The release notes summarizes important information you should be aware
of before installing or upgrading Ubilogin SAML SP for Java.
- Java Platform, either
- Standard Edition Runtime Environment Version 8 (Java SE 8)
- or Standard Edition Runtime Environment Version 7 (Java SE 7)
- or Standard Edition Runtime Environment Version 6 (Java SE 6)
- Java Servlet 3.1 or 3.0 compliant application server
- System time synchronized with the time of the IDP
- Ubilogin SSO Server 6.x or 7.x
- If IDP uses stronger encryption schemes, such as AES-256, you need to install the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files. Ubilogin SSO Server does not require this.
When using IBM Java:
- Unrestricted JCE policy is required and is available from IBM. The error "identity.properties: invalid keystore" is shown to system.out if this unrestricted JCE policy
- Identity generation with the command line command
"java -jar ubisaml2.jar generate" is not supported with IBM Java.
Use Oracle Java for this step.
- Java 8 is now supported
- Java 5 is no longer supported
- Fixed IAM-217: Xalan library deployment in application server causes receiving SOAP message (LogoutRequest/Response and AttributeQuery response) to fail with StackOverflowError
- New: Feature to disable schema validation of SAML messages
- New: Ubisecure SSO UI template can be selected when doing Authentication Request using AuthnRequest.setTemplate()
- Fixed: VirtualHostManager.getUbiloginServiceProvider() now returns correct instance
- Fixed: SOAP logout handling
- Fixed: Session logout initiated erroneously after application server restart
- Fixed: Null pointer exception during Attribute Query
- New: Support for virtual hosting
- New: Simplified deployment on Java SE 6 by removing unnecessary dependencies.
- New: For J2SE 5.0 install additional dependencies from ubisp-java5-libs.zip
- Fixed: IPv6 address range support for netmask
- Changed: NotOnOrAfter setting
- Fixed: Logout handling when using IBM Java
- Fixed: AuthnRequest.setLocale()
- New: AuthnRequest.getExtensions() Add extensions to SAML AuthnRequest
- Fixed: AuthnContextDeclRef was not set
- Changed: Default encryption scheme does not require Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files.
- Requires Ubilogin SSO 5.0 or newer.
- New: Liberty SAML 2.0 interoperability fixes
- New: Support for more than one IDP via DiscoveryEventListener
- New: SAML 2.0 SOAP logout
- New: SAML 2.0 Artifact binding
- New: SAML 2.0 NameIDMapping protocol
- Fixed: IBM Java 1.6.0 compatibility
- Fixed: Problem with Servlet 2.3 DTDs
- returnurl-pattern setting added to ServiceProviderServlet
- api changes: AuthnStatement and IssueInstant properties added to UbiloginSAMLAssertion
- changed: not-pattern now specifies the urls with anonymous access allowed
- api changes: UbiloginServiceProvider, ServiceProviderEvent, AuthnRequest
- fixed: interop issues with http-redirect binding
- fixed: encoding issues with certain unicode characters
- fixed: any event listener may cancel event processing by committing the servlet response
- changed: allow 60 seconds tolerance while validating NotBefore/NotOnOrAfter timestamps
- fixed: issues when application was deployed to root context
- fixed: possible concurrency issue with ISO8601 formatter