Skip to end of metadata
Go to start of metadata
Please visit our website for the latest information and links: http://www.picketlink.org
PicketLink team recommends using v2.5.1.Final instead of v.2.5.0.Final due to resolution of security issue identified in https://issues.jboss.org/browse/PLINK-258

[Announcement] PicketLink v2.5.1.Final has been released

It gives us pleasure to announce that PicketLink v2.5.0.Final and v2.5.1.Final have been released in quick succession. Once v2.5.0.Final artifacts were released into the maven repository, the team needed to do final checks on the documentation. While this was happening, a security issue was identified which prompted a fix with release v2.5.1.Final. We recommend the community to use PicketLink v2.5.1.Final.



PicketLink Team welcomes community feedback and questions.
PicketLink v2.1.8.Final is the last community release in the v2.1 cycle. We encourage users to upgrade to v2.5.1.Final since it has bug fixes and is compatible with v2.1.8.Final.

History of PicketLink

An overview of PicketLink is at http://docs.jboss.org/picketlink/2/latest/reference/html/ch01.html#d5e15

PicketLink v1.0 release included IDM and Federation.

PicketLink v2.0 release only included Federation. (IDM did not have a v2.0 release)

PicketLink Federation, IDM and Seam Security were merged into the common PicketLink project to yield v2.5.x

 
Shane Bryzak has a brief description at http://in.relation.to/Bloggers/PicketLink250Beta3ReleaseAndVersionChange

PicketLink v2.5.1.Final

Primarily contains a fix for a security issue that was identified right after v2.5.0.Final was released. Credit goes to Marek Posolda for reporting the issue on 3 Sep 2013. (https://issues.jboss.org/browse/PLINK-258)

License

Apache Style License v2.0

JIRA

https://issues.jboss.org/browse/PLINK

Documentation

PicketLink v2.5.1 documentation link is at http://docs.jboss.org/picketlink/2/2.5.1.Final/

Latest PicketLink documentation is at http://docs.jboss.org/picketlink/2/latest/

Quickstarts

https://github.com/picketlink/picketlink-quickstarts

This is a git submodule of the JBoss Developer Framework (JDF) Quickstarts at

https://github.com/jboss-jdf/jboss-as-quickstart

Additionally, please refer to the use of PicketLink with TicketMonster demo application:

https://docs.jboss.org/author/display/PLINK/TicketMonster

Maven Dependencies (How to use?)

http://docs.jboss.org/picketlink/2/latest/reference/html_single/#d5e54

Acknowledgements

The following individuals are graciously acknowledged for their contributions in discussions, requirements, code and feedback.

  • Dr. Mark Little
  • Andrig Miller
  • Rodney Russ
  • Anil Saldhana
  • Pedro Igor Silva
  • Shane Bryzak
  • Pete Muir
  • Stefan Guilhen
  • Peter Skopek
  • Bill Burke
  • Jason Greene
  • David M Lloyd
  • Darran Lofthouse
  • Stuart Douglas
  • Boleslaw Dawidowicz
  • Marek Poselda
  • Stian Thorgersen
  • Thomas Heute
  • Jay Balunas
  • Bruno Olivera
  • Douglas Campos
  • Jason Porter
  • George Gastaldi
  • Kevin Conner
  • Eric Wittmann
  • Kurt Stam
  • Kenny Peeples
  • Derek Horton
  • Tom Fonteyne
  • Sande Gilda
  • Rafael Benevides
  • Ondra Lukas
  • Fernando Ribeiro
  • Anil Arora
  • Marius Bagoevici
  • John Doyle
  • Deepali Khushraj
  • Burr Sutter

Releases Timeline (Until Now)

2.5.1.Final:  5 Sep 2013

2.5.0.Final  : 29 Aug 2013

2.5.0.CR2:   20 Aug 2013

2.5.0.CR1:   14 Aug 2013

2.5.0.Beta7: 9 Aug 2013

2.5.0.Beta6: 25 July 2013

2.5.0.Beta5: 27 June 2013

2.5.0.Beta4  10 June 2013

2.5.0.Beta3: 20 May 2013

2.5.0.Beta2: 25 April 2013

2.5.0.Beta1: 22 March 2013

What’s coming next?

