Releases: uc-cdis/fence
Releases · uc-cdis/fence
2.7.3
Special case for NIH login in login.bionimbus - log users in with persistent-id not eppn
4.9.1
Release Notes
For: uc-cdis/fence
Notes since tag: 4.9.0
Notes to tag/commit: 4.9.1
Generated: 2019-10-23
Improvements
- Fence oauth2/token endpoint now returns a JSON response in case of expired
or blacklisted refresh token (#723) - Update API Docs to include more details about requesting scopes in an API
Key request (#721)
Bug Fixes
- Fix LOGIN_OPTIONS/ENABLED_IDENTITY_PROVIDERS fence-config backwards
compatibility (#724)
New Features
dbGaP c999 Handling
Release Notes
For: uc-cdis/fence
Notes since tag: 4.8.0
Notes to tag/commit: eccddc1
Generated: 2019-10-22
New Features
- dbGaP sync supports handling "Common Exchange Area" user access via the
c999consent group now (#702) - new configuration to turn on "granting Common Exchange Area user access via
thec999consent group" feature (#702)
Breaking Changes
c999is no longer converted to justphsidwhen parsing consent codes
(which causes issues when switching the configuration on/off in terms of
data access). Now, when consent code parsing is on, usersync handlesc999
by providing access to all consents explicitly (including itself,
.c999, to represent the study-specific exchange area) (#702)
Deployment Changes
- Fence does NOT handle
c999the same as before. If using dbgap sync w/
consent code parsing and indexd records have acls with justphsidto
represent objects someone w/c999should be able to see, you will need to
ensure that the records also have the phsid.consent_code as well or users
will lose access (#702) - Fence has a new configuration to support more dbGaP syncing options: if you
require "Common Exchange Area" data access, review the new configuration
and supply necessary values (#702)
InCommon login and ENABLED_IDENTITY_PROVIDERS deprecation
Release Notes
For: uc-cdis/fence
Notes since tag: 4.7.0
Notes to tag/commit: 4.8.0
Generated: 2019-10-15
New Features
- Support InCommon login: add "idp" and "shib_idp" query parameters to
"/login/shib", "/login/fence" and "/authorize" (#703)
Deployment Changes
- Fence config ENABLED_IDENTITY_PROVIDERS section deprecated and replaced by
LOGIN_OPTIONS section to allow enabling several login options for the same
provider (backwards compatible) (#703)
arborist resource mapping, usersync/arborist bug fix
Release Notes
For: uc-cdis/fence
Notes since tag: 4.6.2
Notes to tag/commit: c1223c2
Generated: 2019-10-14
New Features
- add arborist resource mapping to userinfo endpoint (#706)
Bug Fixes
- usersync pulls usernames from arborist now to ensure access get revoked for
users completely removed from authorization sources (#717)
4.6.2
patch cirrus bug with google groups that are too large
Synapse Integration & authz_provider
Release Notes
For: uc-cdis/fence
Notes since tag: 4.5.0
Notes to tag/commit: 4.6.0
Generated: 2019-09-30
New Features
- Support Synapse as new AuthN and AuthZ provider (#696)
- Support AuthZ Provider feature in Arborist (#696)
Dependency Updates
- Requires Arborist 2.3.0 (#696)
Deployment Changes
- Requires manual work in Arborist DB to fill in the empty
authz_provider
fields (#696)
Improvements
- Rename rbac to authz/abac depending on context. In code, docs, useryamls.
(#695)
4.5.0
Release Notes
For: uc-cdis/fence
Notes since tag: 4.4.2
Notes to tag/commit: 4.5.0
Generated: 2019-09-23
Dependency Updates
- Flask 1.1.1, Werkzeug 0.15.6 (#661)
Bug Fixes
add migrate command to fence-create
feat(fence-create): new migrate command to migrate the database (#694) * feat(fence-create): new migrate command to migrate the database * chore(formatting): run black