Hi All,

On behalf of the entire UAA team I am pleased to announce the release of *UAA
3.10.0*. This release truly has been community driven effort with major
feature contributions from *SAP* and *Microsoft*.

The release highlights include

Major FeaturesExternal User Claims via UserInfo Endpoint

This feature enables User Attributes (including custom attributes) and
Group Memberships from LDAP, SAML and OpenID Connect providers to be
exposed via the UserInfo endpoint of UAA in addition to propagating them
via OpenID Connect id_token. This is an optional feature per external
identity provider and is turned on by setting the
config.storeCustomAttributes flag in the Identity Provider json. The token
must contain user_attributes and/or roles scopes for retrieving the custom
attributes and roles from the /userinfo
<http://docs.cloudfoundry.org/api/uaa/#user-info> endpoint.

- Ability to retrieve the custom user attributes from the OpenID Connect
userinfo endpoint External OIDC
<https://www.pivotaltracker.com/story/show/130477291>
- Ability to retrieve the roles from the OpenID Connect userinfo
endpoint - All Providers
<https://www.pivotaltracker.com/story/show/137497509>

Force User Password Change for UAA Internal Users

This feature allows the administrator to force all users to change their
password at next login time. This can be enforced on an individual user
basis <http://docs.cloudfoundry.org/api/uaa/#force-user-password-to-expire>.
This feature is multi-tenant and can be enabled per Identity Zone
<http://docs.cloudfoundry.org/api/uaa/index.html#force-pasword-change-for-users>
.

- Add support for User Force Password Change at next login
<https://www.pivotaltracker.com/story/show/131105231>
- Provide ability to force password change for all users in the system
<https://www.pivotaltracker.com/story/show/131113425>
- Update the Login UI to honor Force Password Change
<https://www.pivotaltracker.com/story/show/132023123>

SAML Bearer Token support

This feature enables SAML assertions to be exchanged for access tokens.
This feature has been contributed by *SAP*. The documentation can be found
here. <http://docs.cloudfoundry.org/api/uaa/#saml2-bearer-grant>

- Feature: Add saml2 bearer grant
<https://www.pivotaltracker.com/story/show/134877121>

SQL Server Support

In addition to PostGres and MySQL , UAA now supports SQL Server as a
backend. This feature has been contributed by *Microsoft*.

- Microsoft SQL Server Support as a backend
<https://www.pivotaltracker.com/story/show/136315437>

Detailed release notes are available here
<https://github.com/cloudfoundry/uaa/releases/tag/3.10.0>


Thanks,
Sree Tummidi
Staff Product Manager
Identity - Pivotal Cloud Foundry