadata not being available
- [CSP-4097, 5063] - Improvements to SP account management
Release date: 2 October 2024
Notable changes:
- [CSP-5177] - The recent activity tab in the dashboard did not display data
- [CSP-5155] - Entities were not being retrieved from cache
Release date: 4 September 2024
Notable changes:
- [CSP-4885] - Removed redundant Matomo and Google Analytics code from the SP dashboard
- [CSP-5157] - Some domains were unable to download reports
- [CSP-5148] - Selecting a report date range longer than a year would sometimes omit data
Release date: 14 August 2024
Notable changes:
- [CSP-4744] - Added ability to specify a display name for 1:1 connections
- [CSP-4937/38] - UI updates to 1:1 connections
Release date: 8 August 2024
Notable changes:
- [CSP-4841] - Default discovery method for new Keystone apps now set to Wayfinder
- [CSP-4840] - 1:1 connections (additional identity providers) now defaults to on for new connections
Release date: 6 August 2024
Notable changes:
- [CSP-4626] - Add validation for UUIDs
- [CSP-4773] - Improve formatting of reports
- [CSP-4983] - Reporting highlights added to dashboard
Release date: 31 July 2024
Notable changes:
- [CSP-4956] - New ruleset added to Keystone to pass all received SAML attributes as claims with the same name
Release date: 25 July 2024
Notable changes:
- [CSP-5087] - The connections dropdown under Application > Configuration is now ordered
- [CSP-5085] - Rectify issues with the confirm contact details pop-up
Release date: 9 July 2024
Notable changes:
- [CSP-5000] - was possible to create duplicate applications if you clicked the save button twice, really fast
Release date: 5 June 2024
Notable changes:
- [CSP-5021] - Add SP report viewer role to admin page
- [CSP-4803 / 4682] - Release new report viewer role to the SP dashboard allowing a non-technical user to safely access the reporting functions but not the configuration options.
Release date: 20 May 2024
Notable changes:
- [CSP-4888] - Add caching for not-found entities to reduce service load
- [CSP-4763] - Stats reports for single entities would not download if the entity name contained a comma
- [CSP-5006] - @Checked annotation was missing from CSV downloads
Release date: 9 May 2024
Notable changes:
- [CSP-4887] - Update to the menu navigation - Accounts now on the side.
- [CSP-4912] - Update to the display of admin accounts ahead of some planned improvements
Release date: 9 April 2024
Notable changes:
- [CSP-4993] - Enhanced reporting options now available to external apps (e.g. Shibboleth). See: Reporting
Release date: 14 February 2024
Notable changes:
- [CSP-4884] - Performance enhancements for reporting
Release date: 29 January 2024
Notable changes:
- [CSP-4650] - Additional validation on redirector domains
Release date: 22 January 2024
Notable changes:
- [CSP-4405] - Metadata updates for external apps would sometimes not persist
Release date: 10 January 2024
Notable changes:
- [CSP-4578] - Access to the SP dashboard now only requires the SP admin role
- [CSP-4768] - Standardisation of country names in UI / downloaded statistics reports
- [CSP-4805/4813] - Improve the display of Application and Connection status
Release date: 1 November 2023
Notable changes:
- [CSP-4641] - uploading invalid metadata would log the wrong error
Release date: 4 October 2023
New functionality:
- New reporting options are now available to Keystone customers including usage statistics from other federations and 1:1 connections. See: Reporting
Release date: 31 August 2023
Notable changes:
- [CSP-4684] - It was possible to upload SP metadata with an empty ServiceDescription element
Release date: 16 August 2023
Notable changes:
- [WAYF-672] - Embedded Wayfinder was slow when local storage was unavailable
- [CSP-4556] - Add a file-size check to the additional identity provider option
- [CSP-4576] - The activity stream would show a rejected publication request immediately upon submission
Release date: 26 July 2023
Notable changes:
- [CSP-4657] - the log a query button in the dashboard didn't work.
Release date: 13 July 2023
Notable changes:
- [CSP-4602] - overlong entityIDs would stop the external app addition flow without an error message.
Release date: 29 June 2023
Notable changes:
- [WAYF-672] - embedded Wayfinder loaded slowly when users blocked 3rd party cookies.
Release date: 6 June 2023
Notable changes:
- [CSP-4359] - Display entityID of external apps (e.g. Shibboleth) in the applications list.
