Release Topicus KeyHub, decentralizing access management
We are pleased to announce the 11.0 release of Topicus KeyHub. In this release we started the process of further decentralizing access management. In addition to this and many other new features, this release brings several fixes and addresses some issues found in previous versions. Before upgrading, be sure to read these release notes as some additional actions may be required to ensure smooth operation of Topicus KeyHub.
Design
TKH-654
TKH-686
TKH-727
TKH-743
TKH-757
TKH-758
TKH-759
TKH-765
Based upon the results of a large UX-test among our users, the main menu and the popovers have had a major redesign. The header of the popover uses a different colour for normal interaction versus re-authentication requests. All fields now have clear labels and the different shades of grey have been removed, giving them a much clearer appearance. As we continue to interview our users, more improvements to the design will follow.
Licenses
TKH-563
Topicus KeyHub now requires a valid license. 11.0 will come with a transition license, valid until the end of 2017. Make sure you've received your license file before updating to 11.0 and update your installation before the end of the year. Starting at the beginning of 2018, Topicus KeyHub will no longer function without a valid license and will require a restart in maintenance mode to upload the license file.
Administration of applications
TKH-742
Administration of application is now performed in a decentralized way. Groups can create and administer applications without needing to contact KeyHub administrators. The upgrade to Topicus KeyHub 11.0 will automatically assign KeyHub Administrators as the technical administrator of all existing applications. The first group with access to an application will get ownership. It is important to review this conversion after upgrading and transfer ownership and/or administration when needed.
iOS app
TKH-419
TKH-728
The iOS app has been rewritten from scratch to bring it in line with the Android app. You can now use our app for multiple accounts and as a general TOTP app. Your existing data will be converted upon installation of the new version. Expect the new app to appear in the store soon.
Small improvements
The following smaller improvements and bugfixes were made:
TKH-627
Names of the KeyHub administrators are now reported to the the requester of a password or 2FA reset.TKH-639
TKH-755
Searching the audit log is now much more reliable, faster and includes all fields of an audit record.TKH-658
The web application now uses aContent-Security-Policy
header to prevent possible XSS-attacks.TKH-662
The reason for accepting or rejecting a request is now also mentioned in the e-mail.TKH-712
TKH-719
TKH-750
(Ext) Placement of the icons and popout in the browser extension has been improved considerably.TKH-729
(CLI) Error handling in many situations has been improved.TKH-731
(CLI) Write vault value no longer ignores thename
parameter.TKH-732
(CLI) Command line parameter values can now be quoted, allowing values to start with--
.TKH-733
(CLI) A newlist
command was added to query groups in KeyHub.TKH-738
(Ext) Records from the personal vault are now displayed before records from other vaults.TKH-746
Revoking consent now invalidates all tokens for that application.TKH-747
TKH-749
(Ext) The browser extension no longer opens multiple, unfocused tabs in the browser.TKH-753
Accounts are now sorted on name, rather than username, by default.TKH-761
All Selenium tests now use headless chrome, replacing the obsolete PhantomJS browser.TKH-763
The OIDC jwks-endpoint now includes the use-element to improve interoperability with other OIDC RPs.TKH-764
Copying passwords is now also possible on a mobile phone.TKH-767
The starting UID for LDAP systems can now be changed.