2025.2

New functionality

• Add untested/undoc support for outbound proxy via the proxy-from-env JavaScript module (https://github.com/Rob--W/proxy-from-env).
• Allow hiding the home page via a configuration setting.

Bugs fixed

• Setting PROMPT_FOR_AUTHORIZATION no longer results in an infinite loop during the authentication process in which the user is continually prompted to allow authentication to proceed.
• Ignore old user and group provisioning key values when upgrading from earlier releases.
• Service will not request client certificates if configuration setting ASSUME_CLIENT_AUTHORIZED has been defined.
• Service honors excludedAttributes for /Users and /Groups via SCIM.
• Ignore "user-" prefix when updating Perforce user via SCIM.

Other changes

• Helix Authentication Service is now named P4 Authentication Service, and HAS is now P4AS. Package names and configuration settings will still use the original names for backward compatibility.
• Update to Node.js v24 in install scripts and Linux packages.
• Remove support for Ubuntu 20.04.
• Remove support for Node.js v18.

2025.1

New functionality

• No new features in this release.

Bugs fixed

• Administrative web interface would show an error message stating "i.authnContext.join is not a function" when defining more than one OIDC identity provider.
• Ensure unix-dgram module is installed in RPM packages to allow for logging via the syslog utility.
• Trailing blank lines in certificate files caused SAML authentication to fail with "keyInfo is not in PEM format or in base64 format".

2024.2.1

Bugs fixed

• Supports CORS requests to the /requests REST API to enable web-based clients to use the authentication functionality.
• SAML requests would fail if key file contained attribute values before the encapsulation boundary ("keyInfo is not in PEM format or in base64 format").

2024.2

New functionality

• Add JavaScript version of configure script to enable easier configuration on Windows platforms.
• Add /liveness route for orchestration systems such as Kubernetes. Returns a 200 if the service, and its dependencies such as Redis, are available to serve requests.

Bugs fixed

• Certificate files (server.crt and server.key) are now treated as configuration files by the packages, and will no longer be overwritten after this release.
• No longer reset unrelated fields in users and groups when making changes via the SCIM-based user provisioning feature.

Other changes

• Remove support for Node.js v16.
• Remove support for CentOS/RHEL 7.
• Add package builds for Ubuntu 24.04 (Noble Numbat).

2024.1

New functionality

• Support client certificate via HTTP header for use with a reverse proxy that terminates the TLS connection.
• Add support for the use of wildcards to specify the SP entity identifiers in the IDP_CONFIG_FILE file.
• Allow multiplexing within the user provisioning feature, connecting multiple cloud service providers to multiple Helix Core Servers.
• Support configuration via a TOML file named config.toml as an alternative to using the .env file and its numerous supporting files.

Bugs fixed

• When not enabled, the static content for the administrative interface will no longer be served to the client.

Other changes

• Renaming a user via the user provisioning feature is now disabled by default as that can cause complications that would otherwise be a surprise to the administrator.
• The /status route can be disabled by setting STATUS_ENABLED=false

2023.2

New functionality

• Introduction of web-based administrative interface.
• REST API for validating Swarm integration with HAS.

Bugs fixed

• Redis connector was creating too many clients.

Other changes

• Support for Node.js v14 has been removed from install script.
• Configure script will write the bearer token to a file rather than storing in the configuration file.
• Configure script will put the p4 ticket as the P4PASSWD in the .env configuration file.

2023.1

New functionality

• New setting PROMPT_FOR_AUTHORIZATION that when set to any value will prompt the user during the authentication process before proceeding to the configured identity provider. This prevents phishing attacks.

Bugs fixed

• Replace UNLINK Redis command usage with DEL to support older releases of Redis, such as on CentOS 7.4 when installing Redis from the EPEL repository. This fixes an issue in which the cached user object would remain in the Redis store for up to 5 minutes rather than being removed immediately.

Other changes

• Support for the pm2 process manager was removed from the install and configure scripts. The use of pm2 is still possible by writing your own ecosystem configuration file.
• The SAML_WANT_RESPONSE_SIGNED and SAML_WANT_ASSERTION_SIGNED settings will now default to true such that the SAML response and assertion from the identity provider must be signed. Previous releases only required that one of these was signed.

2022.2

Improvements

• New setting SENTINEL_CONFIG_FILE to configure support for Redis Sentinel, allowing failover support with multiple Redis instances.
• New acsUrls and acsUrlRe settings in the IDP_CONFIG_FILE to allow for multiple Swarm instances connecting with the same SP entity ID.
• New setting OIDC_TOKEN_SIGNING_ALGO to specify the signing algorithm used by the identity provider to sign the ID token.
• New setting named OIDC_SELECT_ACCOUNT that will enable users logging in via OIDC to select an account with which to authenticate.

Bug fixes

• Setting IDP_CONFIG_FILE can now be a relative path.
• Configure script is now compatible with CentOS 7.
• Perforce user passwords now properly assigned if password is provided via user add/update via SCIM user provisioning.

2022.1

Improvements

• Support for SCIM-based user and group provisioning.
• Install script and package install will create a 'perforce' user and group to own the files and run the service.
• Support for client certificates when connecting to Redis.

Bug fixes

• Updating the yum package will no longer remove the systemd service definition from this version onward.
• Logging to a file will continue even if an uncaught exception occurs.

2021.2

Improvements

• Allow using [] for setting multiple values for SAML_AUTHN_CONTEXT in the .env configuration file.
• Support PFX certificate files as well as a passphrase for the private key component of the TLS certificate.

Bug fixes

• Use latest version of node-saml library to prevent configuring the service in such a manner as to allow a SAML MITM attack.
• Configure script now recommends setting IDP_CERT_FILE when configuring for SAML to avoid a possible MITM attack.