Release Notes

ID-FF 1.1 Java Toolkit 1.2

The purpose of this release is to fix several minor bugs which have been reported over the past few months. In addition, this release introduces several important new features which mature deployments of SourceID.Java will find useful.

Change Log

  • License updated to the SourceID OSL 2.1.
  • ServletUtils: Fixed a problem in the debug logging output in which if there was no Servlet Session, an exception may have been thrown.
  • XMLUtils: Added a synchronization block around a DateFormat parse routine. Previously, under very heavy load, an occasional exception would be thrown during assertion generation due to this block not been thread-safe.
  • For the IDP role, added a new plug-in called the Session Validity Checker. This is useful for environments in which the user's overall site session is not managed by the J2EE Servlet context, but instead by some other context (such as an EIM system). By building a class which implements org.sourceid.sso.handlers.SessionValidityChecker, SourceID's Authenticator servlet will inquire with the SessionValidityChecker whether or not the current user's session is still valid, before continuing to wite an Assertion. A test class is provided (which always returns true).
  • Role (whether IDP or SP) can be dynamic, default is application-wide (configuration set), but can be over-ridden on a per-user-session or per-request basis.
  • Debug log output for each request provides more detail.
  • Authenticator, when accessed, can change the user's session to SP role rather than IDP (see new configuration option: idp-auto-switch-role).
  • Authentication Requester servlet has better cookie-detection logic for browsers with cookies disabled.
  • Logout: At the IDP, if a logout request is received for an invalid pseudonym, a graceful error code is returned to the SP. Previously, an exception would be thrown.
  • Random Name Identifier generator has been re-written to allow for a wider random bitspace (less chance of a clash).
  • SOAP client used throughout system is now SourceID-only code, no dependency on Apache Axis.
  • During initial federation of an account, extra logic included to make sure the random-generated pseudonym isn't already taken.

Setup / Installation

Installation and deployment of this beta release is no different than for previous releases of SourceID.Java. To upgrade an existing installation, simply deploy the changed "sourceid-sso.jar" file into the WEB-APP/lib directory. In addition, to take advantage of the new configuration options, simply cut-and-paste the sample configuration data from the provided sourceid-sso.xml file, into your own deployed instance of the same file.

Known Defects

This is a beta release and has no known defects at the time of publishing. Some defects are expected to exist, and will be fixed in a follow-on final release of SourceID.Java 1.2, expected to be delivered before end of calendar year 2004.

Additional Notes

No additional notes needed.

Copyright

Ping Identity Corporation
1400 16th St. Suite 220
Denver, CO 80202
U.S.A.
Phone: 303.468.2900
FAX: 303.468.2909
E-Mail: info@pingidentity.com

Copyright (C) Ping Identity Corporation, 2004
All Rights Reserved

This document is provided for information purposes only, and the information herein is subject to change without notice. Ping Identity Corporation does nor provide any warranties covering and specifically disclaims any liability in connection with this document.

All other company and product names mentioned are used for identification purposes only and may be trademarks of their respective owners.