1.0.45-2026031201

Tasks:

• 1.0.45 build #1043

bugs:

• Kubernetes Watches - Increase to 10 minutes #1051
• K8s Dynamic Config - failure to start a dynamicly loaded object leads to failed startup #1021
• OpenIDConnect IdP - return 401 instead of 500 if the access token for userinfo is wrong #1045
• OpenID Connect IdP - pasword grant generates 500 #1042

enhancements:

• Support labels on trusts #945
• Add JWT -SVID support to the OIDC identity provider and auth mech #1035
• oidc auth - use basic auth for the code exchange #1047
• ScaleJS Ops: support wildcard search #1046
• Support dynamically loaded keys and certificates #1044

1.0.44-2026012601

enhancements:

• remove need for genoidc auth mech #1036
• idp - if an idp doesn't exist, have a warning instead of an exception #1041
• javascript target #1034
• SCIM 2.0 API endpoints #1008
• Okta - Add support for OAuth2 #1039
• Scheduler - self heal broken schedulers #1037

Tasks:

• 1.0.44 build #1010

bugs:

• oidc idp - when nonce not included in request a random nonce is included in the id_token #1038
• Prometheus JMSPull - Not ignoring keepalive #1032
• WaitForState Job - better error handling for individual waitforstates #1018
• Kube Watch - catch 410 errors #1028
• K8sSessionStore clearOidcSessions - does not account for large number of sessions #1013
• NPE when loading a namespacegroupmetadata with no external group #1012
• Key ID header missing from OIDC ID token after refresh #1025
• jboss-logging-3.4.3.Final.jar maven puled in unison-service-undertow #1027
• WebSocket only supports 5 concurrent connections, then hangs all traffic #1026

1.0.43.1-2025112401

1.0.43.1-2025112401

bugs:

• ProvisioningEngine - Auditlogs table not being populated #1023

1.0.43-2025092001

Tasks:

• 1.0.43 build #957

bugs:

• Excess logging #997
• Accessibility - default red used in login forms not distinct enough from the background #1002
• Kubernetes Dashboard getting logged out if no kubectl session created #962
• GroupMetadata Watch not removing or modifying on change #986
• BasicDB Many2Many Concurrent just-in-time leads to index constraints #984
• BasicDB - connection failure leads to an attempt to reprovision #985
• Kubernetes CreateK8sObject PUT includes the resourceVersion #980
• UserTOJSON -stack overflow #978
• mongodb - delete user doesn't work #949
• openid connect idp - userinfo endpoint is hardcoded to application/jwt #953
• IPA - Login to target fails #956

enhancements:

• STS - support simple token exchange #994
• Kubernetes - Add protection against deleting collections of objects #977
• JIT Provisioning - Add grace period #987
• AWS Token - Make expiration configurable, add expiration to the response #989
• AWS Token service - make the role and session name configurable #990
• Oidc Idp - Add mechanism to filter groups to remote clusters #961
• Remove LDAPAttribute.toStringValueArray() #981
• scale main - add custom add attribute mechanism #974
• Kubernetes NaaS - Simplify translation of group names to cluster authorization #976
• database target - provide flag to disable transactions #975
• Kubernetes - support 429 responses #972

1.0.42-2024022702

enhancements:

• RbacBindingsTarget: Support ServiceAccounts #941
• ScaleJS Register - Load Groups from LDAP maximum enforcement #939
• ScaleJS Password & Token them customization #926
• ScaleJS Register - Add scalejs customizations APIs #925
• ScaleJS - Add header customization #924
• Upgrade AWS SDK from 1.x --> 2.x #929
• ScaleJS Register - Add AzureAD/EntraID support for group picker #931

Tasks:

• 1.0.42 #920

bugs:

• Listing a user multiple times in the same group from the virtual directory causes havoc #940
• ScaleJS - Repeated portal roles #932
• Remove Java 11 code generation #930
• JMS concurrent modification #922
• Quartz fails to start with SQL Server #921

1.0.41-2024081501

bugs:

