After two and a half years of development Topicus KeyHub has reached version 10! This new release packs many new features unique in the field of IAM. Topicus KeyHub 10 focuses on integration with other systems and tooling and addresses several issues found in previous releases. It is recommended to update your Topicus KeyHub deployment.
TKH-510
TKH-633
Webhook support probably is the most exciting new feature in this release. Any event that is recorded in the audit log can now be pushed to other systems as well. Possibilities are endless. Think of replicating your audit log on a remote system, showing alerts on monitoring systems or even reconfiguring your VPN on demand when activating groups. As part of this feature, all objects in Topicus KeyHub now have a UUID to identify them globally.
TKH-526
It is now possible to store TOTP secrets in the vault and share 2FA securely. Topicus KeyHub automatically calculates the 6 digit authentication code, valid only for 30 seconds, when accessing the record. As the secret is safely stored in Topicus KeyHub and cannot be retrieved, this is a very effective way of adding additional protection to your logins. When a user is removed from a group, he or she will be unable to login even when he or she stored the username and password. You cannot store the TOTP code, because it is only valid for 30 seconds.
TKH-630
TKH-632
A brand new command line interface (CLI) is introduced in Topicus KeyHub 10. This first release of the CLI allows reading, manipulating and adding records in a vault. Enroll a new VM with a randomly generated password and store it in a vault or let a script authenticate to a server using a password stored in a vault. This is all possible with the CLI. Expect many more new features here in upcoming releases.
TKH-648
Special support for G Suite (formerly known as Google Apps for work) and Microsoft Azure AD was added to the OIDC directories. This not only greatly simplifies configuration but also lets you restrict accounts to a certain domain.
The following smaller improvements and bugfixes were made:
TKH-595
The bookmarks are now correctly updated after adding or removing a vault.TKH-634
Removed all references to the old project name Heimdall.TKH-638
TKH-642
Fixed 2 errors with registering on an OIDC directory.TKH-640
Improved handling of requests on blocked resources.TKH-641
The error page is now stateless, reducing the risk of DOS.TKH-643
Fixed some layout issue on mobile devices.TKH-644
Fixed an error with adding multiple groups with the same name to a linked system.TKH-645
Unlocking the vault now checks the password before prompting for 2FA.TKH-646
Fixed the checks when issuing requests which could cause requests to be incorrectly seen as duplicates.TKH-650
Fixed several layout issues in the vault when using long file names.TKH-651
Fixed an error with signing out on some SSO endpoints.TKH-656
Always reauthenticate when changing 2FA settings.TKH-657
The KeyHub console now refuses to render in an iframe.TKH-659
Usernames are now hidden to other users when not needed.TKH-660
Fixed handling of requests on unused SSO endpoints.TKH-661
SSH public key support is now optional for LDAP systems.TKH-665
2FA is now protected against brute force attacks.