We are pleased to announce Topicus KeyHub 13.2. This release continues our effort on auditing and group management. As usual, a number of smaller improvements have been made and several issues have been fixed. Before upgrading to 13.2 be sure to read the following important notice.
Important notice: Upgrade to PostgreSQL 11
TKH-1077 When we started Topicus KeyHub, PostgreSQL 9.5 was the latest stable version. As of today, PostgreSQL 11 has been available for quite some time and our virtual appliance provided use with a smooth upgrade path to this new version. If you run our appliance the upgrade will be fully automated. For our customers running our Docker containers we strongly recommend to migrate to our virtual appliance. Please contact us if you need assistance with this.
If you choose to continue to run our Docker containers, you will need to migrate the database manually. The easiest way to do this is:
- Export the database
- Drop the volume and container
- Recreate the volume and start the new container
- Import the database
If you do not migrate your database, it will fail to start and Topicus KeyHub will become unavailable.
Auditing and managing groups
TKH-491 A long-standing wish has finally been fulfilled: it is now possible to set an end date to a group membership. This can be set directly when accepting a new member of a group or set later on existing members. In addition, a new member can be made manager right away.
TKH-1049 ISO 27001 certification requires you perform periodic audits on your authorization. This process can now be initiated from Topicus KeyHub. When configured, Topicus KeyHub will instruct the managers of a group to perform an audit on set months.
In addition to the notable changes above, we made the following smaller improvements to groups and auditing:
TKH-1100A manager of a group is now alerted when he or she is the last manager of a group.TKH-1106TKH-1109Various tweaks to the user interface were made to improve the user experience.TKH-1119Testcase coverage was improved considerably for audits.TKH-1135Removing the auditor group will now revert the flag to KeyHub Administrators.
Topicus KeyHub virtual appliance
We spend a lot of effort in polishing the installation experience of the virtual appliance. The following improvements were made:
TKH-1073A backup now also contains the configured cron jobs.TKH-1076Testcases were added for backup and recovery, simulating various success and failure scenarios.TKH-1082You can now use self-signed certificates during the installation and generate them with a single click on a button.TKH-1090Docker was upgraded to 18.09.TKH-1121Broken third-party CentOS rpm repositories could cause the installation to fail. These repositories are now optional.TKH-1122Topicus KeyHub will now refuse to start the installation wizard when the virtual machine does not have enough memory.TKH-1123The installation wizard now detects Azure deployments and fine-tunes the experience.TKH-1130On slow systems, the installer could run out of time and/or display conflicting information. This is now fixed.
Small improvements
The following smaller improvements and bug fixes were made:
TKH-916CORS support for OIDC and OAuth2 was added, allowing Javascript clients to fully use OIDC and the OAuth2 code flow.TKH-1095Different certificates can now be configured for the primary and failover hostsTKH-1101The thread pools in wildfly are now split in 3 groups, greatly reducing the risk for DOS attacks.TKH-1120TKH-1132TKH-1133Testcase coverage was greatly enhanced in the following areas: UID sequences, declined requests and duplicate requests.TKH-1124We now use reproducible docker images for WildFly as parents for the Topicus KeyHub images.TKH-1125When using source directory provisioning, it is now possible to provision outside the configured base DN of the corresponding directory.TKH-1126The Topicus KeyHub docker images no longer have an active admin use for WildFly management.TKH-1127The obsolete install checker images has been removed.TKH-1129Testing a linked LDAP no longer gives an error.
