1.4.5¶
Pulse scans enabled
Updated icons used in the web UI
Display service version during the startup and register it in the discovery service
Automating nspect scans
Bumping lxml (pip) version to 4.9.1 to fix vulnerability
Support GFN SSO
Enable database vacuuming
Updated the idl.py package version to 0.16
Updated the websockets package version to 10.3
1.4.4¶
Updated dependencies to fix security vulnerabilities
Support NGC as an Authentication Provider
New property
interactive
inSSOSettings
1.4.3¶
[OM-49707] Allow passing API tokens to credential authentication
Fixed potential database spoofing for detecting registered accounts via
Credentials.reset
methodUpdated idl.py to 0.13 to fix various issues with incorrect connection shutdowns
1.4.2¶
[OM-48861] Fixed an issue with incorrect validation of canonical-name response
Updated the idl.py package to the idl.py@0.10+master version due to memory leak issue
1.4.1¶
Updated discovery libraries to fix potential connection leaks for discovered interfaces
Use the email claim to populate user profiles via SAML
Use URI-decoding for SSO params sent to the authentication form
1.4.0¶
[OM-28229] Support API tokens
Helm
Fix Ingress class name
Added proxy-buffering annotations
Updated idl.py to support configuring WS_MAX_HTTP_LINE
Fixed an error occurred when clients sent refresh tokens signed with the private key that is no longer valid
1.3.2¶
[OM-42945] Optimize deleting expired refresh tokens
[OM-42533] Nucleus Cloud instance does not auto create the user folder as expected, better sanitize user name
1.3.1¶
Fix helm-tools scripts
1.3.0¶
[OM-38926] Support read-only users
Integrated package dependencies tracking through PACKAGE-DEPS.yaml
Fixed an issue where service couldn’t write its logs to a file
Introduced STATIC_MAX_HEADER_SIZE environment variable that allows to change the maximum header size for the static server
Support loading X509 certificate from IDPSSODescriptor instead of Signature for SAML metadata XML files
[OM-38922] Support CREDENTIAL_ACCOUNT_HARDENING env. var to restrict Credentials.register call and automatic user registration through Credentials.auth
[OM-35207] Disable “create account” link in the auth form in case CREDENTIAL_ACCOUNT_HARDENING is enabled
Support
nonce
argument to let clients subscribe to authentication results[OM-42105]: updating auth service with newer discovery JS client and newer idl.py to implement healthchecks
1.2.0¶
Support user store to save and retrieve user data
Support Starfleet as an authentication source
Updated idl.py package version to idl.py@0.7
Updated omniverse.discovery.client.py package version to omniverse.discovery.client.py@1.4+main
Updated discovery libraries to use parallel connections for speeding up the routing
Fixed an issue where unicode usernames were allowed for new profiles made by system administrators
Fixed issues with displaying Unicode in the web UI
1.1.0¶
Support secure transport and path-based routing
Deprecated @omniverse/web-components library
Fixed text alignment on Linux for buttons displayed in the authentication form
Changed SAML implementation to read usernames from subject
Support specifying NameID format for SAML authentication
Authentication status page now detects errors when sending results back to the application that initiates the authentication
Fixed vulnerability that allowed to download any file from the deployed container
1.0.6¶
Internal build infrastructure changes
Linux fix for the client library
1.0.5¶
Use idl.cpp 0.14 for C/C++ libraries
1.0.4¶
Allow configuring used ports via System Monitor
Allow using dots and dashes to register internal accounts
1.0.3¶
Use Artifactory for PIP and NPM
Updated omni_config_py library to store data files in a new Omniverse location
1.0.2¶
Updated idl.cpp to 0.13
Added PIP and NPM licenses to Docker images
Fixed security vulnerabilities in JavaScript packages
Removed UAC for Windows
1.0.1¶
Allowed to update system accounts.
1.0.0¶
Introduced the authentication service. The service implements different types of authentication like LDAP, SSO, plain credentials and etc. and provides JSON Web Token (JWT) that can be used in other services to authenticate a user.