  • social and oauth2 toolkit modules part of PicketLink need some cleanup,quickstarts, testing and documentation. So they are not part of this release cycle.
  • PicketLink subsystem for WildFly AS and console plugin for wildfly/EAP is scheduled for September 15, 2013

Release Notes - PicketLink - Version PLINK_2.5.1.Final

** Bug

* [PLINK-258] - PasswordCredentialEncoder.generateSalt() always generate same value

** Feature Request

* [PLINK-244] - Query returning always empty for custom entities

* [PLINK-260] - IdentityManager.retrieveCredentials and retrieveCurrentCredential is not working

* [PLINK-261] - @SupportsCredentials must also specify the CredentialStorage for a handler

* [PLINK-262] - PasswordCredentialHandler must support custom secure random providers

Release Notes - PicketLink - Version PLINK_2.5.0.Final

Includes versions:

PLINK_2.5.0.Final, PLINK_3.0.0.alpha1, PLINK_3.0.0.beta1, PLINK_2.5.0.CR1, PLINK_3.0.0.beta2, PLINK_2.5.0.beta3, PLINK_2.5.0.beta4, PLINK_2.5.0.Beta5, PLINK_2.5.0.Beta6, PLINK_2.5.0.Beta7, PLINK_2.5.0.CR2,

** Sub-task

  * [ PLINK-108 ] Unit test for SHASaltedPasswordStorage             

** Feature Request

  * [ PLINK-83 ] PicketLink IDM XML Configuration parser             

  * [ PLINK-84 ] identity.login() repeated a successful login should throw an exception             

  * [ PLINK-85 ] JPA Based Permission Query             

  * [ PLINK-87 ] Typo in RoleHandler.validate and missing checks for duplications in LDAPIdentityStore             

  * [ PLINK-93 ] Add HTTP basic authentication support via Servlet Filters             

  * [ PLINK-94 ] Add HTTP digest authentication support via Servlet Filters             

  * [ PLINK-106 ] Provide an easy way to override the default password encoder and register custom CredentialHandler implementations             

  * [ PLINK-109 ] Improvements to the Identity Manager Configuration             

  * [ PLINK-111 ] Remove redundant org.picketlink.idm.credential.X509Cert class             

  * [ PLINK-112 ] Refactor IdentityStoreConfiguration.getCredentialHandlersConfig() to not require the CredentialHandler class             

  * [ PLINK-113 ] Users should be able to use a IdentityManager for any of the configured realms.             

  * [ PLINK-115 ] SP SAML Handler to put IDP Assertion Into Http Session             

  * [ PLINK-117 ] The API documentation should aggregate the javadocs for the modules             

  * [ PLINK-118 ] Update documentation with the File and LDAP stores configuration             

  * [ PLINK-120 ] Login logic is not considering when the user is disabled/locked             

  * [ PLINK-121 ] Throw a specific exception when the user tries to authenticate twice using the same credentials             

  * [ PLINK-123 ] Digest authentication has stopped to work on demos             

  * [ PLINK-124 ] Add credential storage retrieval methods to IdentityManager             

  * [ PLINK-127 ] CredentialHandler implementations should check if the Agent is disabled             

  * [ PLINK-128 ] Refactor the Configuration API to provide a Fluent API using the build pattern             

  * [ PLINK-130 ] Support for custom identity types             

  * [ PLINK-142 ] Provide more examples about how to mix identity stores             

  * [ PLINK-148 ] Support SessionIndex when issuing assertions and logout requests             

  * [ PLINK-151 ] Example fails with picketlink-schema only             

  * [ PLINK-152 ] JAXP Factories may need to use the CL of the class in TCCL             

  * [ PLINK-159 ] SAML2AuthenticationHandler should be able to create multivalued attibute statement             

  * [ PLINK-164 ] Facebook Authenticator             

  * [ PLINK-170 ] Twitter Authenticator             

  * [ PLINK-171 ] Add a hasRole method to the Identity interface             

  * [ PLINK-175 ] Support two factor authentication with Time-based One-Time Passwords             

  * [ PLINK-176 ] HTTP digest authentication returning 401 with valid users             

  * [ PLINK-179 ] FORM Authentication Mechanism             

  * [ PLINK-180 ] BCrypt password encoding             

  * [ PLINK-185 ] Application bootstrap failing during IdentityStore creation             

  * [ PLINK-189 ] Support runtime partitions             

  * [ PLINK-196 ] Add HTTP CLIENT-CERT authentication support             

  * [ PLINK-197 ] Large lists with nested lists (all containing serializable objects) can not be stored on setAttribute(...)             

