Single Sign-On v1.8

Release Notes

These are release notes for the Single Sign-On service for Pivotal Cloud Foundry (PCF).


Release Date: March 22, 2019

Fixed Issue

This release fixes the following issue:

  • When User Account and Authentication (UAA) contained identity zones that were not managed by SSO for PCF, the GET /v1/plans endpoint returned a 500 status error.


Release Date: March 6, 2019

Fixed Issue

This release fixes the following issue:

  • Custom branding images caused BOSH logs to exceed 1 MB and installations to fail. Logs are now reduced to prevent this issue.


Release Date: January 14, 2019

Breaking Change: For SSO v1.8.0 and later, configure distinct resource names when dealing with cross-space scopes. For more information, see Improved error message for space-protected resources in Features below.


New features and changes in this release:

  • SSO Plan API: SSO includes an API for managing SSO plans. The SSO Plan API provides an easy way for developers to do continuous deployment and continuous integration for SSO plans.

    For more information about automating SSO Plans, see Automate Service Plan Creation.
    For more information about the SSO API, see the SSO API documentation.
  • Expanded API functionality for configuring SSO Plans and identity providers (IDPs):

    • Enabling default IDPs: For PCF 2.4 and later, you can enable a default IDP so that users are automatically redirected to an appropriate enterprise IDP. For more information, see Enable Default Identity Provider.
    • Disabling and re-enabling SSO plans: For PCF v2.4 and later, you can disable SSO plans that are no longer in use. You can re-enable disabled plans when they need to be used again. For more information, see Disable SSO Plans.
    • Password Grant for OpenID Connect (OIDC): For PCF v2.2 and later, you can enable the OIDC password grant so that native apps, such as mobile apps, can forward credentials to the enterprise IDP for authentication. For more information, see Enable Password Grant for OpenID Connect.
  • Login hints functionality in Authorization Request API: For PCF v2.2 and later, when making an authorization code, password, or implicit grant request, you can provide a login hint so that the end user is automatically redirected to the appropriate IDP. For more information, see Using Login Hints.

  • Improved access error handling: Improved error messages and instructions for access errors on the SSO UI.

  • Improved error message for space-protected resources: If users try to create resources already in use in a separate space using the cf CLI or SSO UI, SSO returns a consistent error message. For more information about space protection, see About Space Protection for Resources.

Known Issues

There are no known issues for this release.

Request for Feedback on Feature Deprecation

In future releases of SSO, Pivotal plans to deprecate the following features:

  • User management interface: We plan to shift admin user management from using a user management UI to the UAA CLI. For more information about user management, see Managing Users.
  • Password policies configuration: We plan to deprecrate the Password Complexity and Lockout Policy sections in Internal User Store > Edit Provider. This is because UAA plans to focus on enterprise IDPs as the core provider of users for production apps. For more information about configuring password policies, see Define Password Policy for the Internal User Store.
  • Native multi-factor authentication (MFA): We do not plan to make native MFA production ready. This is because UAA plans to focus on enterprise IDPs, which already provide MFA.

We plan to no longer recommend using the internal user store in production based upon the deprecation of these features.

If you have any feedback or concerns about the deprecation of the above features, let us know. Send us feedback using this SSO 1.8 Deprecation Feedback Form.

Viewing Release Notes for Another Version

To view the release notes for another product version, select the version from the drop-down list at the top of this page.

Create a pull request or raise an issue on the source for this page in GitHub