Red Hat

PicketLink 2.6.0.CR2 is out!

The PicketLink team is pleased to announce the release of v2.6.0.CR2.

This is a major release, containing several improvements and covering some new requirements, specially for HTML5+JS Mobile and RESTFul use cases. We’ve received excellent feedback from the community regarding v2.6.0CR1 release, and are looking forward to hearing more about your experiences with the new version until we finally reach Final.

Some of the key aspects covered by this release include:

  • Stateless Authentication Model, ideal for RESTFul APIs Security and Token-based Authentication.

  • Better support to custom HTTP Authentication Schemes when using the AuthenticationFilter.

  • Security Tokens based on both JWT and JWS specifications. Ideal for people looking for a simple and flexible API to issue and validate JSON-based Security Tokens.

  • Connection Pooling to the LDAP Identity Store.

  • SAML Service Providers are now able to provide a Domain Chooser Page to select the appropriate IdP the user wants to authenticate against.

  • SAML-based example applications are now merged into the PicketLink Quickstarts Repository.

  • All quickstarts are ready to be deployed on both JBoss EAP and WildFly.

The site is also updated with a few guides covering different aspects of PicketLink, giving you some background about some core concepts. More guides and articles are comming, keep an eye on the Getting Started page.

We would like to thank all the community for all contribution and feedback. Special thanks to Maximos Sapranidis for the HTML5+AngularJS+RESTFul Quickstart, which will be available very soon in the quickstarts repository. And also, Jonathan Fuerth for all improvements to the Authentication Filter.

More details about the issues resolved by this version can be found on the Release Notes.

PicketLink 2.6.0.CR1 is out!

The PicketLink team is pleased to announce the release of v2.6.0.CR1. This release also marks the unveiling of the new look and feel for the PicketLink website: http://www.picketlink.org built on Awestruct and jboss.org Bootstrap.

Notable Changes

  • PicketLink SAML SSO For WildFly8

    • WildFly Bindings for Federation

  • Improved Documentation (We still need to do a better job at documentation. :-) )

  • Additional PicketLink Quickstarts

  • PicketLink Permission API

  • PicketLink Subsystem for WildFly

  • EAP Module Upgrade (containing all 2.6+ libraries)

  • PL Extension for both EAP and WildFly

  • SAML2 IDP Initiated SSO

  • Service Provider Dynamic Account Chooser Functionality

The quickstarts are listed below:

Authentication:

Authorization and Permissions:

Federation (SAML,WS-Trust etc):

documentation NOTE

There are some additional quickstarts that have not been fully migrated over to JBoss Developer Quickstarts.

Release Notes

The following section lists out the release notes for the versions leading up to v2.6.0.CR1

  • Bug

    • [PLINK-378] - SAML2LogoutHandler should create logout request with nameid format

    • [PLINK-379] - HTTP Redirect Binding is not restoring original request when accessing a SP for the first time

    • [PLINK-380] - IDPFilter is not populating roles in assertion when using SAML v1.1

    • [PLINK-381] - IDPFilter is stopping the filter chain and not providing application resources

    • [PLINK-382] - WildFly Binding is not supporting SAML v1.1 usecases

    • [PLINK-383] - WildFly SP Binding is is raising IllegalStateException messages.

  • Bug

    • [PLINK-356] - Reloading configuration in IDP doesn’t work

    • [PLINK-367] - Custom partition types are not properly configured when specifying the custom type instead of the base Partition type

    • [PLINK-372] - boolean config values should default to boolean.FALSE if not explicitly declared in configs

  • Enhancement

    • [PLINK-313] - IDP should be configurable to sign assertions

    • [PLINK-375] - Support SAMLConfigProvider and AuditHelper from WildFly IdP and SP bindings

  • Feature Request

    • [PLINK-327] - PasswordCredentialTypeEntity could not be loaded with TomEE

    • [PLINK-344] - Service Provider Dynamic Account Chooser Functionality

    • [PLINK-363] - Combined Service Provider Authenticator

    • [PLINK-364] - SAML2 IDP Initiated SSO

    • [PLINK-368] - Role Generator for JBossAS/JBossWeb Combination

  • Task

    • [PLINK-284] - PicketLink IDP and SPNego

    • [PLINK-319] - WildFly PicketLink Extension and IDM Subsystem

    • [PLINK-370] - Lower log level from INFO to TRACE for Canonicalization

    • [PLINK-373] - Ensure Boolean variables are initialized and handle null autoboxing issues

