1.16.0 Release Notes

WARNING when upgrading to v1.16.x from versions 1.10.x and earlier... Due to Open SAML library changes, min and max refresh values can no longer be "empty"/null by default in the database and must also be legal in conjunction with each other (ie min < max). The simplest upgrade path was therefore determined to be to reset these values for all entries in the database to match the default values the OpenSAML library uses of MIN = 1 minute, MAX = 4 hours.

BEFORE upgrading, please be sure to revisit your saved values and then reset as needed after your upgrade. The Shib-IDP-UI now requires that both fields have a valid, non-zero value. Please update any:

• Filesystem Metadata Resolver
• File Backed Http Metadata Resolver
• Resource Backed Metadata Resolver

by using the SHIB-IDP-UI tool itself to ensure the settings are accepted and proper.

SHIBUI-2393

New Feature Integrate Dynamic Registration feature for Shibboleth

When Shibboleth has been configured with the OIDC plugin and configured for unverified use, users have the option to define and enable a Dynamic Registration through the SHIBUI.

Dynamic Registrations can be created/edited (and go through the approval process) similarly to Metadata Sources, but when "enabled", the detail is sent to / registered with the OIDC plugin's endpoint in Shibboleth. Further manipulation of the dynamic registration through the SHIBUI is then not allowed.

See - https://shibboleth.atlassian.net/wiki/spaces/IDPPLUGINS/pages/1376879077/OPDynamicClientRegistration for further information.

For fields that can contain multiple values,

To enable the Dynamic Registration feature in SHIBUI, the following property needs to be added correctly:

shibui.shib-idp-server: [[server path to the Shibboleth IDP ala - https://idp.unicon.local/idp]]

Examples:

In application.yml:

shibui:

shib-idp-server: https://idp.unicon.local/idp

As a command line option

--shibui.shib-idp-server=https://idp.unicon.local/idp