These are release notes for the Single Sign‑On for VMware Tanzu Application Service.

For product versions and upgrade paths, see Upgrade Planner.

Long-Term Support for Single Sign‑On for VMware Tanzu Application Service v1.14

Single Sign‑On v1.14 is a long-term supported (LTS) version. Single Sign‑On v1.14 is supported through April 2022.

Over the lifecycle of Single Sign‑On v1.14, VMware will release security patches that occasionally include feature enhancements and maintenance updates.

For more information about Single Sign‑On v1.14 LTS, please contact your Account Team.

v1.14.8

Release Date: April 14, 2022

Maintenance Changes

Note: This does not mean prior versions were vulnerable. The Single Sign‑On tile uses Java 8, which is not vulnerable to this CVE, so this update is not necessary for secure operation. However, VMware has produced this maintenance release in order to:

  • Avoid false positives in security tools
  • Enable maximum customer confidence
  • Update the affected Spring libraries to alleviate concerns

Dependency upgrades in this release:

  • Spring Boot to 2.5.12

Known Issues

This release has the following issue:

  • Authorization for Okta OpenID Connect (OIDC): When using an Okta OIDC provider, the roles claim in the ID token does not get populated with external identity provider (IdP) groups. This impacts the mapping of external IdP groups to scopes. Despite this limitation, you can still use Okta OIDC provider for authentication.

v1.14.7

Release Date: January 14, 2022

Security Fixes

Addresses log4j CVEs. The tile does not include log4j-core in supported versions, and all other log4j-related dependencies have been updated.

Dependency upgrades in this release:

  • Apache log4j-api to 2.17.1
  • Apache log4j-to-slf4j to 2.17.1

Known Issues

This release has the following issue:

  • Authorization for Okta OpenID Connect (OIDC): When using an Okta OIDC provider, the roles claim in the ID token does not get populated with external identity provider (IdP) groups. This impacts the mapping of external IdP groups to scopes. Despite this limitation, you can still use Okta OIDC provider for authentication.

v1.14.6

Release Date: December 16, 2021

Security Fixes

Addresses CVE 2021-44228. The tile does not include log4j-core in supported versions, and all other log4j-related dependencies have been updated.

Dependency upgrades in this release:

  • Apache log4j-api to 2.16
  • Apache log4j-to-slf4j to 2.16

Known Issues

This release has the following issue:

  • Authorization for Okta OpenID Connect (OIDC): When using an Okta OIDC provider, the roles claim in the ID token does not get populated with external identity provider (IdP) groups. This impacts the mapping of external IdP groups to scopes. Despite this limitation, you can still use Okta OIDC provider for authentication.

v1.14.4

Release Date: November 8, 2021

Maintenance Changes

Dependency upgrades in this release:

  • Spring Boot

Known Issues

This release has the following issue:

  • Authorization for Okta OpenID Connect (OIDC): When using an Okta OIDC provider, the roles claim in the ID token does not get populated with external identity provider (IdP) groups. This impacts the mapping of external IdP groups to scopes. Despite this limitation, you can still use Okta OIDC provider for authentication.

Resolved Issues

This release has the following fix:

  • The SSO service broker can handle apps without any environment variables in the Cloud Controller request payload.

v1.14.3

Release Date: July 13, 2021

Maintenance Changes

Dependency upgrades in this release:

  • Spring Boot
  • Apache Tomcat

Known Issues

This release has the following issues:

  • Authorization for Okta OpenID Connect (OIDC): When using an Okta OIDC provider, the roles claim in the ID token does not get populated with external identity provider (IdP) groups. This impacts the mapping of external IdP groups to scopes. Despite this limitation, you can still use Okta OIDC provider for authentication.

  • The SSO service broker can crash if apps do not have any environment variables in the Cloud Controller request payload: The workaround is to give the app a dummy value in its app manifest file to prevent null values.

v1.14.2

Release Date: February 11, 2021

Resolved Issues

This release has the following fix:

  • The number of external group mappings that you can manage through the UI has increased from 100 to 500.

Known Issues

This release has the following issues:

  • Authorization for Okta OpenID Connect (OIDC): When using an Okta OIDC provider, the roles claim in the ID token does not get populated with external identity provider (IdP) groups. This impacts the mapping of external IdP groups to scopes. Despite this limitation, you can still use Okta OIDC provider for authentication.

  • The SSO service broker can crash if apps do not have any environment variables in the Cloud Controller request payload: The workaround is to give the app a dummy value in its app manifest file to prevent null values.

v1.14.1

Release Date: December 23, 2020

Resolved Issues

This release has the following fix:

  • In Apps Manager, the Manage link for SSO service instances now links to the correct page for all instances. Previously, this link did not work for SSO service instances created with Single Sign‑On v1.8 or earlier.

    For an example of how the Manage link is used, see Monitor App Events.

Known Issues

This release has the following issues:

  • Authorization for Okta OpenID Connect (OIDC): When using an Okta OIDC provider, the roles claim in the ID token does not get populated with external identity provider (IdP) groups. This impacts the mapping of external IdP groups to scopes. Despite this limitation, you can still use Okta OIDC provider for authentication.

  • The SSO service broker can crash if apps do not have any environment variables in the Cloud Controller request payload: The workaround is to give the app a dummy value in its app manifest file to prevent null values.

v1.14.0

Release Date: December 4, 2020

Features

New features and changes in this release:

  • Removes the following from the SSO Operator Dashboard:

    • The internal user store is no longer configurable from the SSO Operator Dashboard. However, you can manage internal users using the UAA Command Line Client (UAAC). For more information, see Configuring Internal User Store.
    • The toggle to the legacy SSO Operator Dashboard is no longer available.
  • Ability to specify buildpack: Adds the ability to specify the buildpack that Single Sign‑On uses when it pushes its component apps.

    For more information, see Install Single Sign‑On Using Ops Manager in Installing Single Sign‑On for VMware Tanzu Application Service.

Known Issues

This release has the following issues:

  • Authorization for Okta OpenID Connect (OIDC): When using an Okta OIDC provider, the roles claim in the ID token does not get populated with external identity provider (IdP) groups. This impacts the mapping of external IdP groups to scopes. Despite this limitation, you can still use Okta OIDC provider for authentication.

  • The SSO service broker can crash if apps do not have any environment variables in the Cloud Controller request payload: The workaround is to give the app a dummy value in its app manifest file to prevent null values.

Viewing Release Notes for Another Version

To view the release notes for another product version, select the version from the dropdown at the top of this page.

check-circle-line exclamation-circle-line close-line
Scroll to top icon