Prepare the release 5.0.1

simpleidserver · Aug 6, 2024 · c60c69d · c60c69d
1 parent 9822430
commit c60c69d
Show file tree

Hide file tree

Showing 80 changed files with 5,323 additions and 13 deletions.
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -28,7 +28,7 @@ services:
     networks:
       proxy_net: null
   scim:
-    image: simpleidserver/scim:5.0.0
+    image: simpleidserver/scim:5.0.1
     environment:
       VIRTUAL_HOST: "scim.localhost.com"
       ASPNETCORE_URLS : "http://*:80"
@@ -40,7 +40,7 @@ services:
     networks:
       proxy_net: null
   idserver:
-    image: simpleidserver/idserver:5.0.0
+    image: simpleidserver/idserver:5.0.1
     environment:
       VIRTUAL_HOST: "idserver.localhost.com"
       ASPNETCORE_URLS : "http://*:80"
@@ -58,12 +58,12 @@ services:
     networks:
       proxy_net: null
   website:
-    image: simpleidserver/website:5.0.0
+    image: simpleidserver/website:5.0.1
     environment:
       VIRTUAL_HOST: "website.localhost.com"
       ASPNETCORE_URLS : "http://*:80"
       ASPNETCORE_FORWARDEDHEADERS_ENABLED: "true"
-      DefaultSecurityOptions__Issuer: "https://idserver.localhost.com/master"
+      DefaultSecurityOptions__Issuer: "https://idserver.localhost.com"
       DefaultSecurityOptions__IgnoreCertificateError: "true"
       IdServerBaseUrl: "https://idserver.localhost.com"
       ScimBaseUrl: "https://scim.localhost.com"
@@ -73,7 +73,7 @@ services:
     networks:
       proxy_net: null
   credentialissuer:
-    image: simpleidserver/credentialissuer:5.0.0
+    image: simpleidserver/credentialissuer:5.0.1
     environment:
       VIRTUAL_HOST: "credentialissuer.localhost.com"
       ASPNETCORE_URLS : "http://*:80"
@@ -85,7 +85,7 @@ services:
     networks:
       proxy_net: null
   credentialissuerwebsite:
-    image: simpleidserver/credentialissuerwebsite:5.0.0
+    image: simpleidserver/credentialissuerwebsite:5.0.1
     environment:
       VIRTUAL_HOST: "credentialissuerwebsite.localhost.com"
       ASPNETCORE_URLS : "http://*:80"

diff --git a/local-docker-compose.yml b/local-docker-compose.yml
@@ -72,7 +72,7 @@ services:
       VIRTUAL_HOST: "website.localhost.com"
       ASPNETCORE_URLS : "http://*:80"
       ASPNETCORE_FORWARDEDHEADERS_ENABLED: "true"
-      DefaultSecurityOptions__Issuer: "https://idserver.localhost.com/master"
+      DefaultSecurityOptions__Issuer: "https://idserver.localhost.com"
       DefaultSecurityOptions__IgnoreCertificateError: "true"
       IdServerBaseUrl: "https://idserver.localhost.com"
       ScimBaseUrl: "https://scim.localhost.com"

diff --git a/sid-kubernetes.yaml b/sid-kubernetes.yaml
@@ -229,7 +229,7 @@ spec:
       subdomain: localhost
       containers:
       - name: scim-deploy
-        image: simpleidserver/scim:4.0.8
+        image: simpleidserver/scim:5.0.1
         ports:
           - containerPort: 80
         env:
@@ -266,7 +266,7 @@ spec:
       subdomain: localhost
       containers:
       - name: idserver-deploy
-        image: simpleidserver/idserver:4.0.8
+        image: simpleidserver/idserver:5.0.1
         ports:
           - containerPort: 80
         env:
@@ -309,7 +309,7 @@ spec:
       subdomain: localhost
       containers:
       - name: website-deploy
-        image: simpleidserver/website:4.0.8
+        image: simpleidserver/website:5.0.1
         ports:
           - containerPort: 80
         env:
@@ -350,7 +350,7 @@ spec:
       subdomain: localhost
       containers:
       - name: credentialissuer-deploy
-        image: simpleidserver/credentialissuer:4.0.8
+        image: simpleidserver/credentialissuer:5.0.1
         ports:
           - containerPort: 80
         env:
@@ -385,7 +385,7 @@ spec:
       subdomain: localhost
       containers:
       - name: credentialissuerwebsite-deploy
-        image: simpleidserver/credentialissuerwebsite:4.0.8
+        image: simpleidserver/credentialissuerwebsite:5.0.1
         ports:
           - containerPort: 80
         env:

diff --git a/website/docs/download.md b/website/docs/download.md
@@ -10,7 +10,7 @@ import Installer from '@site/src/components/global/Installer';
 
