We are proud to announce the 16th major release of Topicus KeyHub. This release brings a major feature to all our users: a launchpad, for quick access to applications used by your company. Other important and often requested features are: encrypted backups and the ability for group managers to remove groups. As usual, a number of smaller improvements have been made and several issues have been fixed.
The launchpad
TKH-1344
Topicus KeyHub 16.0 features a whole new launchpad. This launchpad allows you to quickly navigate to applications used by your company. Tiles are shared through group memberships. A tile can be added manually, but it is also possible to make Single Sign-on applications and vault records available as a tile on the launchpad simply by checking a checkbox.
Encrypted backups
TKH-1198
Backups of Topicus KeyHub contain sensitive information, such as keys for certificates, secrets for applications and of course the contents of the vaults. Even though most of this information is stored encrypted, a backup of Topicus KeyHub requires additional protection. It is now possible to securely encrypt the entire backup using a PGP-key. The public key, used for encryption, is kept on the appliance and the private key, needed for decryption, can be stored in a secure, offline location. Without this private key, a backup will be completely useless to an attacker.
Removing groups
TKH-839
Removing groups from Topicus KeyHub has always been a difficult task, but not anymore. A manager of a group can now request the removal of that group, including all content and linked items. An overview of the content is displayed to the manager for review. If actions are required before a group can be removed, this is now clearly indicated.
Small improvements
The following smaller improvements and bug fixes were made:
TKH-1201
It is now possible to filter groups on the auditor dashboard by clicking on the donuts.TKH-1329
An error was fixed that could abort the installation when uploading the vault recovery key.TKH-1330
The SAML logout flow no longer gives an error when the subject format is not 'Primary identifier'.TKH-1335
Checksums for all downloads are now available.TKH-1338
A bug was fixed where an error during testing a linked system was not handled correctly.TKH-1339
An error was fixed when a user tried to create multiple groups on a linked system with the same name.TKH-1346
Errors during login are now correctly handled and reported back to the user, fixing an endless redirect loop.TKH-1352
It is no longer possible to claim ownership of groups on linked systems by creating a second linked system with a different prefix.TKH-1353
Notifications about expired vault records are now displayed to all members of a group, not just the managers.TKH-1354
Inactive accounts are no longer counted as member of a group on the auditor dashboard.TKH-1355
Refresh tokens are now protected against replay attacks.TKH-1357
TKH-1370
Testcase coverage was increased substantially throughout the codebase. Our total coverage is now at 93%.TKH-1358
It is no longer possible to create empty vault records via the CLI.TKH-1359
Support was added to the CLI to remove vault records.TKH-1361
More formats are now supported when using encrypted private keys.TKH-1363
Administration of applications and linked systems can now only be transferred to groups that have this enabled.TKH-1364
Notifications for expired certificates for directories were not always displayed correctly.TKH-1366
A bug was fixed that prevented a manager to grant an application access to a vault. Topicus KeyHub would continue to ask for the user's password.TKH-1372
The application server was upgraded to WildFly 19.TKH-1374
It is now possible to share a vault record with a personal vault that is still empty.TKH-1377
When creating a new group as KeyHub administrator, it is now possible to enable technical administration without having to send a request.