Congrats to the team!

Will the CLI uaac (1) remain compatible?

Cyrille

(1) https://github.com/cloudfoundry/cf-uaac

On Tue, Jan 19, 2016 at 8:55 PM, Sree Tummidi <stummidi(a)pivotal.io> wrote:

Hi All,

On behalf of the entire Identity team I am pleased to announce the
release of UAA 3.0.0.
The UAA bosh release based on this version can be found here
<http://bosh.io/releases/github.com/cloudfoundry/uaa-release>

*The major highlights of this release include*

1. Code restructuring to split the client and server models.
2. UAA Client Library
<http://search.maven.org/#search%7Cga%7C1%7Ca%3A%22cloudfoundry-identity-client-lib%22>
: This is work in progress and currently includes token retrieval APIs
3. Support for deleting identity providers and identity zones
4. Support for User Account Verification


Thanks,
Sree Tummidi
Sr. Product Manager
Identity - Pivotal Cloud Foundry


*Release Notes*

UAA 3.0.0 introduces breaking changes in form of restructuring of the
code base, updating dependencies producing new module libraries.Objects
that are payload entities for rest controllers have been moved to the
cloudfoundry-identity-model module.The server side modules have been
combined into cloudfoundry-identity-server.
Overview of our modules

1. cloudfoundry-identity-model - data objects that are used as
arguments for the API controllers on the UAA
2. cloudfoundry-identity-client-lib - module to hold future client
side API libraries for administering a UAA
- Token retrieval API
<https://www.pivotaltracker.com/story/show/107504674> completed Supplement
1 <https://www.pivotaltracker.com/story/show/108960042> Supplement
2 <https://www.pivotaltracker.com/story/show/109315122>
3. cloudfoundry-identity-server - all server side code
4. cloudfoundry-identity-uaa - web application archive, WAR module
for the UAA server

List of Deleted Classes


common/src/main/java/org/cloudfoundry/identity/uaa/error/JsonAwareAccessDeniedHandler.java

common/src/main/java/org/cloudfoundry/identity/uaa/error/JsonAwareAuthenticationEntryPoint.java

common/src/main/java/org/cloudfoundry/identity/uaa/login/util/FileLocator.java

common/src/main/java/org/cloudfoundry/identity/uaa/oauth/JitClientDetailsService.java

common/src/main/java/org/cloudfoundry/identity/uaa/oauth/NoSuchTokenException.java

common/src/main/java/org/cloudfoundry/identity/uaa/oauth/UaaAuthenticationKeyGenerator.java

common/src/main/java/org/cloudfoundry/identity/uaa/oauth/UaaUserTokenConverter.java

common/src/main/java/org/cloudfoundry/identity/uaa/oauth/UserTokenConverter.java

common/src/test/java/org/cloudfoundry/identity/uaa/authentication/login/PromptEditorTests.java

common/src/test/java/org/cloudfoundry/identity/uaa/authentication/login/PromptTests.java

common/src/test/java/org/cloudfoundry/identity/uaa/error/JsonAwareAccessDeniedHandlerTests.java

common/src/test/java/org/cloudfoundry/identity/uaa/error/JsonAwareAuthenticationEntryPointTests.java

common/src/test/java/org/cloudfoundry/identity/uaa/oauth/UaaAuthenticationKeyGeneratorTests.java

common/src/test/java/org/cloudfoundry/identity/uaa/oauth/UaaUserTokenConverterTests.java

login/src/main/java/org/cloudfoundry/identity/uaa/login/AbstractControllerInfo.java

login/src/main/java/org/cloudfoundry/identity/uaa/login/AnalyticsInterceptor.java

login/src/main/java/org/cloudfoundry/identity/uaa/login/ClientInfoAuthenticationFilter.java

login/src/main/java/org/cloudfoundry/identity/uaa/login/LinkedMaskingMultiValueMap.java

login/src/main/java/org/cloudfoundry/identity/uaa/login/util/IndirectBeanCreator.java
login/src/main/java/org/cloudfoundry/identity/web/Prompt.java

login/src/test/java/org/cloudfoundry/identity/uaa/login/LinkedMaskingMultiValueMapTests.java
login/src/test/java/org/cloudfoundry/identity/web/PromptTest.java
New Features

