We're proud to present Topicus KeyHub 42, which includes improved account attribute management, a new version of the browser extension and completely redesigned pages for managing clients and applications. As always, we also included a great number of smaller improvements and fixes.
TKH-3336 As announced in the previous release notes, with Topicus KeyHub 42 the database was upgraded to PostgreSQL version 17. If you are still running Topicus KeyHub 35 or earlier, you will not be able to upgrade to version 42 in one step. For assistance on how to upgrade your deployment, please contact us via your usual support channel.
TKH-3380 Changes have been made to the Applications - Create new applications permission for OAuth2 clients. In previous versions, this permission was global. A client with this permission could create applications for all groups.
Starting version 42 this permission is scoped to a specific group. A client can only create new applications administered by this specified group. Clients previously assigned the permission will have the scope set to their technical administrator group. This occurs during the database migration.
If the OAuth2 client expects to be able to create applications outside of their technical administrator group, new permissions must be assigned after the upgrade.
TKH-2769 Provisioning on SCIM now supports customization of almost all properties.
TKH-2829 Access profiles can now be moved to another organizational unit, together with the owning group.
TKH-2860 It is now possible to remove access profiles.
TKH-3285 Moving groups between organizational units now correctly takes access profiles and their connections into account.
TKH-3342 Account attribute definitions can now be multi-valued.
TKH-3343 It is now possible to define custom account attribute definitions.
TKH-3349 The performance of the full synchronization of linked systems has been improved substantially.
TKH-3370 Provisioning on LDAP/AD now supports customization of almost all attributes.
TKH-3379 Account attribute definitions can be marked as being unique across all accounts.
TKH-3388 When using source directory provisioning, KeyHub will never try to write rotating passwords to the directory, even if Accounts writable is enabled.
Custom attribute defintions on Active Directory
TKH-3299 The browser extension no longer logs messages in the browser console for all pages opened.
TKH-3351 Input fields marked with autocomplete="username" are now recognized as user name fields with high certainty.
TKH-3357 Searching for vault records in the browser extension now works identically to the main application. Multiple terms are matched independently and don't have to be next to each other.
TKH-3376 The browser extension now handles failures to refresh the server version much more resiliently.
TKH-3218 The pages to manage OAuth2, SAMLv2 and LDAP applications were redesigned from the ground up. The pages under the different tabs were all merged into a single page, showing all relevant information at once.
TKH-3396 OAuth2 clients without a configured secret no longer display the option to save a secret in the vault.
An OAuth 2.0 Client
The following larger and smaller improvements and bug fixes were made:
TKH-2585 Support dumps now also contain anonymous statistics about usage of the application, such as row counts and data distributions of database tables.
TKH-2993 Reasons and comments added to requests no longer have limits on their lengths.
TKH-3278 Our tests were switched to an OpenLDAP docker container that is updated regularly.
TKH-3280 The RESTfull API now uses LinkableWrapperWithCount where applicable.
TKH-3287 It is now possible to attach a custom HTTP header when using OTLP for metrics delivery.
TKH-3328 Handling of simultaneous audits for a single group has been improved.
TKH-3352 Instructions were added to the manual for setting up source directory provisioning using Entra Connect Sync.
TKH-3353 The failsafe when trying to fetch audit records could hide problems in tests. This failsafe is now disabled when running under test.
TKH-3354 The section about group details in the manual was improved.
TKH-3368 Searching launchpad tiles now works as other search fields throughout the application.
TKH-3374 Some minor errors in the manual were fixed.
TKH-3377 An error was fixed that could cause a constraint violation when removing groups with many owned groups on systems.
TKH-3378 An error was fixed that could cause periodic database cleanup to fail.
TKH-3384 Deployment of new VMs on AWS was fixed.
TKH-3385 The sandbox that runs attribute scripts was upgraded to isolated-vm 6.
TKH-3387 Tests were added for Terraform provisioning for the adjusted create client permissions.
TKH-3389 When changing the name of a dashboard folder, the page was not refreshed properly, causing the folder to appear empty.
TKH-3391 A section was added to the manual that explains the algorithm for password recovery.
TKH-3393 An OAuth2 client registration was added for our new mobile app that's currently under development.
TKH-3403 Deleting a group on system would result in an error in some cases.
Here you can find the complete manual to the latest version of Topicus KeyHub.