Topicus KeyHub 13.2

We are pleased to announce Topicus KeyHub 13.2. This release continues our effort on auditing and group management. As usual, a number of smaller improvements have been made and several issues have been fixed. Before upgrading to 13.2 be sure to read the following important notice.

Important notice: Upgrade to PostgreSQL 11

TKH-1077 When we started Topicus KeyHub, PostgreSQL 9.5 was the latest stable version. As of today, PostgreSQL 11 has been available for quite some time and our virtual appliance provided use with a smooth upgrade path to this new version. If you run our appliance the upgrade will be fully automated. For our customers running our Docker containers we strongly recommend to migrate to our virtual appliance. Please contact us if you need assistance with this.

If you choose to continue to run our Docker containers, you will need to migrate the database manually. The easiest way to do this is:

  1. Export the database
  2. Drop the volume and container
  3. Recreate the volume and start the new container
  4. Import the database

If you do not migrate your database, it will fail to start and Topicus KeyHub will become unavailable.

Auditing and managing groups

TKH-491 A long-standing wish has finally been fulfilled: it is now possible to set an end date to a group membership. This can be set directly when accepting a new member of a group or set later on existing members. In addition, a new member can be made manager right away.

TKH-1049 ISO 27001 certification requires you perform periodic audits on your authorization. This process can now be initiated from Topicus KeyHub. When configured, Topicus KeyHub will instruct the managers of a group to perform an audit on set months.

In addition to the notable changes above, we made the following smaller improvements to groups and auditing:

  • TKH-1100 A manager of a group is now alerted when he or she is the last manager of a group.
  • TKH-1106 TKH-1109 Various tweaks to the user interface were made to improve the user experience.
  • TKH-1119 Testcase coverage was improved considerably for audits.
  • TKH-1135 Removing the auditor group will now revert the flag to KeyHub Administrators.

Topicus KeyHub virtual appliance

We spend a lot of effort in polishing the installation experience of the virtual appliance. The following improvements were made:

  • TKH-1073 A backup now also contains the configured cron jobs.
  • TKH-1076 Testcases were added for backup and recovery, simulating various success and failure scenarios.
  • TKH-1082 You can now use self-signed certificates during the installation and generate them with a single click on a button.
  • TKH-1090 Docker was upgraded to 18.09.
  • TKH-1121 Broken third-party CentOS rpm repositories could cause the installation to fail. These repositories are now optional.
  • TKH-1122 Topicus KeyHub will now refuse to start the installation wizard when the virtual machine does not have enough memory.
  • TKH-1123 The installation wizard now detects Azure deployments and fine-tunes the experience.
  • TKH-1130 On slow systems, the installer could run out of time and/or display conflicting information. This is now fixed.

Small improvements

The following smaller improvements and bug fixes were made:

  • TKH-916 CORS support for OIDC and OAuth2 was added, allowing Javascript clients to fully use OIDC and the OAuth2 code flow.
  • TKH-1095 Different certificates can now be configured for the primary and failover hosts
  • TKH-1101 The thread pools in wildfly are now split in 3 groups, greatly reducing the risk for DOS attacks.
  • TKH-1120 TKH-1132 TKH-1133 Testcase coverage was greatly enhanced in the following areas: UID sequences, declined requests and duplicate requests.
  • TKH-1124 We now use reproducible docker images for WildFly as parents for the Topicus KeyHub images.
  • TKH-1125 When using source directory provisioning, it is now possible to provision outside the configured base DN of the corresponding directory.
  • TKH-1126 The Topicus KeyHub docker images no longer have an active admin use for WildFly management.
  • TKH-1127 The obsolete install checker images has been removed.
  • TKH-1129 Testing a linked LDAP no longer gives an error.