UAA 3.0.0

UAA 3.0.0 introduces breaking changes in form of restructuring of the code base, updating dependencies producing new module libraries.

Objects that are payload entities for rest controllers have been moved to the cloudfoundry-identity-model module.

The server side modules have been combined into cloudfoundry-identity-server.

Overview of our modules

1. cloudfoundry-identity-model - data objects that are used as arguments for the API controllers on the UAA
2. cloudfoundry-identity-client-lib - module to hold future client side API libraries for administering a UAA
   • Token retrieval API completed Supplement 1 Supplement 2
3. cloudfoundry-identity-server - all server side code
4. cloudfoundry-identity-uaa - web application archive, WAR module for the UAA server

List of Deleted Classes

common/src/main/java/org/cloudfoundry/identity/uaa/error/JsonAwareAccessDeniedHandler.java
common/src/main/java/org/cloudfoundry/identity/uaa/error/JsonAwareAuthenticationEntryPoint.java
common/src/main/java/org/cloudfoundry/identity/uaa/login/util/FileLocator.java
common/src/main/java/org/cloudfoundry/identity/uaa/oauth/JitClientDetailsService.java
common/src/main/java/org/cloudfoundry/identity/uaa/oauth/NoSuchTokenException.java
common/src/main/java/org/cloudfoundry/identity/uaa/oauth/UaaAuthenticationKeyGenerator.java
common/src/main/java/org/cloudfoundry/identity/uaa/oauth/UaaUserTokenConverter.java
common/src/main/java/org/cloudfoundry/identity/uaa/oauth/UserTokenConverter.java
common/src/test/java/org/cloudfoundry/identity/uaa/authentication/login/PromptEditorTests.java
common/src/test/java/org/cloudfoundry/identity/uaa/authentication/login/PromptTests.java
common/src/test/java/org/cloudfoundry/identity/uaa/error/JsonAwareAccessDeniedHandlerTests.java
common/src/test/java/org/cloudfoundry/identity/uaa/error/JsonAwareAuthenticationEntryPointTests.java
common/src/test/java/org/cloudfoundry/identity/uaa/oauth/UaaAuthenticationKeyGeneratorTests.java
common/src/test/java/org/cloudfoundry/identity/uaa/oauth/UaaUserTokenConverterTests.java
login/src/main/java/org/cloudfoundry/identity/uaa/login/AbstractControllerInfo.java
login/src/main/java/org/cloudfoundry/identity/uaa/login/AnalyticsInterceptor.java
login/src/main/java/org/cloudfoundry/identity/uaa/login/ClientInfoAuthenticationFilter.java
login/src/main/java/org/cloudfoundry/identity/uaa/login/LinkedMaskingMultiValueMap.java
login/src/main/java/org/cloudfoundry/identity/uaa/login/util/IndirectBeanCreator.java
login/src/main/java/org/cloudfoundry/identity/web/Prompt.java
login/src/test/java/org/cloudfoundry/identity/uaa/login/LinkedMaskingMultiValueMapTests.java
login/src/test/java/org/cloudfoundry/identity/web/PromptTest.java

New Features

• Deleting zones is now supported. Supplemented
• Deleting providers is now supported.
• Provide support for user account verification:
  New users are automatically verified by default. Unverified users can be created by specifying their verified: false property in the request body of the POST to /Users, as shown in the example below. Unverified users must then go through the verification process. Obtaining a verification link (to send to the user) is outlined in the section Verify User Links: GET /Users/{id}/verify-link.
• Support client id/secret authentication from form parameters
• syslog enhancement Add in the ability to tag each log line using a layout.
• Enhance logging for zone resolution and similar story
• New /Groups end points to manage memberships
• [Expose the scim scopes (read, write, create) as cross zone scopes similar to zones.{zoneid}.clients.admin](Expose the scim scopes %28read, write, create%29 as cross zone scopes similar to zones.{zoneid}.clients.admin)
• The UAA will accept any hostname - Previously the UAA would only accept requests on localhost or on hostnames derived from the configuration option zones.internal.hostnames. This made it a bit tricky to get started when trying to access the fresh, non configured UAA instance by IP address or other hostname, If the zones.internal.hostnames is configured, only those will be used as base hostnames.
• Build is using Jacoco for coverage reports. Cobertura development seemed to have stalled and was having issues with Java 8
• 512M Minimum memory requirement confirmed
• Ability to supply complete Yaml configuration when deploying standalone UAA on cloud foundry
• Provide the ability to set, retrieve & display OAuth Client Name

Bug Fixes

• Only one valid passcode at any given time - When requesting passcodes to use for user assertion, if a new passcode is requested on the endpoint /passcode previously issued passcodes will be invalidated.
• /Groups endpoint no longer filters groups for the logged in user. More intuitive results when retrieving groups. [Supplement story(https://www.pivotaltracker.com/story/show/109107468)
• Unable to retrieve SAML user attribute values when NameFormat="...:unspecified" Support non string attributes SAML user attribute
• Invited LDAP users get the correct user_id if authenticating without accepting invitation.
• Invited SAML users get the correct user_id if authenticating without accepting invitation.
• Show SAML alias on the login page if link text is missing
• Consolidate configuration file and zone default for SAML
• Configure key passphrases - This story only allows the configuration of the passphrase. It is not yet read by the UAA server.
• Invalid redirect_uri leaves too few clues for troubleshooting.
• /check_token is including null authorities list in response
• CORS configuration format has changed to support both XHR and non XHR requests.