Skip to content

Releases: cmu-sei/Identity

1.5.5-rc5

09 May 20:31
@sei-jmattson sei-jmattson
1.5.5-rc5
462d8be
Compare
Choose a tag to compare
1.5.5-rc5 Pre-release
Pre-release 
wip
Assets 2
Loading

v1.5.5-rc4

09 May 20:16
@sei-jmattson sei-jmattson
1.5.5-rc4
f8c5238
Compare
Choose a tag to compare
v1.5.5-rc4 Pre-release
Pre-release 
fix overwriting of external claims
Assets 2
Loading

v1.5.5-rc3

09 May 18:50
@sei-jmattson sei-jmattson
1.5.5-rc3
f7a3629
Compare
Choose a tag to compare
v1.5.5-rc3 Pre-release
Pre-release 
extract external registration name from email
Assets 2
Loading

v1.5.5-rc2

09 May 16:02
@sei-jmattson sei-jmattson
1.5.5-rc2
40cca47
Compare
Choose a tag to compare
v1.5.5-rc2 Pre-release
Pre-release 
fix acr_value
Assets 2
Loading

v1.5.5-rc1

08 May 20:00
@sei-jmattson sei-jmattson
1.5.5-rc1
465cf49
Compare
Choose a tag to compare
v1.5.5-rc1 Pre-release
Pre-release 
add external-idp options
Assets 2
Loading

v1.5.4

23 Jun 17:08
@sei-jmattson sei-jmattson
1.5.4
7ce3070
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.5.4 Latest
Latest

Adds Azure Application Insights telemetry when configuration Insights__ConnectionString is set.

Assets 2
Loading

v1.5.3

16 Jun 13:16
@sei-jmattson sei-jmattson
1.5.3
03d47db
Compare
Choose a tag to compare
v1.5.3

Anonymizes default (new) resource names by removing the actor's name from them.

Assets 2
Loading

v1.5.2

15 Apr 01:09
@sei-jmattson sei-jmattson
1.5.2
864b369
Compare
Choose a tag to compare
v1.5.2

Set minor state cookies as secure in production.
Fix issue with expired account checking.

Assets 2
Loading

v1.5.1

31 Mar 19:46
@sei-jmattson sei-jmattson
1.5.1
8cfedd5
Compare
Choose a tag to compare
v1.5.1

Adds an Account__Authentication__ExpireAfterDays = 0 setting that, if set greater than zero, disallows authentication for users whose last login is beyond that interval.

This setting implies a support mechanism since an administrator will need to re-enable the account if necessary.

Assets 2
Loading

v1.5.0

10 Mar 16:36
@sei-jmattson sei-jmattson
1.5.0
9f19714
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.5.0

Updates handling of client certificates.

The application assumes an upstream ssl terminator validates any client certificate and adds headers with client cert data. While the app can receive the client certificate as a header value, this has drawbacks because 1) passing multiline header values isn't standard, and 2) that work has generally already been done by the upstream terminator.

For security reasons, the operator MUST ensure that configured ssl client cert headers are ONLY set by the upstream ssl terminator.

Changes:

  • parses x500 distinguished names in addition to the existing ldapv3 formatted DNs.
  • removed the default (nginx) header names. Operators must configure with expected header names.
  • allows multiple client cert header options (changed from string to array of string)
## Header values for certificate data received from reverse proxy (i.e. nginx)
## ** These are NOT defaults. You must include your values.  Nginx values are shown.
# Account__Authentication__ClientCertHeader = X-ARR-ClientCert
# Account__Authentication__ClientCertSubjectHeaders__0 = ssl-client-subject-dn
# Account__Authentication__ClientCertIssuerHeaders__0 = ssl-client-issuer-dn
# Account__Authentication__ClientCertSerialHeaders__0 = ssl-client-serial
# Account__Authentication__ClientCertVerifyHeaders__0 = ssl-client-verify

"Security" enhancement

  • removed anonymous access from the public /api/version and /api/stats endpoints.
Assets 2
Loading