v2.33.0

2.33.0 (2023-08-18)

Highlights

• OTP (SMS and Email) - We added support for One-Time Password sent through SMS and Email. You can now use OTP as 2FA in the login UI if enabled in the Login Policy.
• Alpha: Resource API
  • U2F Support - We added U2F / WebAuthN as second factor in the session API. While passkey / WebAuthN as multifactor was already supported, we cleaned up the implementation. You can now specify the UserVerificationRequirement in the WebAuthN challenge, which will result in either an additional second factor or a direct multifactor check. Please check the newest API for the (breaking) changes.
  • TOTP Support - The session API now also supports Time-based One-Time Password checks. OTP through SMS and Email will be supported shortly as well.
  • LDAP IDP - We introduced support for external Providers in the User Service, which are OAuth 2.0 and OIDC 1.0 based a while ago. This release now also allows you to add and link users as federated users from your LDAP.
• Custom SAML Attributes - With the new Action Flow Complement SAMLResponse we give you the long-awaited possibility to add additional attributes like roles/groups and more to the SAMLResponse. Please check out our action example.
• We want to especially thank our external contributors for this release: First of all @doncicuto for not less than 5 PRs!, but also @skeletorXVI and @ahmednfwela. Thanks for fixing bugs, adding features, and improving our product!

Bug Fixes

• add Date header to email headers RFC822 (#6302) (4123ab7)
• add spans in auth requests (#6368) (6672dcd)
• add texts after template reset (#6237) (d937ee3)
• always update the timestamp in trigger (#6326) (3c7b603)
• avatar missing on login after going back (#6238) (85423b7)
• check if session is reused on reauthentication (#6322) (57857b8)
• console: filter already selected user in authorization (#6168) (b383892)
• footerText has no effect (#6297) (6ca789a)
• go back to user selection from other user (#6255) (dfd469c)
• handle metadata from post authentication on auto creation (#6389) (d029b82)
• Improve and sync checkSSL functions for CockroachDB and PostgreSQL (#6271) (c5c7735)
• login: mfa prompt styles (#6366) (d83681a)
• make: add buf command to core_grpc_dependencies (#6319) (cc4499e)
• OTP SMS texts (#6387) (a99f499)
• provide tokens in azuread idp session (#6334) (8dc1fd0)
• trigger session by id in verifySessionToken (#6325) (11b5a73)

Features

• add ldap external idp to login api (#5938) (52f68f8)
• add saml custom attribute action and translations (#6341) (26b28ed)
• api/v2: implement TOTP session check (#6362) (0017542)
• api/v2: implement U2F session check (#6339) (86af67d)
• api: add organisation service (#6340) (372755b)
• console: add otp sms and otp email as factor (#6343) (a262595), closes #6127
• get multiple users by id (#6210) (133789f)
• login: add OTP (email and sms) (#6353) (7c494fd)
• SMS and email OTP texts (#6281) (343a942)