 <DocsCards>
     <DocsCard>
-        <h2>LATEST STABLE 5.0.0</h2>
+        <h2>LATEST STABLE 5.0.1</h2>
         <h3>PLATFORM</h3>
         <Installers>
             <Installer title="Windows x64" icon="windows" link="https://github.com/simpleidserver/SimpleIdServer/releases/latest/download/SimpleIdServer-Windows-x64.zip" />

diff --git a/website/versioned_docs/version-5.0.1/advancedsettings/auditing.md b/website/versioned_docs/version-5.0.1/advancedsettings/auditing.md
@@ -0,0 +1,28 @@
+# Auditing
+
+The administration UI contains an auditing screen used to search for events.
+
+![Monitoring](images/monitoring-1.png)
+
+Following events are present :
+
+* AuthorizationFailureEvent
+* AuthenticationSuccessEvent
+* ClientAuthenticationFailureEvent
+* ClientAuthenticationSuccessEvent
+* ClientRegisteredFailureEvent
+* ClientRegisteredSuccessEvent
+* ConsentGrantedEvent
+* ConsentRevokedEvent
+* TokenIntrospectionFailureEvent
+* TokenIntrospectionSuccessEvent
+* TokenIssuedFailureEvent
+* TokenIssuedSuccessEvent
+* TokenRevokedFailureEvent
+* TokenRevokedSuccessEvent
+* UserInfoFailureEvent
+* UserInfoSuccessEvent
+* UserLoginSuccessEvent
+* UserLogoutSuccessEvent
+* PushedAuthorizationRequestSuccessEvent
+* PushedAuthorizationRequestFailureEvent
diff --git a/website/versioned_docs/version-5.0.1/advancedsettings/configuration.md b/website/versioned_docs/version-5.0.1/advancedsettings/configuration.md
@@ -0,0 +1,118 @@
+# Configuration
+
+## IdentityServer
+
+The table below, list all the possible properties present in the `appsettings.json` file. Thanks to them, you can easily customize the behavior the [IdentityServer](../installation#create-identityserver-project).
+
+<table>
+    <thead>
+        <tr>
+            <th>Property</th>
+            <th>Description</th>
+            <th>Values</th>
+        </tr>
+    </thead>
+    <tbody>
+        <tr>
+            <td><b>AuthCookieNamePrefix</b></td>
+            <td>Name of the authentication cookie</td>
+            <td></td>
+        </tr>
+        <tr>
+            <td><b>SessionCookieNamePrefix</b></td>
+            <td>Name of the session cookie</td>
+            <td></td>
+        </tr>
+        <tr>
+            <td rowspan="2"><b>ForceHttps</b></td>
+            <td rowspan="2">Force to use HTTPS</td>
+            <td>True</td>
+        </tr>
+        <tr>
+            <td>False</td>
+        </tr>
+        <tr>
+            <td rowspan="2"><b>IsForwardedEnabled</b></td>
+            <td rowspan="2">Enable or disable the forwarded headers</td>
+            <td>true</td>
+        </tr>
+        <tr>
+            <td>false</td>
+        </tr>
+        <tr>
+            <td rowspan="4"><b>ClientCertificateMode</b></td>
+            <td rowspan="4">
+                Specifies the client certificate requirements for an HTTPS connection.<br/>
+                This parameter is required when you are using the <b>tls_client_auth</b> or <b>self_signed_tls_client_auth</b> client authentication method. <br/>
+                By default, the value is <b>NoCertificate</b>.
+            </td>
+            <td>NoCertificate</td>
+        </tr>
+        <tr>
+            <td>AllowCertificate</td>
+        </tr>
+        <tr>
+            <td>RequireCertificate</td>
+        </tr>
+        <tr>
+            <td>DelayCertificate</td>
+        </tr>
+        <tr>
+            <td rowspan="2"><b>IsRealmEnabled</b></td>
+            <td rowspan="2">Enable or disable the Realm. By default, the value is <b>true</b></td>
+            <td>true</td>
+        </tr>
+        <tr>
+            <td>false</td>
+        </tr>
+        <tr>
+            <td><b>SCIMBaseUrl</b></td>
+            <td>
+                Base URL of the SCIM Server. This value is used during the launch time of IdentityServer to configure Automatic Identity Provisioning with the SCIM Server..<br/>
+                By default, the value is <b>https://localhost:5003</b>.
+            </td>
+            <td>Base URL of the SCIM Server</td>
+        </tr>
+        <tr>
+            <td><b>Authority</b></td>
+            <td>
+                Base URL of the current IdentityServer. This value is used to configure OPENID authentication with the IdentityServer.<br/>
+                By default, the value is <b>https://localhost:5001</b>.
+            </td>
+            <td>Base URL of the current IdentityServer.</td>
+        </tr>
+        <tr>
+            <td><a href="../iam/configuration"><b>DistributedConfiguration</b></a></td>
+            <td>
