1.5.2

  • Fixed an issue where new accounts were not activated using invitation and reset password links. OM-116558

  • Remove unnecessary API calls to Moebius in NGS SSO integration.

  • Allow system administrators to call Profiles.set_info on disabled users.

  • Fixed an issue where groups were parsed incorrectly if an id token contained an empty group list. OM-118099

  • Fixed an issue where system claims that come from the IdP were added to Nucleus tokens. OM-117801

  • Remove access logs for static files. OM-89577

1.5.1

  • Update @babel/traverse library to address CVE-2023-45133. OMFP-3748

  • Fixed incorrect Profiles.set_info version in generated files.

  • Fixed an issue when user could authenticate with API tokens when their account is disabled. OM-113278

  • Fixed an issue where empty OpenID claims were used for parsing userinfo.

  • Fixed an issue where OpenID usernames were not sanitized with SERVICE_USERNAME_SANITIZING setting. OMFP-3929

  • Block changing profile info for system accounts.

  • Fixed an issue where system administrators could not reset password for internal users. OMFP-3977

  • Fixed using hardcoded jwks_uri in SSA integration.

  • Use ID tokens to read profile info for OpenID Connect integration.

1.5.0

  • Support structured logging. OM-95906

  • Add a new function for invalidating refresh tokens by system administrators. OM-86735

  • Fixed an issue where refresh tokens were not invalidated after disabling user profiles. OM-86734

  • Support OpenID Connect for SSO. OM-56114

  • Nucleus to NLS Integration. OM-70616

  • Add MASTER_USER, MASTER_PASSWORD, and ADMIN_PASSWORD_OVERWRITE environment variables. OM-92595

  • Fixed an issue where query params were not included in the destination field for SAML2 requests. OM-92395

  • Integrate Starfleet Service Accounts. OM-94506

  • Device flow support. OM-94323

  • Fixed an issue where declined authentication results were sent via nonce subscription. OM-96578

  • Added groups from IDP tokens into the generated Nucleus token. Two new optional env vars were introduced to support this: SERVICE_AUTHORIZATION_FILE and OPENID_CLAIM_GROUPS OM-96932

  • Include detailed debug information displayed with authentication errors. OM-99060

  • Support verifying incoming connections with the access_token query parameter. OM-94502

  • Add optional client_id parameter for all APIs that generate access and refresh tokens.

  • Include claims passed from the IdP into Nucleus JWTs. OM-103902

  • Remove an API for user registration. OM-109150

  • Fixed an issue where token generation for invitations and reset password links could work incorrectly due to the information missing in the specified JWT. OMFP-2808

  • Add all profile fields to JWT during SSO authentication. OMFP-2808

  • Log usernames when service returns EXPIRED status for refresh and API tokens.

1.4.10

  • Update Python 3.10 to use OpenSSL 3.0.10.

1.4.9

  • Updated base Docker images to come from the approved repository

1.4.8

  • Update CI/CD pipeline to fix Pulse and nSpect scans

1.4.7

  • Support putting http(s) and omniverse URLs to the server form. OM-81294

  • Hide text overflow and wrapping in the login form. OM-83144

1.4.6

  • Helm chart re-factored for ease of development, CI pipeline for Helm chart updated

  • Use API tokens for resetting user passwords. OM-70694

1.4.5

  • Pulse scans enabled

  • Updated icons used in the web UI

  • Display service version during the startup and register it in the discovery service

  • Automating nspect scans

  • Bumping lxml (pip) version to 4.9.1 to fix vulnerability

  • Support GFN SSO

  • Enable database vacuuming

  • Updated the idl.py package version to 0.16

  • Updated the websockets package version to 10.3

1.4.4

  • Updated dependencies to fix security vulnerabilities

  • Support NGC as an Authentication Provider

  • New property interactive in SSOSettings

1.4.3

  • [OM-49707] Allow passing API tokens to credential authentication

  • Fixed potential database spoofing for detecting registered accounts via Credentials.reset method

  • Updated idl.py to 0.13 to fix various issues with incorrect connection shutdowns

1.4.2

  • [OM-48861] Fixed an issue with incorrect validation of canonical-name response

  • Updated the idl.py package to the idl.py@0.10+master version due to memory leak issue

1.4.1

  • Updated discovery libraries to fix potential connection leaks for discovered interfaces

  • Use the email claim to populate user profiles via SAML

  • Use URI-decoding for SSO params sent to the authentication form

1.4.0

  • [OM-28229] Support API tokens

  • Helm

    • Fix Ingress class name

    • Added proxy-buffering annotations

  • Updated idl.py to support configuring WS_MAX_HTTP_LINE

  • Fixed an error occurred when clients sent refresh tokens signed with the private key that is no longer valid

1.3.2

  • [OM-42945] Optimize deleting expired refresh tokens

  • [OM-42533] Nucleus Cloud instance does not auto create the user folder as expected, better sanitize user name

1.3.1

  • Fix helm-tools scripts

1.3.0

  • [OM-38926] Support read-only users

  • Integrated package dependencies tracking through PACKAGE-DEPS.yaml

  • Fixed an issue where service couldn’t write its logs to a file

  • Introduced STATIC_MAX_HEADER_SIZE environment variable that allows to change the maximum header size for the static server

  • Support loading X509 certificate from IDPSSODescriptor instead of Signature for SAML metadata XML files

  • [OM-38922] Support CREDENTIAL_ACCOUNT_HARDENING env. var to restrict Credentials.register call and automatic user registration through Credentials.auth

  • [OM-35207] Disable “create account” link in the auth form in case CREDENTIAL_ACCOUNT_HARDENING is enabled

  • Support nonce argument to let clients subscribe to authentication results

  • [OM-42105]: updating auth service with newer discovery JS client and newer idl.py to implement healthchecks

1.2.0

  • Support user store to save and retrieve user data

  • Support Starfleet as an authentication source

  • Updated idl.py package version to idl.py@0.7

  • Updated omniverse.discovery.client.py package version to omniverse.discovery.client.py@1.4+main

  • Updated discovery libraries to use parallel connections for speeding up the routing

  • Fixed an issue where unicode usernames were allowed for new profiles made by system administrators

  • Fixed issues with displaying Unicode in the web UI

1.1.0

  • Support secure transport and path-based routing

  • Deprecated @omniverse/web-components library

  • Fixed text alignment on Linux for buttons displayed in the authentication form

  • Changed SAML implementation to read usernames from subject

  • Support specifying NameID format for SAML authentication

  • Authentication status page now detects errors when sending results back to the application that initiates the authentication

  • Fixed vulnerability that allowed to download any file from the deployed container

1.0.6

  • Internal build infrastructure changes

  • Linux fix for the client library

1.0.5

  • Use idl.cpp 0.14 for C/C++ libraries

1.0.4

  • Allow configuring used ports via System Monitor

  • Allow using dots and dashes to register internal accounts

1.0.3

  • Use Artifactory for PIP and NPM

  • Updated omni_config_py library to store data files in a new Omniverse location

1.0.2

  • Updated idl.cpp to 0.13

  • Added PIP and NPM licenses to Docker images

  • Fixed security vulnerabilities in JavaScript packages

  • Removed UAC for Windows

1.0.1

  • Allowed to update system accounts.

1.0.0

  • Introduced the authentication service. The service implements different types of authentication like LDAP, SSO, plain credentials and etc. and provides JSON Web Token (JWT) that can be used in other services to authenticate a user.