• Omitting state parameter causes NullPointerException #900
• AzureAD Target - Chunk exception if exception occurrs #918
• AzureAD Target - Issues when there are more then 99 groups #917
• Kube Token no longer auto retrieving certs for oidc integrated clusters #888
• javascript task: No exception in logs #909
• If Kube API doesn't exist, NPE #907
• Okta groups not loading properly #906
• Workflows continuing after waitfor, splitting paths #905

Tasks:

• 1.0.41 build #891
• Remove all U2F code #904
• 1.0.40 build #845

enhancements:

• Move login screens to Material UI #773
• Enable a local scheduler #913
• WaitFor - Better logging #914
• enable HA AMQ #910
• Add load secret to k8s utils #908
• oidc auth - store id_token in session along with the access token #893

bugs:

• Omitting state parameter causes NullPointerException #900
• AzureAD Target - Chunk exception if exception occurrs #918
• AzureAD Target - Issues when there are more then 99 groups #917
• Kube Token no longer auto retrieving certs for oidc integrated clusters #888
• javascript task: No exception in logs #909
• If Kube API doesn't exist, NPE #907
• Okta groups not loading properly #906
• Workflows continuing after waitfor, splitting paths #905

Tasks:

• 1.0.41 build #891
• Remove all U2F code #904

enhancements:

• Move login screens to Material UI #773
• Enable a local scheduler #913
• WaitFor - Better logging #914
• enable HA AMQ #910
• Add load secret to k8s utils #908
• oidc auth - store id_token in session along with the access token #893

1.0.40-2024030801

Tasks:

• 1.0.40 build #845
• Bump Okta libraries from 9 --> 15 #850

enhancements:

• k8s target - remove need for specific URL #794
• k8s create object - support PUT when an object already exists #865
• JMS - Manual DLQ logic #852
• OpenID Connect IdP - Support filters on all URLs, not just completeFed #863
• oidc auth - integrate login_hint support #855
• Migrate to Hibernate 6.x #847
• AzureAD OIDC - Cannot activate orchestra-login-azuread behind corporate proxy #853
• LoginService - short circuit by session variable #856
• List clusters - Add method to ignore clusters #851

bugs:

• XForward filter doesn't work with wss scheme #861
• old jldap jar imported #862
• WebAuthn - Pre 1.0.39 fails to authenticate #846

1.0.39-2024010701

1.0.39-2024010701

enhancements:

• New Kubernetes Project - make check for namespace configurable #839
• generate log messages when generating new tokens #832
• support for new scalejs interface #834
• workflows are too big, causing size issues #836

Tasks:

• 1.0.39 Build #830

bugs:

• AzureAD - lookup user returns error code now #838
• need better error message when the keystore can't get loaded #835
• saml2 metadata - can't load from azuread in azure #833

1.0.38-2023113001

1.0.38-2023113001

Tasks:

• 1.0.38 build #791

bugs:

• Approval.getLabel getting picked up by hibernate #826
• SAML2 Auth - Metadata parser not working with base64 encoded certs that are broken by line #792
• ScaleMain - If reason isn't required it's failing validation #822
• ScaleJS Register - Load From LDAP doesn't load operational attributes #810
• K8s Dynamic Config Load - issues with synchronization #808
• pre-push cookies and headers for web services #795
• ArgoCD Target - add support for parameters #804

enhancements:

• OpenUnision integration with GitHub enterprise #779
• OpenShift Target - load vcluster private key #807
• Support better customization in ScaleJS #821
• OpenShift/K8s Target - provision directly to RoleBindings and ClusterRoleBindings #815
• Support Kubernetes RBAC for provisioning and authorization #820
• Create JavaScript listener #811
• Add Azure MyVD Insert #801
• ScaleJS Register - Make js URLs configurable #809
• Provisioning - Add NoOp Target #806
• MyVD - Add DN Attribute #805
• GitHub - task to delete deployment key #803
• Create mechanism to disable healthchecks #789
• K8s target - Disaster Recovery updates #793
• Better IBM MQ support #790

1.0.31-2022070901

Tasks:

• 1.0.31 Build #637

enhancements:

• k8s watchers - make version aware #642
• ScaleJS Register - make dynamic lists configurable between type list and pick list #646
• ScaleJS register - make third column configurable #647
• ScaleJS - Support submitting workflows for users that don't already exist #645
• make db target "read only" flag #643