Skip to content

Navigation Menu

Explore
By company size
By use case
By industry
View all solutions
Topics
- AI
- DevOps
- Security
- Software Development
- View all
Explore
- GitHub Sponsors
  Fund open source developers
- The ReadME Project
  GitHub community articles
Repositories
- Enterprise platform
  AI-powered developer platform
Available add-ons
Pricing

Search code, repositories, users, issues, pull requests...

Search

Clear

Search syntax tips

Provide feedback

We read every piece of feedback, and take your input very seriously.

Include my email address so I can be contacted

Saved searches

Use saved searches to filter your results more quickly

Name

Query

To see all available qualifiers, see our documentation.

You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session.

Dismiss alert

cloudfoundry / uaa Public

Notifications
Fork 830
Star 1.6k

Additional navigation options

Code
Issues
Pull requests
Discussions
Actions
Projects
Security
Insights

Releases
3.8.0

UAA 3.8.0 Release Notes

Compare

Choose a tag to compare

Loading

sreetummidi released this 19 Oct 17:13

· 4985 commits to master since this release

2a4d48f

New Features

Allow customizable SAML XML Dsig algorithms (SHA-256 and SHA-512)
Implement AMR claim on OpenID tokens
Users and Clients with zone.{zoneid}.admin should able to call password_resets endpoint
API Docs for UAA as SAML IDP
Remove notion of self for /oauth/token/list
List user tokens API docs
Don't return JWT value for /oauth/token/list
New API for listing the Revocable Tokens for a given User Account
Add support for SAML NameIDPolicy
Implement ACR claim on OpenID tokens
UAA as a SAML IDP: Add attribute inResponseTo to the saml2p:Response
Update the Authorization Code for the Authorization API flow from 7 to 10 Characters
Introduce a Prompt Parameter on /oauth/authorize
Propagate ACR claim for External OpenID Connect provider if present
Clearly document zone ID/subdomain header for endpoints that support it
Change select statement for active providers
Support reading LDAP user memberOf attributes
Endpoint is provided to delete service provider configuration from UAA IdP
Support LDAP StartTLS
Create OP Login Iframe for UAA
Publish OpenID Connect .wellknown endpoint for discovery purposes.
Add SCIM Patch Method for Users and Groups
Add support for response_type=id_token for implicit grant
Change Default for WantSignedAssertion default to true instead of false.
Provide the ability to rotate client secrets - Add a new Secret
Provide the ability to rotate client secrets - Delete Old Secret
Redundant entityId field is required in the payload to add service provider to UAA IdP
Add account chooser to IDP discovery page
Modified UaaHttpRequestUtils to build an HTTP client that uses the system proxy settings.

Bug Fixes

Clients cannot refresh a token that was generated by a JWT signing key that is no longer active
Fix /autologin to support application/x-www-form-urlencoded again
Fix YAML array generation
Token documentation omits id_token details
Encoding issue in "/token_keys" - JWKS endpoint
"sub" claim missing in Userinfo Response
Missing fields in Client return object
Fix for startup failure when inactive service providers exist in the database
Adding duplicate service provider to UAA IdP causes 500 Server Error
Fix array out of bounds exception in case of wrong email format
Jackson serialization exception
Check token message is cryptic when token revoked
UaaTokenServices.getTokenEndpoint can return null in two spots
Return current_user cookie on /oauth/authorize
Fix array out of bounds exception in case of bogus email format

Assets 2

Loading

All reactions

Footer

© 2025 GitHub, Inc.

Footer navigation

Terms
Privacy
Security
Status
Docs
Contact

You can’t perform that action at this time.