Security enhancement and Topicus KeyHub

We are pleased to announce the 8th release of Topicus KeyHub. This release brings several new features and many bugfixes, security enhancements and improvements. It is highly recommended to update your KeyHub deployment.

Rotating passwords for provisioning

It is now possible to use rotating passwords for your provisioned accounts. KeyHub will automatically update all your passwords once a day. This protects your accounts against a compromised password. KeyHub itself is protected by 2FA, but many linked systems are not. This means an attacker cannot access your KeyHub account when your password gets compromised, and your accounts on linked systems are also secure, due to the usage of a strong random password. You can find this setting under 'Configure password management' in your profile.

Registration wizard

New users are now taken through a step-by-step registration wizard to configure their account. This wizard contains three steps: choose your password, setup two-factor authentication and request groups. This greatly reduces the effort required to setup your new account.


Testing directories

It was already possible to test provisioned systems, such as OpenLDAP or Active Directory connections. It is now also possible to test your directory configuration. This allows you to test your configuration prior to activating it.


User guide

Topicus KeyHub now comes with a very complete user guide (available in Dutch only at the moment). Help-buttons throughout the application link directly to the relevant sections in this user guide. The user guide is deployed under /docs on your KeyHub host and is also available in PDF under /docs/manual.pdf.


New My Groups-page

The My Groups-page has been rewritten from scratch giving more information while taking less space. It now closely follows the design used by the Manage Groups-page.


Small improvements

The following smaller improvements and bugfixes were made:

  • Save on edit pages now goes back to the overview, making bulk editing easier.
  • OAuth2 clients can now have multiple callback URIs.
  • You can now quickly search records in your vaults.
  • A responsible disclosure can be configured under Settings, which will be linked on the login page.
  • The interaction on the dashboard layout page is made more clear, giving direct feedback on the order of groups.
  • Errors are now logged under unique IDs in a separate file error.log and information is hidden from the user.
  • Cookies are now only sent over secure connections.
  • The KeyHub Administrators group now requires a reason on activation.
  • Requests (for groups, vaults, 2fa-reset, etc.) now show the administrators responsible for handling the request.
  • The accounts table is now sortable on all but the groups column.
  • Vault records with long usernames and/or passwords are now displayed correctly.
  • The status message for the maintenance directory is much clearer now.
  • Some translation errors were fixed in German, English and Dutch.
  • Accounts now show Directory disabled when the directory is disabled.
  • Some refresh issues were fixed when creating and removing vaults.
  • Double clicking on submit buttons on popovers no longer saves twice.
  • Accounts per directory was inaccessible when the directory was disabled.
  • On very wide displays, some buttons were placed too far to the right. They now no longer float beyond the width of the content of the page.
  • A docker image to check the installation configuration was added. See the installation guide for more details.