AuthorisationService Release Notes
The following items on the list encompass breaking changes, features, and fixes that are relevant for the major release.
Release 23.4.18
Dependencies and Component Updates
The following central components will be shipped in the noted version, along with relevant product and service dependencies:
Components | Version |
|---|---|
Alpine Image UPDATED | 3.18 |
Keycloak | 18 |
Microsoft Azure AD (aka Entra ID) integration
The AuthorisationService (AS) can integrate into a Microsoft Azure Active Directory (AAD, aka Microsoft Entra ID). Similar to the LDAP integration, AS will use KeyCloak to synchronize users and groups with AAD. Synchronized users and groups will also be generated in VidiCore.
For more information: Microsoft Azure AD / Entra ID integration [C IG]
This feature was first introduced in AuthorisationService 23.3.6 and is now available for the first time in a major release.
If the feature was used with a 23.3-based version and a configuration was done in the field “Single Logout Service URL”, it should be removed and set to an empty configuration.
Keycloak metrics
The Keycloak metrics are now enabled in the AS deployment. For further information on the available metrics please refer to: https://www.keycloak.org/server/configuration-metrics
Changed parameter “SyncTimeout”
The parameter “SyncTimeout” in the appsettings was changed from the section “Vidispine” to the section “Keycloak” and renamed to “SyncTimeoutInSeconds”.
Sync cron job timeout behavior
In some situations, the sync cron job for LDAP or AAD could be stuck forever. A new timeout of 1 hour is introduced which aborts the sync job. Due to technical reasons, the job is marked as successful for the pod.
If sync issues occur, it is needed to check the corresponding log files.
Fixes
Fixes | |
|---|---|
Item# | Item |
223540 | AS: Sync timeout using 23.3 version |
219143 | AS: Make button for Azure AD login prettier |
223620 | AS KC: Optimize Azure AD sync performance (Stage 1) |
223393 | AzureAD: AS: Sync Error when syncing with lots of users. |
223990 | AS: KC: Add groups filters for Azure AD sync |
223619 | AS: Move Synctimeout config out to Keycloak section of appsettings |
224232 | Azure AD: Attempting to relog with a different user doesn't work in the same browser session |
224749 | AS: Cache issue when syncing Group from VidiCore to Keycloak |
225197 | AS: (VidiCore) Group showed twice when existed in nested group |
224048 | AS: VidiNet: Issues with synching groups on VidiNet |
225351 | Azure AD: Sync Mode not set during creation |
225333 | Azure AD: SAML configuration missing when running update in CP |
220596 | AS: Deletion of users from groups in LDAP/Azure AD is reflected in VidiCore |
225536 | Azure AD: Logout from CP will logout from other locations |
220514 | AS: Unable to delete identity provider |
214035 | AS: Rename AS Swagger page (browser tab) |
225778 | AS: Unable to create Azure identity provider with valid configuration |
216765 | AS: Failed to delete ldap configuration with invalid setup on Group DN |
221690 | CP/AS: Helmchart tries to update-ca-certificates even when no custom certificate is defined. |