  * [ PLINK-200 ] PBKDF2 Password Encoding             

  * [ PLINK-204 ] Basic/Digest authentication is not properly validating credentials             

  * [ PLINK-222 ] IdentityConfigurationBuilder.named always create new builder even if builder with same name already exists             

  * [ PLINK-227 ] SAML 2.0 Subject EncryptedKey should contain KeyInfo             

  * [ PLINK-239 ] Create PicketLink Quickstarts repository and use it to reference the quickstarts from JDF             

  * [ PLINK-240 ] SampleModel can't properly find Custom entities             

  * [ PLINK-245 ] SP AuthnRequest should add authncontextclassref that should be configurable             

  * [ PLINK-249 ] SAML Handler Locking should be configurable             

  * [ PLINK-250 ] Introduce timer in IDP to reload configuration             

  * [ PLINK-251 ] Introduce timer in SP to reload configuration             

** Bug

  * [ PLINK-77 ] Calling removeUser(user) on a IdentityManager instance removes all the users             

  * [ PLINK-88 ] IDM 3 doesn't work with OpenDS 2.0             

  * [ PLINK-101 ] Attribute values should be serialized for storage             

  * [ PLINK-102 ] Remove the org.picketlink.idm.jpa.annotations.PropertyType.RELATIONSHIP_IDENTITY_ID enum             

  * [ PLINK-104 ] Login not working in EclipseLink             

  * [ PLINK-107 ] SHASaltedPasswordStorage is not properly retrieving stored hashes             

  * [ PLINK-116 ] Change scope for JBoss Logging dependency in picketlink-common module to provided             

  * [ PLINK-119 ] DefaultIdentity is considering the User.id when comparing with the DefaultLoginCredentials.userId             

  * [ PLINK-131 ] Signed logout request does not contain the "Destination" attribute             

  * [ PLINK-132 ] PicketLink based SP's need to support different login and logout URLs             

  * [ PLINK-136 ] The IDM subsystem is always initialized even when a custom Authenticator is provided             

  * [ PLINK-137 ] Change the scope for CDI dependencies in picketlink-api and picketlink-impl to provided             

  * [ PLINK-143 ] SAML2 Attribute Value should support nested elements             

  * [ PLINK-144 ] PicketLink STS should not choke on WS-Policy 1.5 Tags             

  * [ PLINK-145 ] SAML2Handler also puts assertion from incoming request in the response             

  * [ PLINK-147 ] The PicketLink IDP behaves strangely if the index.jsp is changed to an index.html             

  * [ PLINK-149 ] JPA identity store schema class annotated with @Relationship not found during configuration             

  * [ PLINK-150 ] AuthnRequest Protocol Binding             

  * [ PLINK-156 ] Add picketlink-common library to distribution             

  * [ PLINK-163 ] SAML20TokenProvider:KeyIdentifier generated using '#' which fails against SAP Server             

  * [ PLINK-157 ] CORS preflight request should not be blocked by Basic or Digest auth             

  * [ PLINK-160 ] Picketlink forwards to /hosted for resources without auth-constraints             

  * [ PLINK-166 ] SAML2LogoutHandler throws NPE in the absence of Success status code at SP             

  * [ PLINK-172 ] IdmAuthenticator is failing for credentials that don't required the userId             

  * [ PLINK-173 ] IdmAuthenticator is not supporting custom credentials             

  * [ PLINK-174 ] Configuration Builder for Identity Stores is not reading the credential handlers             

  * [ PLINK-177 ] The IdentityManagerFactory must be serializable to allow @SessionScoped injection points             

  * [ PLINK-183 ] Digest authentication can be bypassed             

  * [ PLINK-192 ] DefaultStoreFactory.createIdentityStore() probably shouldn't be caching the identity stores             

  * [ PLINK-193 ] LDAPPlainTextPasswordCredentialHandler is not setting the validated agent             

  * [ PLINK-195 ] ClassCastException when authenticating an Agent             

  * [ PLINK-205 ] characterEncoding parameter not used in for Post Requests in ServiceProviderAuthenticator              

  * [ PLINK-223 ] Can query relationship by formal attribute             

  * [ PLINK-226 ] OpenLDAP is complaining about spaces in the member attribute             

  * [ PLINK-229 ] IDP hangs when redirecting to the SP using HTTP-Redirect Binding             

  * [ PLINK-230 ] Support SSL Client Authentication with a fallback to the configured authentication method             

  * [ PLINK-231 ] AbstractIDPValve class doesn't clean Response before POST correctly             

