IAM v1.8.1

The v1.8.1 release includes new Managed groups and Scope pages

By CNAF SD team | Tuesday, February 28, 2023

The IAM development team is pleased to announce the release of INDIGO IAM v.1.8.1.

This release provides bug fixes and enhancements, as can be seen in the release notes.

The major highlights are:

Add a Scopes tab to the Organization Management section of the IAM dashboard, that basically replaces the functionality of the System Scope tab on the ADMINISTRATIVE section of the MitreID dashboard (only visible by Admins);
Add a Managed groups tab to the Organization Management section of the IAM dashboard (visible by Group Managers), that allows to list the groups a user is manager of, their subgroups, their members, etc. Group Managers can also remove members from groups, but the ability to invite/add users to their managed groups will be included in future release;
The default Refresh Token lifetime is set to 30 days for every newly registered client (it does not change the lifetime of old clients). This default can be overridden from configuration, e.g. client-registration.client-defaults.default-refresh-token-validity-seconds=-1 reverts to the previous behavior where the RT does not expire;
When a user lets the Acceptable Usage Policy expire, IAM no longer issues refresh tokens and VOMS proxies;
When a IAM account has been disabled, a user can no longer login with x509 certificates and request access tokens through the refresh token flow;
IAM is more compliant with the guideline AARC-G069, i.e., groups and roles membership information can be requested with the entitlements scope and appears in the entitlements claim of the access token.

As usual, the IAM docker image can be obtained from DockerHub.

Starting from this release, the forward to the old /health endpoints used to show the service status has been removed.