4.6 KiB
title |
---|
Release 2021.1.2 |
Headline Changes
-
Managed objects
Objects like property mappings can now be marked as managed, which means that they will be created, updated and deleted by authentik.
Currently, this is used to update default property mappings, and mark tokens and users generated by outposts.
-
Improved support for different LDAP Servers
The LDAP source has improved support for non-Active Directory LDAP setups. This includes the following changes:
- Switch to sync membership from groups to users rather than user to group
- Fix users, which were removed from a group in LDAP not being removed from said group
- Add support for LDAP servers which have core fields declared as lists
- Add property-mappings for groups, to map attributes like
name
oris_superuser
-
Add test view to debug property-mappings.
-
Simplify role-based access
Instead of having to create a Group Membership policy for every group you want to use, you can now select a Group and even a User directly in a binding.
When a group is selected, the binding behaves the same as if a Group Membership policy exists.
When a user is selected, the binding checks the user of the request, and denies the request when the user doesn't match.
Fixes
- admin: add test view for property mappings
- core: Fix application cache not being cleared correctly (and not being ignored for searches)
- events: add send_once flag to send webhooks only once
- events: allow searching by event id
- events: don't log successful system tasks
- events: improve information sent in notification emails
- providers/oauth2: pass application to configuration error event
- providers/saml: fix imported provider not saving properties correctly
- root: use filtering_bound_logger for speed improvements
- stages/consent: fix wrong widget for expire
- web: migrate Provider List to SPA
Fixed in 2021.2.1-rc2
- admin: add Certificate-Keypair generation
- admin: fix property-mapping views redirecting to invalid URL
- admin: improve layout for policy testing
- admin: remove old provider list view
- outpost: cap reconnect backoff at 60 seconds, reset backoff on successful connection
- policies: add debug flag to PolicyRequest to prevent alerts from testing policies
- providers/saml: force-set friendly_name to empty string for managed mappings
- root: add dedicated live and readiness healthcheck views
- web: fix link to provider list on overview page
- web: fix outpost item in sidebar being active on service connection views
Fixed in 2021.2.1-stable
- admin: fix link in source list
- web: rebuild Outposts list in SPA
- outposts: Fix reconnect not working reliably
- providers/oauth2: add authorized scopes to AUTHORIZE_APPLICATION event
- providers/oauth2: add unofficial groups attribute to default profile claim
- web: fix sidebar being active when stage prompts is selected
Fixed in 2021.2.2-stable
- crypto: move certificate and key data to separate api calls to create events
- events: rename context.token to context.secret
- events: rename token_view to secret_view
- lib: fix stacktrace for general expressions
- outposts: fix ProxyProvider update not triggering outpost update
- policies: skip cache on debug request
- providers/proxy: fix certificates without key being selectable
- root: log runtime in milliseconds
- sources/*: switch API to use slug in URL
- sources/ldap: add API for sync status
- sources/oauth: add callback URL to api
- web: fix ModalButton working in global scope, causing issues on 2nd use
Fixed in 2021.2.3-stable
- core: fix tokens using wrong lookup
- web: fix missing source create button
Upgrading
This release does not introduce any new requirements.
Due to the switch to managed objects, some default property mappings are changing. This affects only the SAML Provider.
The change affects the "SAML Name" property, which has been changed from an oid to a Schema URI to aid readability.
The integrations affected are:
docker-compose
Download the latest docker-compose file from here. Afterwards, simply run docker-compose up -d
and then the standard upgrade command of docker-compose run --rm server migrate
.
Kubernetes
Run helm repo update
and then upgrade your release with helm upgrade passbook authentik/authentik --devel -f values.yaml
.