Release Topicus KeyHub, decentralizing access management
We are pleased to announce the 11.0 release of Topicus KeyHub. In this release we started the process of further decentralizing access management. In addition to this and many other new features, this release brings several fixes and addresses some issues found in previous versions. Before upgrading, be sure to read these release notes as some additional actions may be required to ensure smooth operation of Topicus KeyHub.
TKH-765 Based upon the results of a large UX-test among our users, the main menu and the popovers have had a major redesign. The header of the popover uses a different colour for normal interaction versus re-authentication requests. All fields now have clear labels and the different shades of grey have been removed, giving them a much clearer appearance. As we continue to interview our users, more improvements to the design will follow.
TKH-563 Topicus KeyHub now requires a valid license. 11.0 will come with a transition license, valid until the end of 2017. Make sure you've received your license file before updating to 11.0 and update your installation before the end of the year. Starting at the beginning of 2018, Topicus KeyHub will no longer function without a valid license and will require a restart in maintenance mode to upload the license file.
Administration of applications
TKH-742 Administration of application is now performed in a decentralized way. Groups can create and administer applications without needing to contact KeyHub administrators. The upgrade to Topicus KeyHub 11.0 will automatically assign KeyHub Administrators as the technical administrator of all existing applications. The first group with access to an application will get ownership. It is important to review this conversion after upgrading and transfer ownership and/or administration when needed.
TKH-728 The iOS app has been rewritten from scratch to bring it in line with the Android app. You can now use our app for multiple accounts and as a general TOTP app. Your existing data will be converted upon installation of the new version. Expect the new app to appear in the store soon.
The following smaller improvements and bugfixes were made:
TKH-627Names of the KeyHub administrators are now reported to the the requester of a password or 2FA reset.
TKH-755Searching the audit log is now much more reliable, faster and includes all fields of an audit record.
TKH-658The web application now uses a
Content-Security-Policyheader to prevent possible XSS-attacks.
TKH-662The reason for accepting or rejecting a request is now also mentioned in the e-mail.
TKH-750(Ext) Placement of the icons and popout in the browser extension has been improved considerably.
TKH-729(CLI) Error handling in many situations has been improved.
TKH-731(CLI) Write vault value no longer ignores the
TKH-732(CLI) Command line parameter values can now be quoted, allowing values to start with
TKH-733(CLI) A new
listcommand was added to query groups in KeyHub.
TKH-738(Ext) Records from the personal vault are now displayed before records from other vaults.
TKH-746Revoking consent now invalidates all tokens for that application.
TKH-749(Ext) The browser extension no longer opens multiple, unfocused tabs in the browser.
TKH-753Accounts are now sorted on name, rather than username, by default.
TKH-761All Selenium tests now use headless chrome, replacing the obsolete PhantomJS browser.
TKH-763The OIDC jwks-endpoint now includes the use-element to improve interoperability with other OIDC RPs.
TKH-764Copying passwords is now also possible on a mobile phone.
TKH-767The starting UID for LDAP systems can now be changed.