2021.1

Improvements

• New setting SAML_IDP_METADATA_FILE to specify IdP metadata from a file, as an alternative to the SAML_IDP_METADATA_URL setting.

Other changes

• Use systemd to manage the HAS instance instead of pm2. Configure script and packages will install and start HAS as a service unit.
• Single binary build of HAS for Linux packages, no need for Node.js.

2020.2

Improvements

• Scripts are now available to install and remove HAS as a Windows service.
• You can now run HAS behind a proxy, with the option of storing session information in Redis to enable failover, with the addition of rule-based routing without Redis.
• You can now run HAS in a Docker container, which is available on Docker Hub (https://hub.docker.com/r/perforce/helix-auth-svc).

Bug fixes

• Fixed issue with SameSite cookie policy enforcement in newer browsers by enabling load balancer support (see also HAS-79).

Other changes

• Upgrade Node.js requirement to version 14 (from 12).

2020.1 patch 1

Improvements

• Package for Ubuntu version 20.04.

Bug fixes

• URL not sent to user logging in to edge server. Caused by P4-19549 in Helix Core Server, fixed in 2019.1.11, 2019.2.8, 2020.1.1, and 2020.2 releases.

• Swarm integration broken by browser content security policy.

2020.1

Improvements

• Linux-based configuration script supports Amazon Linux 2.

Bug fixes

• Certificate message digest caused extension connection to fail.

2020.1 snapshot 2

Improvements

• Linux-based configuration script to assist in configuring HAS.

Bug fixes

• The install.sh starts pm2 as the current user, not as root on CentOS.
• Login error in browser: request identifier must be defined.
• Remove color codes from auth service log output.
• Exception when CA_CERT_PATH directory contains an empty directory.

2020.1 snapshot 1

Improvements

• Support file patterns for finding certificate authority (CA) files.
• Allow specifying the bind address for the server.
• Permit specifying the SAML identity provider certificate.
• Support specifying a CA path in addition to a single file.
• Add OIDC_CLIENT_SECRET_FILE setting, discourage use of OIDC_CLIENT_SECRET.
• Support logging to syslog rather than plain file.
• Support filtering client requests by certificate common name.

Bug fixes

• Azure login blocked with error regarding authn context value.
• Throws EISDIR error when reading certificates.
• OIDC needs to support Authorization Code with PKCE.
• Auth via SAML and Swarm fails validation in core extension.
• Updated SAML validate endpoint should require client certs.

Initial release

• Provides support for OpenID Connect and SAML 2.0 identity providers.
• Tested providers include Auth0, Azure, Okta, OneLogin, and PingFederate.