With great excitement, we announce the release of Topicus KeyHub 45: a major step towards our full IGA suite. This release contains many smaller and larger improvements that directly benefit our end users, such as completely redesigned pages for managing linked systems, new workflows for removing groups, easily accessible UUIDs and many more. We've published a first version of our SDK for Java. As always, we've also included a number of minor improvements and fixes.
TKH-1642 We are working on a feature to remove multiple groups in a single request. This feature will be delivered in the next version of Topicus KeyHub. In this release, we already include the new pages for requesting and processing these requests. These new pages not only show more details on the requests, but also allow the person handling the request to review the changes being made.
Removing a group
TKH-840 Within Topicus KeyHub, all major entities have an identifying UUID property. You can use these UUIDs in automated integrations and scripts. These UUIDs were previously only displayed on edit pages, making it difficult to access them from the user interface. We now show the UUID of an object directly next to its name, with a link to copy it to the clipboard. This makes it much easier to work with these important identifiers.
A group with its UUID
TKH-3409 The pages for linked systems were rebuilt from the ground up. A single page now shows the relevant details of the system, the groups, service accounts, namespaces, webhooks and synchronisations. You can filter and search groups and service accounts directly on this page.
The details of a linked Active Directory
In addition to this redesign, many more improvements were made to our IGA subsystems:
TKH-3371 Scripts for custom attributes and account attributes can now use user defined account attributes.
TKH-3386 It is now possible to select account attributes for custom attributes on OAuth 2 and SAML 2 application.
TKH-3440 The user identifier is tracked much more precisely now on provisioned systems.
TKH-3519 Logging for provisioning was made more consistent and now includes durations and results for all calls.
TKH-3520 A new option was added to group on system provisioning: Disabled. This does not keep accounts of members active. This option is automatically selected for dynamic groups on Entra ID.
TKH-3522 The performance of the dashboard was increased substantially for accounts that are the owner of many group on systems. As part of this change, group on systems now have a UUID to identify them within Topicus KeyHub.
TKH-3528 TKH-3575 TKH-3576 TKH-3577 TKH-3578 The performance of the provisioning logging dashboards has been improved dramatically. A special database index was added, the count of the number of logs was dropped and the retention period of the logs was reduced to 7 days.
TKH-3532 The configuration of SCIM provisioning is now much more flexible. Many features and so-called quirks can be enabled or disabled, depending on the way the SCIM provider to integrate with works.
TKH-3536 When using source directory provisioning, the displayed login name for that linked system could be incorrect.
TKH-3517 The connector service for identity sources now also works correctly in clustered deployments.
TKH-1379 We've released our first version of a Java SDK. This SDK is available on Maven Central and GitHub: https://github.com/topicuskeyhub/sdk-java. Our Jenkins plugin is already updated to use this new SDK.
The Java SDK on GitHub
The following improvements and bug fixes, both large and small, were made:
TKH-3140 The Terraform provider now supports creating launchpad tiles for vault records and SSO applications.
TKH-3338 The secrets returned from and accepted by the API for service accounts and client applications were split in two parts: a read-only and a write-only part. This makes it easier to work with these secrets from Terraform.
TKH-3417 Backup encryption is now enabled by default on new installations. During the installation, a bundle is provided with all generated keys and passwords.
TKH-3450 It is now possible to suggest an end date when requesting a group membership. The approving manager can still adjust this end date when needed.
TKH-3500 The browser extension now no longer shows the Topicus KeyHub icon in TOTP input fields when the field is split into 6 single-digit fields.
TKH-3503 The configuration of the syslog-ng container was updated to the latest version.
TKH-3510 It is no longer possible to share a vault record with an end date in the past.
TKH-3511 The OS upgrade could not be started in an online deployment when not on the stable release channel.
TKH-3515 The application server was upgraded to WildFly 38.
TKH-3518 The API for vault records was fixed to return up-to-date vault record metadata after a PUT.
TKH-3521 Information about password generation was added to the manual.
TKH-3523 We've dropped the outdated DHE based ciphers from our TLS 1.2 configuration: DHE-RSA-AES128-GCM-SHA256 and DHE-RSA-AES256-GCM-SHA384. Please make sure your infrastructure no longer depends on these ciphers before upgrading.
TKH-3525 Syslog forwarding with TLS now works correctly with SELinux in enforcing mode.
TKH-3526 Statistics gathering could fail on larger databases due to a timeout.
TKH-3530 Validation of launchpad tile properties in the backend was improved substantially.
TKH-3535 Changing the helpdesk on an account directory would result in an audit record mentioning the incorrect group.
TKH-3547 The shared memory size for PostgreSQL was increased to give it more room when executing complex queries.
TKH-3585 Several missing screenshots in the manual were fixed.
TKH-3586 The docker storage driver was explicitly set to overlay2 to prevent issues with the new Overlay FS driver.