LemonLDAP::NG 2.17 is out!

This is a new release for 2.0 major version including fixes improvements and new features.

⚠ Please follow upgrade notes if you upgrade from a previous version!

🔐 Security

2 security issues have been fixed:

Improvement of logout flow with several connected CAS applications

The administrator can now choose the key size before generating the certificatie for SAML signing and encryption.

Implementation of urn:oasis:names:tc:SAML:profiles:subject-id:req in SAML federations

Better management of keys rotations

RS256 is now the default ID Token signature algorithm

Improve compatibility for native applications

Possibility to externalize configuration (like what was done for SAML)

Front-Channel and Back-Channel logout

Better accountability of 2FA devices

Cassandra can now be used to store configurations and sessions

A filter can be configured to match groups, which give the possibility to have different groups object classes in the directory

Icons of the menu can now be Font Awesome icons instead of images.

The full application menu can be requested by a REST webservice to be displayed in another portal

New endpoint for Login History

Improve Radius support for 2FA and authentication

The full changelog can be found here.

Use the official repositories (Debian/RPM), our Docker image or get the archives.

A lot of people and organizations have contributed to this version, thanks to them!

Core team: Maxime Besson, David Coutadeur, Xavier Guimard, Christophe Maudoux and Clément Oudot
Organizations : Gendarmerie Nationale, Worteks, Linagora, SITIV, e-collectivites, Orange, INRAE, Adoma, CNAM
Community (issues opening, tests, patches, pull requests) : Tung Tran, Xavier Bachelot, Alexandre KARIM, David Manso, Emmanuel Decoux, Far Fade, Jérémie Lesage, Soisik Froger, Walter Bender, Philippe Lhardy, Matt Marjanovic, Romain Leclerc, Boris Cerati

If you use LemonLDAP::NG and enjoy it, please let us know: