We are pleased to announce Topicus KeyHub 13.1. This release brings an entirely new provisioning scheme, which allows dynamic provisioning of groups on existing accounts. The work on compliance management, started in 13.0, has been continued. It is now possible to review previously performed audits. Also we greatly streamlined the installation experience, removing many of the bottlenecks we identified in 13.0. As usual, a number of smaller improvements have been made and many issues have been fixed.
TKH-1054 A new type of provisioning was added with which users can dynamically enable and disable groups in their source directory. This allows for very easy transition from an existing static situation to a situation where Topicus KeyHub manages access. For example, when VPN access is allowed to members of a group in your Active Directory, Topicus KeyHub can now dynamically add and remove members to/from this group.
TKH-1070 UIDs (POSIX user ids) are now assigned from reusable number sequences. This makes it possible to use the same UID across multiple LDAP instances and servers. Using the same UIDs prevents problems with permissions when transferring files or when replacing LDAP instances.
Furthermore, the following smaller improvements where made to account provisioning:
TKH-1096Fetch certificate from server now also works for Active Directory.
TKH-1098A bug was fixed that would make it impossible to choose some groups on a provisioned system.
TKH-1102The user's e-mail address is now added to the accounts on LDAP and Active Directory. On OpenLDAP this requires het
inetOrgPersonschema, otherwise provisioning will fail.
TKH-1114A textual change was made to the group selection popout to differentiate between groups in Topicus KeyHub and groups on the provisioned system.
TKH-1115Saving a provisioned system with configuration errors no longer results in a system error.
TKH-1075 Audits performed on a group can now be reviewed by other managers of the group. A concise view is given with the number of confirmations, modifications and removals per audit. The audit can also be opened for a more detailed view. When performing an audit, disabled or invalid accounts are crossed out.
Topicus KeyHub virtual appliance
UX testing of the installation wizard of the virtual appliance has given us great insight into the bottlenecks experienced by our users. Careful reordering and optimization has reduced the number of configuration steps from 5 to 3. Common errors with certificates are now much easier to recognize and fix and e-mail configuration has been removed from the initial configuration entirely. The result is a much smoother installation experience in which users are much less likely to get stuck.
The following improvements and bug fixes were made to the appliance:
TKH-1081OS updates are now installed during packaging of the ova.
TKH-1083E-mail configuration now supports SMTPS and TLS.
TKH-1084E-mail configuration is now deferred until after the installation.
TKH-1085The transfer of the session to the new URL can now be performed manually, giving more insight in possible problems.
TKH-1086Certificates signed with SHA1 are now rejected immediately.
TKH-1087A range of basic validity checks is now performed directly when uploading certificates rather than at configuration time.
TKH-1088The user interface now clearly shows the contents of the certificates used.
TKH-1089It is now possible to skip creation of a backup before applying new configuration settings.
TKH-1091A script for manual upgrades has been added.
TKH-1092The installation wizard now correctly tracks progress after creating the initial user.
TKH-1093The vault recovery keys are now generated and downloaded when starting Topicus KeyHub for the first time.
TKH-1103The user is forced to the right pages during installation, making it impossible to break out of the installer.
TKH-1105Restoring a backup directly at install no longer gives an error on some backups.
TKH-1108A file leak that would cause the appliance manager to crash after 3 weeks was fixed.
TKH-1117The fail-safe recovery could cause the system to get into an invalid state when a new kernel was installed.
TKH-1116 A new version of the browser extension (3.3.0) was released together with Topicus KeyHub 13.1. This new version adds keyboard shortcuts and the possibility to navigate the records using the keyboard. Press
Ctrl-Shift-F to trigger the 'Fill with Topicus KeyHub' option on a username or password field. Use the
Down arrows to navigate the items and press
Enter to select. When on a username or password field you can also use
Ctrl-Shift-X to immediately fill your username and rotating password.
The following smaller improvements and bug fixes were made:
TKH-1079A bug was fixed that could cause KeyHub to incorrectly report that a request was already processed.
TKH-1080The application server has been upgraded to WildFly 15
TKH-1094Requests for new groups made by a KeyHub Administrator are now automatically accepted.
TKH-1097The options for selecting a certificate have been improved.
TKH-1110It is no longer possible to guess usernames by interpreting hints shown on the login page.
TKH-1118The Java runtime has been upgraded to OpenJDK 11.