AuthorisationService Release Notes
The following items on the list encompass breaking changes, features, and fixes that are relevant for the major release.
Release 23.2.26
Support Azure AD as Identity Provider
AuthService 23.2 supports Azure AD as Identity Provider. As for local LDAP, the configuration can be done in ConfigPortial in the Identity Provider section.
Similar to using LDAP, AuthService syncs all users and groups from Azure AD in the search scope to the KeyCloak database and VidiCore.
This feature will not be part of the initial 23.2 release. It will be delivered later in a patch release.
Use internal Endpoint Between AuthorisationService and Keycloak
AuthorisationService can now use the cluster-internal endpoint for all communication to Keycloak. This requires setting the Frontend URL in the deployment for both realms (Vidispine and Master).
Token Expiration Times Extended
The values for SSO Session Idel and SSO Session Max are set to 10 hours now. Several time values for token expiration are set to higher values in the default configuration to avoid early unintended logouts of clients.
CORS Configuration
To allow CORS configuration, a list of URLs can be configured in the deployment.
Known Issues
Searching for usernames in the Keycloak Dashboard including backslash ('\') will lead to empty results. To avoid this, users should be searched using a double backslash ('\\').
Fixes
Item # | Item |
|---|---|
215453 | AS: Change admin password hit into exception |
215202 | AS: Duplicate CLIENT ID, CLIENT HOST protocol mappers in Client_Credentials |
216153 | AS: User and group relationship does not sync after migrate to keycloak |
216666 | AS: ServerName is not validated when saving from CP |
216764 | AS: Group & User Sync timeout issue |
217050 | AS: Enable/Disable Ldap Connection not working |
217321 | AS: AuthService users return single user when search by username |
217662 | AS: KC: VC Provider login failed - improve error message |
215831 | AS: Remove of invalid "sub" claim from client |
215733 | AS: Configure AllowedScopes/AllowedRoles in Client API |
215100 | AS: Issues with OpenSearch Dashboard with Keycloak |
217355 | AS: Fix WIA with Keycloak |
215417 | AS: Search username returns duplicate user results |
215062 | AS: Remove profile as defaultscope if not specified in the client |
215056 | AS: Improve logging message when username not found |
215139 | CP: Error on sync metadata and shapetag from postinstallation job |
215227 | AS: Failed to filter group and user using username with domain |
215308 | AS: Missing preferrable_username in Group & User claims |
218649 | AS: SSL settings always set to none |