The following describes our support policy and abbreviated release notes per version.
We provide backporting of security patches for the previous major release for a 6 month period. Therefore, if you are operating on version
1.x.x, we will continue to release security updates after version
2.0 is released for a period of 6 months.
It is expected you will keep AuthStack up-to-date to ensure it remains secure, as we adapt to the changing web ecosystem.
A valid licence subscription is required to obtain updates.
- Further UI tweaks and corrections
- Fixed issue with report graph colouring
- Fixed issue with pagination on Connections listing
- Updated the X.509 certificate manager to support certs with empty data in certain fields
- Minor UI fixes when editing multiple Service Providers and Attribute Mappings
- Added additional functionality on the apps listing to show which profile is logged in to which application. Supports multiple logged in users
- Added quick links to buy Yubikeys from Amazon under MFA settings
Further update for iOS support and QR barcodes.
Base32 encoding function changed, remove padding from secrets generated for OTP. Backward compatibly update for iOS
Minor fix for IE in frontend JS bundle
Added IdP-initiated Single Sign-On POST binding options. The Service Provider page was updated to reflect the option to mark a service provider as "IdP initiated SSO", along with a relaystate URL
General bug fixes
- Fixed a bug where attribute mapping editing would incorrectly render, indicating that attributes that were in an unticked state, when they were not
- Fixed the same bug at the edit connection screen
Added Service Provider visibility option. It controls how Service Providers are displayed at application listing page (
Visibility can be:
- Public - visible to everyone
- Authenticated - visible to authenticated users.
- Authorized - visible to authorized users. Authorization is performed by inspecting defined attributes of the current active profile.
Therefore it's now possible to limit which apps are shown (public, any logged in users, or those users belonging to a certain group). Even though the apps themselves would limit access based on permissions it's often desirable to avoid showing all integrated applications.
base64 handlebars helper for attribute mappings page.
Minor UI fixes related to authstack administration (Application and Exception log pages).
driver-ldap to version
1.3.0. This version allows for changing which attribute is being used as
username during SSO login.
driver-ldap to version
1.2.12. This version of the driver adds additional filtering options when creating LDAP filters.
AuthStack Version 2.0 brings a major core upgrade as we move from Lumen to Laravel framework. This is a seamless upgrade path which will not require major changes to our clients white labelling or deployment strategy.
This release adds integration with MFAStack, bringing support for MFA during the login process. This is available to both users and administrators, adding an additional layer of security. MFAStack supports both OTP and U2F, with Yubikey hardware and all major OTP software supported.
We're very excited to announce the first version of AuthStack, which is available for public release, after 2 years of continuous development and internal usage. This release reflects the accumulation of years of experience managing SSO platforms, both from an IdP and SP perspective. AuthStack provides an Enterprise grade IdP which supports SAML and provides extensive configuration options with regards to User Authentication sources and mapping of attributes. AuthStack will continue to be developed, with the first major update to bring MFA support from integration with MFAStack, our Multi-Factor Authentication server.