UnboundID Identity Broker Release Notes

Added a new sanitize-log tool that can be used to remove sensitive information from server log files, including the file-based access log, the operation timing access log, the file-based error log, the file-based sync log, the file-based resync log, and the detailed HTTP operation log.

The sanitization process operates on fields that consist of name-value pairs. The field name and equal sign will always be retained, but in cases where the value may contain sensitive data, that value may either be replaced with the string "---REDACTED---", or it may be tokenized. If the tokenized value is a DN or filter, then attribute names in that DN or filter will be preserved while the values will be replaced with a string consisting of a number inside curly braces. If the tokenized value is not a DN or filter, then the entire value will be replaced with a number inside curly braces. If a string to be tokenized appears multiple times in the log, the same replacement token will be used for each occurrence of that string to make it possible to correlate occurrences of that string without revealing the actual content.

The sanitize-log tool has a default configuration that should be sufficient for many environments, allowing it to tokenize or redact sensitive information while preserving non-sensitive content for use in diagnosing problems or understanding usage patterns. However, this behavior can be customized using command-line arguments by indicating whether to preserve, tokenize, or redact a given log field. Issue:DS-10472

Update the collect-support-data tool so that it can encrypt the data that is captured to protect it from unauthorized third parties. The encryption key is generated from a passphrase which may be read from a file, interactively provided by the user, or dynamically generated by the tool. This passphrase must be provided to support personnel (ideally over a different communication channel than the encrypted support data archive itself) for them to be able to access the information it contains.

There is also a new option to decrypt an encrypted collect-support-data archive when provided with the encryption passphrase. Issue:DS-10129

Update the collect-support-data tool so that it is possible to configure default values for most arguments in the tools.properties file. Issue:DS-10178

Update the collect-support-data tool to further reduce the possibility of gathering sensitive information. Potentially sensitive data will be replaced with ---REDACTED--- in the output. A new "--securityLevel maximum" option can also be specified that redacts DNs and search filters, which might include personally identifiable information. Issue:DS-10115

Update the default behavior of all file-based loggers to have include-thread-id=true. This will include a compact thread ID in all log messages. This can make it easier to correlate log messages generated by the same thread within a single log file or across different types of log files. Issue:DS-9352

Add an allow-insecure-local-jmx-access option to the global config that will expose JMX data via insecure local JVM connection Issue:DS-4300

The UnboundID Identity Broker is the first of a new class of components for consumer and subscriber identity management architectures.

As a stand-alone server, it provides authorization decisions for client applications, provisioning systems, API gateways, and analytical tools in any architecture involving personal, account, or sensitive identity data.

Working together with the UnboundID Identity Data Store and Identity Proxy, the Identity Broker is designed to make high-volume and high-speed authorization decisions based on ever-changing consumer profile and consent data. Functionally, the Identity Broker is both the Policy Decision Point and the OAuth2 provider for externalized authorization. Performance-wise, the Identity Broker can support the request volumes driven by the complex, real-time interactions necessary to support today's consumer-facing mobile, social, and cloud ecosystems.

The Identity Broker stores a single access token for each combination of owner and application. If a subsequent access token request is made using the same criteria (owner, application, scopes, and refresh token), then the Identity Broker will return the existing access token. In some rare cases, this may lead to a short-lived token being returned. Issue:DS-8466

When an access token is granted as a result of using the OAuth 2 implicit grant type, and the list of granted scopes is not identical to the list of scopes requested by the client, then the Identity Broker does not append the list of actual scopes to the redirect URI. Issue:DS-8740

After the Identity Broker Admin Roles belonging to an entry in the User Store are modified, existing access tokens corresponding to the same owner will continue to grant the original authorities. Administrators may need to manually revoke existing access tokens in such cases. Issue:DS-8497

The Broker Console application may display UI widgets related to restricted features to users without the ROLE_BROKER_ADMIN Identity Broker Admin Role. Note that users nevertheless cannot create, read, update, or delete Policy Store objects without the appropriate roles. Issue:DS-8372

Privacy Preferences CSR workflow always displays revoke consent buttons, even for support users that don't have ROLE_DELETE_OTHER_CONSENT. Issue:DS-8296

Running update for an online server in a Solaris machine with a very large heap size can lead to update failures. Please use offline update in this particular situation. Issue:DS-8537

Identity Broker will not function properly with respect to admin access if an Identity Data Store acting as a unified policy and consent store does not have a base entry with the following ACI attribute: aci: (targetattr!="userPassword")(version 3.0; acl "Allow anonymous read access for anyone"; allow (read,search,compare) userdn="ldap:///anyone";) aci: (targetattr="*")(version 3.0; acl "Allow users to update their own entries"; allow (write) userdn="ldap:///self";) Issue:DS-8676

Fix a bug where under certain error conditions the start server scripts could prompt user to overwrite existing file. Issue:DS-7268

Update the JMX connection handler to infer an appropriate Java type (e.g. Boolean, Long, Float, Date, or String) for JMX attributes from the underlying LDAP attribute type and value. The legacy behavior to return all JMX attributes as String values can be set if desired through the advanced global configuration property 'jmx-value-behavior'. Issue:DS-7635

Add the --noPropertiesFile option to the status command so that it does not fail when the option is provided to collect-support-data. Issue:DS-8390

Update setup to add a masters/peers trust-all argument so that the deployer must explicitly indicate that they trust the master/peer as well as any other masters/peers that are accessed during setup. In addition, if this argument is not specified a prompting trust store manager will be used instead of the previous behavior of using a trust-all manager all the time. If setup is in non-interactive mode and neither the trust-all argument nor the JKS trust store has been specified, and setup is accessing the master/peer over SSL or StartTLS setup will fail. Issue:DS-8381

The uninstaller now requires explicit confirmation before it will remove files from outside the server's root directory. Also, options for performing an LDAP connection from the tool have been deprecated. Issue:DS-8426

Fix an issue where dsconfig could apply changes to multiple servers in a failure situation even though it claimed that no changes were applied. Issue:DS-8677

Fix a bug in the JDBC Access Logger that could cause incompatibility with some database versions and display a "Cannot commit when autoCommit is enabled" error message. Issue:DS-8750