Release date: 28 April 2023
Notable changes:
- [CSP-4567] - Domain validation was not working on the linking tab for Keystone applications
- [CSP-4550] - Fix SP dashbaord accessibility issues identified by Lighthouse snapshot reports
Release date: 12 April 2023
Notable changes:
- [CSP-3811] - Keystone metadata now available via URL. See: Connections
Release date: 4 April 2023
Notable changes:
- [CSP-4366] - SP dashboard now has a direct link to the support interface
Release date: 27 February 2023
Notable changes:
- [CSP-3979] - Keystone apps' metadata now lists the OpenAthens service desk as the technical contact
- [CSP-4452] - Application restrictions added to the audit stream
Release date: 23 February 2023
Notable changes:
- [CSP-4430] - Improvements to the required / optional attribute specification tab
- [CSP-4437] - Improvements to the subscription management specification tab
Release date: 2 February 2023
Notable changes:
- [CSP-4381] - 1-2-1 connections to Azure failed at metadata validation
- [CSP-4362] - Size limits on images were not properly enforced
- [CSP-4446] - App restrictions were not enforced as expected
Release date: 5 December 2022
Notable changes:
- [CSP-3668] - Update the embedded Wayfinder script to work when referrer header was not sent
- [CSP-4356] - Client secret now obscured in the SP dashboard (extra step to show)
Release date: 22 November 2022
Notable changes:
- [CSP-4379] - External applications without a service title in the linking syntax would fail to publish
- [CSP-4216] - URLs on the mapping rules page could throw errors
Release date: 8 November 2022
Notable changes:
- [CSP-4207] - Uploading metadata for an external application would not honour the <md:Organization> block
Release date: 15 August 2022
Notable changes:
- [CSP-3678, 4277] - 1-2-1 connection metadata under additional identity providers can now be viewed and updated
Release date: 2 August 2022
Notable changes:
- [CSP-4126] - When adding privacy policies, the UI now default to English instead of Arabic in the language selector
Release date: 11 April 2022
Notable changes:
- [CSP-4002/8] - Pre-live resources now appear in a test federation
Release date: 10 August 2021
Notable changes:
- [CSP-3982] - SIgnatureMethod and DigestMethod now included in Keystone metadata
- [CSP-4026] - Keystone now automatically handles pairwise IDs when sent
Release date: 1 June 2021
Notable changes:
- [CSP-4007] - Keystone now automatically passes an IdPs errorURL attribute if present. See: The errorURL attribute and what it is for
Release date: 9 February 2021
New functionality:
- [ACT-91,93,94,153] - You can now add support contacts and specify details about how subscribers can ask for SAML access to be enabled See: Edit an application
Release date: 17 December 2020
New functionality:
- [ACT-65] - Attribute Consuming Services and privacy policies can now be included in metadata for both Keystone and external applications to help libraries configure release policies without having to contact your support team. See: Edit an application
Notable bug fixes:
- [CSP-3932] - Escape key did not work in pop-up modals after clicking inside modal
- [CSP-3945] - Restricting access based on user roles in the Dashboard could break some OIDC applications
Release date: 7 October 2020
Notable bug fixes and changes:
- [CSP-1748] - Logo validation was reporting the wrong size
- [CSP-3170] - User restrictions extended to OIDC apps
Release date: 19 July 2020
Notable bug fixes and changes:
- An initial (beta) release of the reporting function is now available - see: Reporting
Release date: 24 June 2020
Notable bug fixes and changes:
- [WAYF-393] - entity categories can now be set to appear in metadata via the connections tab (Keystone apps)
- [CSP-3850] - fixed broken documentation link
- [CSP-3903] - where multiple applications share a connection, you can now choose which provides details to the metadata. See Using a connection for multiple OIDC applications
- [CSP-3801] - improvements to how changes to links are audited
Release date: 28 May 2020
Notable bug fixes and changes:
- [MDP-8569] - Metadata now includes names of sub-organisations where they have distinct scope values. See: OpenAthens federation metadata extensions
1 April 2020
Minor changes and bugfixes (publisher dashboard)
- [CSP-3782] - Improvements to certificate display
10 January 2020
Minor changes and bugfixes (publisher dashboard)
- [CSP-3792] - updated validation on the embedded Wayfinder domain field to accept the new, longer, top level domains such as .network
18 December 2019
Minor changes and bugfixes (publisher dashboard)
- [CSP-2181] - The ACS index value from external apps' metadata was not honoured
- [CSP-3680] - Error handling within modals could lead to changes being committed by the cancel button
16 December 2019
Minor changes and bugfixes (Wayfinder)
- [WAYF-220] - Hidden organisations made visible by debug mode are now marked as such
- [WAYF-256] - Searches including certain non-latin characters could cause an error
- [WAYF-258] - Searched containing too many characters could cause an error
- [WAYF-351] - Searching via email address was not working for some SP entities
25 September 2019
Minor changes (Wayfinder)
- [WAYF-179] - The order of remembered organisations could be inconsistent in certain circumstances
- [WAYF-250] - The embeddable version of Wayfinder did not display long organisation names well
7 August 2019
Minor changes
- [CSP-3542] - The accounts menu item and the signout button have moved: dashboard accounts are now accessed via the cog, and sign out is via the user's name. Both in the top right.
