New in v4.2.1.8

Version 4.2.1.8 contains minor upgrades and security and vulnerability fixes. The full set of changes can be found in the change log. The sections below provide an overview of the improvements.

If you are using AD PowerShell connector update it to version 5.30.1 (the newest connector version is available in a release).

Authentication

  • Support for the Duo authenticator has been added, allowing organizations to use Duo as the TOTP solution for OpenIAM.
  • A Groovy script was added to enable the generation of a callback URL for Criipto authentication.
  • The OAuth client authentication request logic was updated to disable the client secret check specifically for the PKCE grant flow.
  • /oauth2/authorize is now configurable via system properties, providing the option to include/exclude this endpoint from consent management (aka policy) scope.

Performance

  • OpenIAM in link with AD powershell connector supports new urgent queue for Reset password/Login operations.
  • The cache header is now set for static content.
  • Janusgraph in RPM deployments was allocated 1GB RAM.
  • The reindexAll operation (ability to disable reindex by desire) was parameterized.

Operational

  • A procedure for archiving indexes in ES was developed.

UI Changes

  • Action buttons were hidden on the direct report page when bulk mode is enabled.

Deployment Improvement

  • The upgrade.sh script was updated to upgrade the vault to the latest version.