indigo-iam/iam: INDIGO Identity and Access Management Service v1.8.3

Abstract

<h2>Recommendations</h2> <p>It is <strong>strongly</strong> recommended to <strong>make a backup of your database</strong> before upgrading to v1.8.3 because several migrations are planned. Also, remember that for updates from versions prior to v1.7.2 you <strong>must</strong> first upgrade to v1.7.2. The migration to v1.8.3 will take an amount of time which will be proportional to the amount of currently active access tokens. This means that if you are deploying IAM with some kind of liveness and readiness probes, it's probably better to <strong>switch them off</strong> before upgrading. This migration may take a long <strong>time.</strong></p> <h2>Changed</h2> <ul> <li>Save access token value as an hash in order to use lighter db indexes and avoid conflicts by @rmiccoli in https://github.com/indigo-iam/iam/pull/613</li> <li>Avoid upper case characters into VO names by @SteDev2 in https://github.com/indigo-iam/iam/pull/616</li> <li>Enable Redis scope matchers and well-known endpoint caching by @federicaagostini in https://github.com/indigo-iam/iam/pull/633</li> <li>Consider scope matcher based on string equality for custom scopes by @rmiccoli in https://github.com/indigo-iam/iam/pull/642</li> </ul> <h2>Added</h2> <ul> <li>Add SCIM endpoint entry to well-known endpoint by @federicaagostini in https://github.com/indigo-iam/iam/pull/631</li> <li>Update account AUP signature time via API by @rmiccoli in https://github.com/indigo-iam/iam/pull/608</li> <li>Add new JWT profile that rename 'groups' claim with 'roles' by @enricovianello in https://github.com/indigo-iam/iam/pull/637</li> <li>Add support for displaying specific language name in federation Metadata by @Sae126V in https://github.com/indigo-iam/iam/pull/640</li> <li>Add missing "Reuse refresh token" box within client management page by @rmiccoli in https://github.com/indigo-iam/iam/pull/650</li> <li>Add missing foreign keys to the database by @enricovianello, @rmiccoli in https://github.com/indigo-iam/iam/pull/632, https://github.com/indigo-iam/iam/pull/659</li> <li>Add OpenID Connect standard claims in ATs for WLCG JWT profile by @rmiccoli in https://github.com/indigo-iam/iam/pull/651</li> </ul> <h2>Fixed</h2> <ul> <li>Allow to add certificates with the same subject DN by @rmiccoli in https://github.com/indigo-iam/iam/pull/624</li> <li>Delete unsupported response types by @rmiccoli in https://github.com/indigo-iam/iam/pull/610</li> <li>Fix management of tokens lifetime following RFC9068 by @federicaagostini in https://github.com/indigo-iam/iam/pull/620</li> <li>Fix CERN Restore workflow by @hannahshort in https://github.com/indigo-iam/iam/pull/645</li> <li>Fix authz code flow with PKCE for IAM test client application by @rmiccoli in https://github.com/indigo-iam/iam/pull/653</li> <li>Fix authorization on IAM APIs such to avoid cases where access is granted to already approved scopes instead of effective token scopes by @enricovianello in https://github.com/indigo-iam/iam/pull/664</li> </ul> <h2>New Contributors</h2> <ul> <li>@SteDev2 made his first contribution in https://github.com/indigo-iam/iam/pull/616</li> <li>@federicaagostini made her first contributions in https://github.com/indigo-iam/iam/pull/620, https://github.com/indigo-iam/iam/pull/631 and https://github.com/indigo-iam/iam/pull/633</li> <li>@Sae126V made his first contribution in https://github.com/indigo-iam/iam/pull/640</li> <li>@hannahshort made her first contributions in https://github.com/indigo-iam/iam/pull/645</li> </ul&gt