10 July 2019
Significant changes
- [CSP-3592] - Certificate thumbprints are now also available as a SHA-256 hash
- [CSP-3594] - Added a preset rule to output targeted ID in the format
idpEntityId!spEntityId!targetedIdto ease migration to Keystone from older technologies
1 July 2019
Significant changes
- Support for OpenAthens SP ended
- OpenAthens SP will stop working on or around 29 May 2020 - See OpenAthens SP end of life notice
14 March 2019
Significant changes
OpenAthens Keystone users can now have the option to embed Wayfinder in their sites
28 June 2018
Updates to support the certificate store change happening on 21 September
| OASP | Notes | |
|---|---|---|
| Java | 2.1.2 | Maven: Change version number in POM and build |
Apache: atacama-platform | 2.1.5 |
|
| .Net | No change required | Uses windows certificate store |
| Publisher dashboard | 1.0.5 |
|---|---|
| Released on | 21 September 2017 |
Significant changes
| Publisher dashboard | 1.0.4 |
|---|---|
| Released on | 22 June 2017 |
Significant changes
- [CSP-1241] - SAML discovery service support has been added for OASP.
| Publisher dashboard | 1.0.3 |
|---|---|
| Released on | 28 March 2017 |
Significant changes
- [CSP-775] - Healthcheck request was causing a nullpointer error
- [CSP-776] - Unavailable IdP entities could cause the Additional IdP page to hang
- [CSP-805] - Updated syntax check on the redirector's tokenised access URLs to not require http(s):// at the start.
- [CSP-881] - Improved certificate checking to eliminate false positives from the error display
- [CSP-878] - Saving updated redirector syntax could fail
- [CSP-957] - Include the service desk's test domain in the OpenAthens SP config until it is made live
- [CSP-970] - Provide audit information per application / connection
| Publisher dashboard | 1.0 |
|---|---|
| Released on | 22 November 2016 |
Major new features
| Feature | Available to | Notes |
|---|---|---|
| New publisher dashboard | All SPs | Documentation: Publisher dashboard reference guide |
| Rewritten SP documentation | All SPs | Rationalised and simplified to work alongside the new publisher dashboard |
| Simplified OASP configuration including automatic configuration of OpenAthens federation | OpenAthens SP users | |
| Simplified OpenAthens federation configuration | All SPs | |
| Faster updates to OpenAthens federation metadata | All federation users | Rrather than waiting up to 24 hours, updates are now live within 15 minutes |
| Old federation dashboard no longer available | No one | |
| Old SP dashboard no longer available | No one |
| OASP | 2.1.1 Java |
|---|---|
| Released on | 19 July 2016 |
New Features
- OASP-235 - Cached metadata is no longer shared between web applications on the same server. Each web application now has its own metadata cache.
- OASP-20 / OASP-48 - Java OASP no longer requires the variant and version to be specified when updating.
- OASP-65 - Query strings now supported on Java OASP.
Known Issues
With the introduction of support for query strings (OASP-65) the memory footprint increases if multiple web applications are present on the same server. It is recommended that customers who support this configuration confirm that the server has adequate resources available.
Upgrade
Java upgrading from 2.0 to 2.1.x
Version
| OASP | 2.1 |
|---|---|
| Released on | 20 January 2015 |
SP Dashboard
New Features
- Control permissions for managing configurations
It is now possible for an administrator to control which other users in an organisation can edit or update a configuration.
- Support for multiple administrators from a single organisation
Administrators can now create additional users in their organisation, provided they are one level below the domain administrator
- New advance options added to make SAML profiles configurable
There are now additional configuration options for SAML profiles, including ability to set SAML versions. Any new configurations that are created will not support SAML 1 & 2 Artifact by default.