    • [PLINK-374] - Enable WildFly distribution in PicketLink Bindings

    • [PLINK-376] - Port JSON Security from PicketBox Core

  • Bug

    • [PLINK-361] - Wrong validation when configuring credentials using multiple stores for a single identity configuration

  • Feature Request

    • [PLINK-268] - Implement Permission Management

    • [PLINK-359] - Regular Expression User Name Login Module

  • Bug

    • [PLINK-199] - Error granting role with EclipseLink

    • [PLINK-210] - Regression: use of In.value() for collections

    • [PLINK-332] - PicketLink fails to bootstrap due to TransactionRequiredException on TomEE and GlassFish

  • Feature Request

    • [PLINK-146] - XMLSignatureUtil should allow KeyInfo to use X509 if desired

    • [PLINK-303] - Improve logging and messages

    • [PLINK-323] - Social Login Quickstarts

    • [PLINK-341] - SAML Service Provider Workflow abstraction

    • [PLINK-342] - IDPFilter for web applications

    • [PLINK-343] - Jetty Bindings for SAML SSO

  • Task

    • [PLINK-350] - Validate XMLSignatureUtil→KeyInfo/X509Certificate Usage

  • Bug

    • [PLINK-209] - Debug/Error inconsistency in exception logging

    • [PLINK-257] - PicketLink does not work properly when using JBoss Modules

    • [PLINK-259] - ShanesBigSanityCheckTestCase.testScenario1 is failing sometimes

    • [PLINK-278] - TransactionRequiredException thrown by IDM when no @Startup bean performs initialization

    • [PLINK-285] - RelationshipManager allows null group to be added to identity. NullPointerException results upon subsequent access to user’s groups

    • [PLINK-286] - BasicModel.isMember() throws NullPointerException when group does not exist

    • [PLINK-298] - LDAPIdentityStore is not handling property MSAD’s objectGUID for identifiers

    • [PLINK-300] - AbstractIDPValve throws NPE when using metadata and AuthnRequestsSigned is null.

    • [PLINK-302] - Annotate date fields in the simple schema with @Temporal

    • [PLINK-309] - AttributeParameter needs equals() and hashcode()

    • [PLINK-312] - StackOverflowError in identity query with attribute parameter

    • [PLINK-314] - Annotations are not always recognized when defined in a field only

    • [PLINK-326] - Twitter Authenticator can throw no token available error

    • [PLINK-330] - DefaultPicketLinkLogger can not use parametrized methods from jboss logging

    • [PLINK-340] - AS submodule: IdentityConfigurationBuilder error messages are missing real reasons

  • Enhancement

    • [PLINK-282] - Support for Multiple Custom Identity Stores in the IdentityConfigurationBuilder Fluent API

    • [PLINK-301] - Small changes to the exception hierarchy

    • [PLINK-305] - Authenticating custom account types without providing a custom credential handler

    • [PLINK-306] - Support different stores configuration with different identity types

    • [PLINK-310] - Set default partition to types when the underlying store does not support partitions

    • [PLINK-315] - Use the LDAP mapping configuration to discover the supported types

    • [PLINK-331] - Support EclipseLink when running the IDM tests

    • [PLINK-334] - Add a method to retrieve all configuration used to build a PartitionManager

    • [PLINK-335] - Fire event right after the PartitionManager is built to allow customs initialization logic

    • [PLINK-336] - Remove wrong debug logging message for the default logger implementation

  • Feature Request

    • [PLINK-190] - JDBC Identity Store Implementation

    • [PLINK-287] - Need a method of determining if a User email address is already used

    • [PLINK-295] - GenericHeaderAuthenticator

    • [PLINK-296] - SSLValve from JBossWeb Sandbox

    • [PLINK-311] - Provide to the LDAP store a configuration that allows to specify the hierarchy search depth

  • Task

    • [PLINK-167] - Ensure Logger for exception messages

    • [PLINK-280] - Clean up wildcard imports

    • [PLINK-289] - Create PicketLink BOM Module

    • [PLINK-290] - Update documentation and site with the quickstarts changes

    • [PLINK-291] - Update quickstarts with the PicketLink BOM

    • [PLINK-293] - Enable and fix checkstyle validation for all modules

    • [PLINK-307] - Transfer PicketLink Quickstarts to JDF

    • [PLINK-308] - Support mapping between types and their corresponding objectClasses.

    • [PLINK-320] - Enable CDI on PicketLink IDM.

  • Sub-task

    • [PLINK-324] - Social Login Quickstart: Login With Facebook

    • [PLINK-325] - Social Login Quickstart: Login With Twitter

Latest News

back to top