We're proud to present Topicus KeyHub 42, which includes improved account attribute management, a new version of the browser extension and completely redesigned pages for managing clients and applications. As always, we also included a great number of smaller improvements and fixes.
Important notices
TKH-3336 As announced in the previous release notes, with Topicus KeyHub 42 the database was upgraded to PostgreSQL version 17. If you are still running Topicus KeyHub 35 or earlier, you will not be able to upgrade to version 42 in one step. For assistance on how to upgrade your deployment, please contact us via your usual support channel.
TKH-3380 Changes have been made to the Applications - Create new applications permission for OAuth2 clients. In previous versions, this permission was global. A client with this permission could create applications for all groups.
Starting version 42 this permission is scoped to a specific group. A client can only create new applications administered by this specified group. Clients previously assigned the permission will have the scope set to their technical administrator group. This occurs during the database migration.
If the OAuth2 client expects to be able to create applications outside of their technical administrator group, new permissions must be assigned after the upgrade.
Identity Lifecycle Management and Provisioning
This release brings many improvements to attribute management for accounts, both within Topicus KeyHub and for provisioned accounts. Access profiles can attach custom attributes to accounts and many attributes on provisioned accounts can now be customized. Flexibility regarding account customization has greatly increased in all stages of lifecycle management. We've also made significant improvements to the integration of access profiles with organizational units.-
TKH-2769Provisioning on SCIM now supports customization of almost all properties. -
TKH-2829Access profiles can now be moved to another organizational unit, together with the owning group. -
TKH-2860It is now possible to remove access profiles. -
TKH-3285Moving groups between organizational units now correctly takes access profiles and their connections into account. -
TKH-3342Account attribute definitions can now be multi-valued. -
TKH-3343It is now possible to define custom account attribute definitions. -
TKH-3349The performance of the full synchronization of linked systems has been improved substantially. -
TKH-3370Provisioning on LDAP/AD now supports customization of almost all attributes. -
TKH-3379Account attribute definitions can be marked as being unique across all accounts. -
TKH-3388When using source directory provisioning, KeyHub will never try to write rotating passwords to the directory, even if Accounts writable is enabled.
Custom attribute defintions on Active Directory
Browser extension
A new version of the browser extension was released. This new version contains several significant improvements to error handling, login form detection and searching.-
TKH-3299The browser extension no longer logs messages in the browser console for all pages opened. -
TKH-3351Input fields marked with autocomplete="username" are now recognized as user name fields with high certainty. -
TKH-3357Searching for vault records in the browser extension now works identically to the main application. Multiple terms are matched independently and don't have to be next to each other. -
TKH-3376The browser extension now handles failures to refresh the server version much more resiliently.
Redesigned application adminstration pages
TKH-3218 The pages to manage OAuth2, SAMLv2 and LDAP applications were redesigned from the ground up. The pages under the different tabs were all merged into a single page, showing all relevant information at once.
-
TKH-3396OAuth2 clients without a configured secret no longer display the option to save a secret in the vault.
An OAuth 2.0 Client
Assorted improvements
The following larger and smaller improvements and bug fixes were made:
-
TKH-2585Support dumps now also contain anonymous statistics about usage of the application, such as row counts and data distributions of database tables. -
TKH-2993Reasons and comments added to requests no longer have limits on their lengths. -
TKH-3278Our tests were switched to an OpenLDAP docker container that is updated regularly. -
TKH-3280The RESTfull API now uses LinkableWrapperWithCount where applicable. -
TKH-3287It is now possible to attach a custom HTTP header when using OTLP for metrics delivery. -
TKH-3328Handling of simultaneous audits for a single group has been improved. -
TKH-3352Instructions were added to the manual for setting up source directory provisioning using Entra Connect Sync. -
TKH-3353The failsafe when trying to fetch audit records could hide problems in tests. This failsafe is now disabled when running under test. -
TKH-3354The section about group details in the manual was improved. -
TKH-3368Searching launchpad tiles now works as other search fields throughout the application. -
TKH-3374Some minor errors in the manual were fixed. -
TKH-3377An error was fixed that could cause a constraint violation when removing groups with many owned groups on systems. -
TKH-3378An error was fixed that could cause periodic database cleanup to fail. -
TKH-3384Deployment of new VMs on AWS was fixed. -
TKH-3385The sandbox that runs attribute scripts was upgraded to isolated-vm 6. -
TKH-3387Tests were added for Terraform provisioning for the adjusted create client permissions. -
TKH-3389When changing the name of a dashboard folder, the page was not refreshed properly, causing the folder to appear empty. -
TKH-3391A section was added to the manual that explains the algorithm for password recovery. -
TKH-3393An OAuth2 client registration was added for our new mobile app that's currently under development. -
TKH-3403Deleting a group on system would result in an error in some cases.
Visit the Topicus KeyHub Manual
Here you can find the complete manual to the latest version of Topicus KeyHub.