- Deleting zones <https://www.pivotaltracker.com/story/show/108254860>
is now supported. Supplemented
<https://www.pivotaltracker.com/story/show/109998034>
- Deleting providers
<https://www.pivotaltracker.com/story/show/108254932> is now
supported.
- Provide support for user account verification
<https://www.pivotaltracker.com/story/show/109267688>: New users are
automatically verified by default. Unverified users can be created by
specifying their verified: false property in the request body of the POST
to /Users, as shown in the example below. Unverified users must then go
through the verification process. Obtaining a verification link (to send to
the user) is outlined in the section Verify User Links: GET
/Users/{id}/verify-link.
- Support client id/secret authentication from form parameters
<https://www.pivotaltracker.com/story/show/108973498>
- syslog enhancement
<https://www.pivotaltracker.com/story/show/102530470> Add in the
ability to tag each log line using a layout.
- Enhance logging for zone resolution
<https://www.pivotaltracker.com/story/show/109049884> and similar
story <https://www.pivotaltracker.com/story/show/109850620>
- New /Groups <https://www.pivotaltracker.com/story/show/109850620>
end points to manage memberships
- Expose the scim scopes (read, write, create) as cross zone scopes
similar to zones.{zoneid}.clients.admin
- The UAA will accept any hostname
<https://www.pivotaltracker.com/story/show/106892318> - Previously
the UAA would only accept requests on localhost or on hostnames
derived from the configuration option zones.internal.hostnames. This
made it a bit tricky to get started when trying to access the fresh, non
configured UAA instance by IP address or other hostname, If the
zones.internal.hostnames is configured, only those will be used as
base hostnames.
- Build is using Jacoco
<https://www.pivotaltracker.com/story/show/109313992> for coverage
reports. Cobertura development seemed to have stalled and was having issues
with Java 8
- 512M Minimum memory requirement
<https://www.pivotaltracker.com/story/show/108820738> confirmed
- Ability to supply complete Yaml configuration
<https://www.pivotaltracker.com/story/show/108500942> when deploying
standalone UAA on cloud foundry
- Provide the ability to set, retrieve & display OAuth Client Name
<https://www.pivotaltracker.com/story/show/109263424>

Bug Fixes

- Only one valid passcode at any given time
<https://www.pivotaltracker.com/story/show/108973068> - When
requesting passcodes to use for user assertion, if a new passcode is
requested on the endpoint /passcode previously issued passcodes will
be invalidated.
- /Groups <https://www.pivotaltracker.com/story/show/108991682>
endpoint no longer filters groups for the logged in user. More intuitive
results when retrieving groups. [Supplement story(
https://www.pivotaltracker.com/story/show/109107468)
- Unable to retrieve SAML user attribute values when
NameFormat="...:unspecified" Support non string attributes SAML user
attribute <https://www.pivotaltracker.com/story/show/108824610>
- Invited LDAP users
<https://www.pivotaltracker.com/story/show/108824986> get the correct
user_id if authenticating without accepting invitation.
- Invited SAML users
<https://www.pivotaltracker.com/story/show/108824630> get the correct
user_id if authenticating without accepting invitation.
- Show SAML alias
<https://www.pivotaltracker.com/story/show/109737570> on the login
page if link text is missing
- Consolidate <https://www.pivotaltracker.com/story/show/109996940>
configuration file and zone default for SAML
- Configure key passphrases
<https://www.pivotaltracker.com/story/show/109998034> - This story
only allows the configuration of the passphrase. It is not yet read by the
UAA server.
- Invalid redirect_uri leaves too few clues for troubleshooting.
<https://www.pivotaltracker.com/story/show/110416348>
- /check_token is including null authorities list in response
<https://www.pivotaltracker.com/story/show/111103226>
- CORS configuration format has changed to support both XHR and non
XHR requests. <https://www.pivotaltracker.com/story/show/110165702>

—
View it on GitHub
<https://github.com/cloudfoundry/uaa/releases/tag/3.0.0>.

--
Cyrille Le Clerc
email & gtalk : cleclerc(a)cloudbees.com / mob: +33-6.61.33.69.86 / skype:
cyrille.leclerc
CloudBees, Inc
www.cloudbees.com