keycloak-scim/upgrading/topics/rhsso/changes-72.adoc
2017-12-04 16:05:20 +01:00

34 lines
No EOL
1.6 KiB
Text

== RH-SSO 7.2
The following changes have occurred from RH-SSO 7.1 to RH-SSO 7.2.
=== New Password Hashing algorithms
We have added two new password hashing algorithms (pbkdf2-sha256 and pbkdf2-sha512). New realms will use the pbkdf2-sha256
hashing algorithm with 27500 hashing iterations. Since pbkdf2-sha256 is slightly faster than pbkdf2 the iterations was
increased to 27500 from 20000.
Existing realms are upgraded if the password policy contains the default value for the hashing algorithm (not specified) and
iteration (20000). If you have changed the hashing iterations, you need to manually change to pbkdf2-sha256 if you'd like
to use the more secure hashing algorithm.
=== ID Token requires scope=openid
In RH-SSO 7.0, the ID Token was returned regardless if `scope=openid` query parameter was present or not in authorization
request. This is incorrect according to the OpenID Connect specification.
In RH-SSO 7.1, we added this query parameter to adapters, but left the old behavior to accommodate migration.
In RH-SSO 7.2, this behavior has changed and the `scope=openid` query parameter is now required to mark the request as an
OpenID Connect request. If this query parameter is omitted the ID Token will not be generated.
=== Microsoft SQL Server requires extra dependency
Microsoft JDBC Driver 6.0 requires additional dependency added to the JDBC driver module. If you observe an
`NoClassDefFoundError` error when using Microsoft SQL Server please add the following dependency to your JDBC driver
`module.xml` file:
[source,xml]
----
<module name="javax.xml.bind.api"/>
----