v5.0.3
Bugs
The version attribute in the SCIM metadata response does not comply with the RFC. According to the RFC, the ETag attribute must be a string, not an integer.
Update System.Text.Json to version 8.0.5. The previous version used by SimpleIdServer has two high-severity vulnerabilities.
Group hierarchies and deletion are not functioning correctly.
Direct and indirect references from the removed representation are now deleted
When the realm is enabled in SCIM, filtering on representations did not work correctly.
When using the angular-oauth2-oidc library, the silent refresh is not working properly.
Reason : The expiration time of a cookie is equal to the expiration time of a token. As a result, when the identity/access token expires, the user session also expires, preventing the authorization endpoint from being used to obtain a new access token.
Solution : Now, the Client has two properties:
- UserCookieExpirationTimeInSeconds: Defines the expiration time of a cookie in seconds.
- TokenExpirationTimeInSeconds : Defines the expiration time of an access token in seconds.
Updating or deleting a resource as part of a bulk request throws an exception.
Duplicate claims in the UserClaims table when adding via Postman or the UI.
Missing SCIM endpoint /Schemas/{id}
Incorrect location for SCIM resource creation with realm enabled
Include the realm in all integration events used by the SCIM server.
The following required configuration was missing from the SimpleIdServer template:
"UserLockingOptions": {
"LockTimeInSeconds": "300",
"MaxLoginAttempts": "5"
}
Cannot pass null value in SCIM request.
When a user authenticates with their email, the cookie format was incorrect and appeared as:
.AspNetCore.Cookies.-.
As a result, authentication with an email was invalid because certain characters, such as '@', are not supported. For example:
[email protected] was not a valid format.
The new format now follows this structure:
.AspNetCore.Cookies.-.
Fix various problems present in the administration website.
Add the following configuration to the appsettings.json file of the identity server to forward the client certificate to the server
"IsClientCertificateForwarded" : "true"
Fix the Swagger endpoint of the SCIM server.
Features
Implement the SAML2.0 logout url.
When the user is authenticated and the realm is enabled in the Identity Server, display the list of active realms on the home page of the Identity Server.
This new view is accessible via the following URL https://localhost:5001.
Limit the number of active sessions a user can have. The maximum number of sessions is defined by the MaxNbActiveSessions property of IdServerHostOptions.
An authenticated user can view their active sessions via this URL: https://localhost:5001/master/Sessions.
Azure Blob Storage can be used by a SCIM server to store very large messages.
Add the following configuration to the appsettings.json file:
"MassTransitStorageConfiguration": {
"IsEnabled": true,
"Type": "AZURESTORAGE",
"ConnectionString": "https://{accountName}.blob.core.windows.net"
}
Add a build.sh script to build the entire solution.