  * [ PLINK-232 ] JDBC Token and Revocation Registry             

  * [ PLINK-233 ] SP should read/recognize the SingleLogoutLocation ResponseLocation attribute in the metadata             

  * [ PLINK-234 ] Optional Attribute in Validation Calls to PicketLink STS             

  * [ PLINK-235 ]  Invalid Logout Responses from SAML2LogoutHandler             

  * [ PLINK-253 ] Quickstarts: Add Maven compiler properties and remove Maven plugin from the the quickstart POM files             

** Task

  * [ PLINK-82 ] Create PicketLink Common Module             

  * [ PLINK-86 ] License headers to ASLv2             

  * [ PLINK-90 ] Ensure messages are using JBoss Logging             

  * [ PLINK-91 ] Move the Credentials related classed from the IMPL to the API module             

  * [ PLINK-92 ] Container Bindings Project             

  * [ PLINK-98 ] Move IdentityStoreConfiguration implementations to API              

  * [ PLINK-100 ] IllegalArgumentException should be thrown for illegal arguments             

  * [ PLINK-103 ] Provide a way to create a DefaultIdentityManager without the class being in the API package.             

  * [ PLINK-105 ] DefaultCache should be moved from API to IMPL             

  * [ PLINK-122 ] Provide test cases for the base module             

  * [ PLINK-125 ] Umbrella task for 2.5.0.Beta3 documentation issues             

  * [ PLINK-129 ] Import the container bindings modules from PicketLink v2             

  * [ PLINK-133 ] Use getAgent() instead of getUser() throughout authentication API             

  * [ PLINK-134 ] Reintroduce permission resolver API into base module             

  * [ PLINK-138 ] Change project version from 3.0.0 to 2.5.0             

  * [ PLINK-139 ] Provide test cases for the base module             

  * [ PLINK-141 ] Custom Identity Stores configuration and examples             

  * [ PLINK-153 ] Rename SCIM module to REST

  * [ PLINK-165 ] Migrate OverLord Commons PicketLink code SAMLBearerTokenLoginModule

  * [ PLINK-181 ] Javadoc on classes and public methods             

  * [ PLINK-194 ] Base class for credential handlers and template method             

  * [ PLINK-198 ] Workspace for Fuse/Camel and Fuse/AMQ Integration             

  * [ PLINK-203 ] Migrate OpenID Code from picketlink-social project             

  * [ PLINK-242 ] Rename org.picketlink.idm.model.sample package to org.picketlink.idm.model.basic      

** Enhancement

  * [ PLINK-89 ] [IDM] - Supporting Groups with the same name but different parents.             

  * [ PLINK-99 ] In Java EE environment scan for IdentityStoreConfiguration beans to automatically build IdentityConfiguration

  * [ PLINK-126 ] Introduce individual annotations for JPA schema entities and properties

  * [ PLINK-135 ] Add type parameters to CredentialHandler  

  * [ PLINK-161 ] PicketLink STS should use the picketlink.xml file to load the configurations.

  * [ PLINK-162 ] WSTrust parsing should consider RequestedUnattachedReference             

  * [ PLINK-169 ] Change the parameter name used to configure the realm name in the AuthenticationFilter to realmName             

  * [ PLINK-182 ] IdmAuthenticator is not supporting partitions             

  * [ PLINK-187 ] Update TOTP tokens without requiring password update             

  * [ PLINK-188 ] Support different devices and multiple TOTP tokens             

  * [ PLINK-220 ] Expose Identity atributes as a read-only map             

  * [ PLINK-237 ] TOTPCredentialHandler should check all devices             

  * [ PLINK-241 ] IdentityManagerProducer must support multiple IdentityConfiguration when building the IDM config  

  * [ PLINK-252 ] Support user-defined locations for the configuration file

PicketLink Installer

You can use the PicketLink Installer to configure a JBoss EAP 6.1+ with PicketLink.

The installer is a simple Apache Ant script that makes all necessary configurations to your JBoss AS installation, including:

  • Updates the PicketLink module with the latest libraries
  • Installs the PicketLink AS7 Extension/Subsystem
  • Installs the PicketLink AS7 Console
  • Configures the PicketLink Quickstarts

Pre-requisites

Running the Installer

After downloading the installer extract it and inside the picketlink-installer-2.5.1.Final execute the follow command:

Now you should be prompted for the full path of your JBoss Application Server installation.

And it is done !

Please, do not forget to create an user using the add-user.sh script provided by the JBoss Application Server. Otherwise you will not access the PicketLink Console.

Labels:
picketlink picketlink Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.