- OpenAthens federation added to list of available federations
Minor change to add the OpenAthens federation to the drop down list of federations when managing configurations
- Status changes of configurations now dynamically updated
The status of a configuration (Published / Unpublished) is now updated dynamically when the status is changed, removing the need to manually refresh the page
- Single Sign On from SP Dashboard to the OpenAthens Admin Area
When signed in to the SP dashboard, it is now possible to access the OpenAthens Admin Area (For example to change account details) without signing in again
Relevant help pages: Familiarisation with the OpenAthens SP dashboard, and Creating a configuration with the OpenAthens SP dashboard
Issues Resolved
- Federation URLs corrected
Updated the preconfigured list of federation URLs to correct outdated information
- Fixed an issue with autocomplete when configuring a default IdP
Software
| .Net | Apache | Java | |
|---|---|---|---|
| |||
Removal of KeyAuthority The UK access management federation updated their support for the PKI trust mechanism in June 2014. Apache and .Net versions of OpenAthens SP V2.0 required the <KeyDescriptor> to be available. As a result customers using these versions could not use the latest UKfed metadata. OpenAthens SP V2.1 has been updated to address this issue and customers using the .Net and Apache versions no longer need to use the fall back metadata once upgraded | Yes | Yes | n/a |
Streamlined metadata management | Yes | Yes | Yes |
Unified the namespace for scoped and non-scoped attributes to provide consistency across SAML 1.1 and SAML 2.0 For SAML 1 the scoped attribute that was in the namespace: OA_OASCOPED_URN_MACE_DIR_ATTRIBUTE_DEF_EDUPERSONSCOPEDAFFILIATION will now be in the namespace OA_URN_MACE_DIR_ATTRIBUTE_DEF_EDUPERSONSCOPEDAFFILIATION | Yes | Yes | Yes |
Option to use memcached for improved management of memory and caching The option to use memcached is now available in the advance settings of the SP dashboard. This provides more efficient performance by storing metadata in memory | n/a | Yes | No |
Centos 7 as an approved platform | n/a | Yes | Yes |
Support for product installations from MAVEN OpenAthens SP is now available as a MAVEN dependency to make upgrading and installing easier from within a Java project | n/a | n/a | Yes |
| |||
Downgraded libmemcache to the distro version to avoid conflicts with other packages Installation of OpenAthens SP on Apache was showing conflicts with the version provided in version2.0. These conflicts have been resolved by reverting to the distro version | n/a | Yes | n/a |
| OASP | 2.0.2 Apache |
|---|---|
| Released on | 20 August 2013 |
The specific issues fixed in this maintenance release are all related to the Apache version:
atacama-platform-2.0.2-19387.i386.rpm
- Updated the sql modules (FreeTDS and MySQL).
- Code changes made so that any values in the non-default group will be treated as input arguments. This is an intermediate fix to allow better control of input arguments. The underlying issue relates to the third party libraries for Free-TDS and MSSQL not working well together.
mod_openathens-2.2.2-19387.i386.rpm
Changes made to SELinux policies to:
- Allow Httpd to access the '*.so' files in the modules directory. This was previously being done incorrectly in the Atacama-platform rpm.
- Allow the runtime to connect to the MSSQL and MYSQL daemon ports (1433 and 3006 respectively).
| OASP | 2.0.2 Java |
|---|---|
| Released on | 4 September 2012 |
The specific issues fixed in this maintenance release are all related to the Java version:
- Fixed bug so that content type header (text/html) is correctly added to the
builtinpages (e.g /oa/debug, /oa/logout). - Allowed the behavior of the authReceiverURL dataSource to be
controlled via the web.xml. See Controlling the Assertion Consumer Service URLs for further details.
| OASP | 2.0.1 Java |
|---|---|
| Released on | 5 August 2011 |
The specific issues fixed in this maintenance release are all related to the Java version:
- Fixed bug in signature checking logic when processing SAML2 responses
- Changed session management behavior.
Previously if a user logged in via Identity Provider X and then via Identity Provider Y without logging out, the session would contained a merged view of
the attributes obtained from both Identity Providers.
This has been changed so that attributes obtained from Identity Provider X will be purged, before attributes from Identity Provider Y are added.
| OASP | 2.0 |
|---|---|
| Released on | 12 January 2011 |
OpenAthens SP 2.0 introduces a number of features designed to make the installation, configuration and management of the software easier, more flexible and more intuitive.
What's new in OpenAthens SP 2.0?
Feature | Description | Benefit |
|---|---|---|
Management Dashboard | Create new configurations for multiple different websites. Update contact details for your organisation. | Web-based interface for the creation and management of configurations. This allows the configurations for all your sites to be managed and stored in one place. It enables easy migration between versions of OpenAthens SP and your website. |
Federation wizards | Add support for new federations via the configuration site. | When creating a new configuration a wizard will step you through the process of adding support for multiple identity federations. It is possible to add additional federations later with a few clicks in the dashboard. |
Updated Apache module | The Apache module (mod_openathens) has been renamed and updated. | It brings more flexibility and support for the latest versions of Apache. It is the same full-featured, robust platform that is used for OpenAthens LA. |
Software repositories | A yum software repository for RedHat/CentOS Linux. | When using the Apache module on RedHat/CentOS 5.x Linux servers, the yum software repository bring simple installation and ensures that software is kept up-to-date. New versions of OpenAthens SP can be installed or upgraded using the same process. |
Java modules | Improved integration with Java environments. | Improved Servlet filter and integration with Java application servers. Improved support for various popular Java servers, including Glassfish. |
.NET framework | An all-new .NET framework for integration on Windows platforms running .NET. | Easy integration with .NET applications via a native .NET API and HTTPModule. This brings deep integration with the .NET platform, making it simple to add support for your existing and new .NET applications. |