+                Distributed configuration helps various modules within SimpleIdServer to store their settings. <br />
+                This property is used to configure the configuration storage, for example, <b>Redis</b> or <b>SQL Server</b>.
+            </td>
+            <td>For more information, please refer to this <a href="../iam/configuration">chapter</a></td>
+        </tr>
+        <tr>
+            <td><a href="../iam/storage"><b>StorageConfiguration</b></a></td>
+            <td>This property is used to configure the data storage used by IdentityServer to store its various entities, such as <b>Clients</b> or <b>Users</b>.</td>
+            <td>For more information, please refer to this <a href="../iam/storage">chapter</a></td>
+        </tr>
+        <tr>
+            <td rowspan="6"><b>Other</b></td>
+            <td rowspan="6">The other properties are used to configure the modules used by IdentityServer, such as <b>Automatic Identity Provisioning with SCIM</b> or an external Identity Provider like <b>Facebook</b></td>
+            <td><a href="../iam/externalidproviders#facebook">Facebook</a></td>
+        </tr>
+        <tr>            
+            <td><a href="../iam/automaticidentityprovisioning.md#scim">SCIM</a></td>
+        </tr>
+        <tr>            
+            <td><a href="../iam/automaticidentityprovisioning.md#ldap">LDAP</a></td>
+        </tr>
+        <tr>            
+            <td><a href="../iam/authmethods.md#email">IdServerEmailOptions</a></td>
+        </tr>
+        <tr>            
+            <td><a href="../iam/authmethods.md#sms">IdServerSmsOptions</a></td>
+        </tr>
+        <tr>            
+            <td>FidoOptions</td>
+        </tr>
+    </tbody>
+</table>
diff --git a/website/versioned_docs/version-5.0.1/advancedsettings/images/monitoring-1.png b/website/versioned_docs/version-5.0.1/advancedsettings/images/monitoring-1.png
diff --git a/website/versioned_docs/version-5.0.1/advancedsettings/pki.md b/website/versioned_docs/version-5.0.1/advancedsettings/pki.md
@@ -0,0 +1,11 @@
+# Public Key Infrastructure (PKI)
+
+Here are the key components of SimpleIdServer's PKI. :
+
+1. **Certificate Authority (CA)** : The Certificate Authority is a trusted entity responsible for issuing and managing client certificates.
+2. **Client Certificates** : Client certificates are used by OAuth 2.0 clients, for example during the "tls_client_auth" authentication.
+
+In the Administration UI, you can manage the Certificate Authorities (CAs). They can be generated and stored in the database or imported from the Certificate Store.
+You can download one of them and install it into the appropriate certificate store.
+
+A Certificate Authority can be used to generate one or more client certificates.
diff --git a/website/versioned_docs/version-5.0.1/advancedsettings/realm.md b/website/versioned_docs/version-5.0.1/advancedsettings/realm.md
@@ -0,0 +1,45 @@
+# Realm
+
+A [Realm](../glossary) is a space where you can manage Clients, Scopes, Users, External Identity Providers, and Certificate Authorities. Realms are isolated from one another, but the same resource can be located in one or more Realms.
+
+By default, there is one configured `master` realm. It must not be removed, as doing so would render the SimpleIdServer product inoperable.
+
+You can use the Realm to separate different environments, such as having one for the `test` environment and another for the `prd` environment. 
+
+To add a realm, follow these steps :
+
+1. Click `Active realm: master`.
+2. Click `Add realm`.
+3. Enter the details for the new Realm.
+4. Click `Save`. 
+5. Click `Choose realm`, select the new realm, and click the `Select` button.
+6. You'll be redirected to the authentication page. Submit the `administrator` credentials to access the realm.
+
+By default, the `administrator` user has access to all the `realm`.
+
+## Permissions
+
+It is possible to assign user permissions to a realm and to limit access accordingly.
+For each component present in the UI, there are two scopes defined for the `manage` and `view` permissions. 
+For example, for the `Clients` component, the master realm defines two scopes: `master/clients/view` and `master/clients/manage`. 
+These scopes can be assigned to one or more groups, and the groups can be assigned to one or more users.
+
+For example, to grant `manage` access to the `Clients` component of the `master` realm, execute the following steps:
+
+1. Create a new group named `ClientMaster`.
+2. Navigate to the new group and select the `Role` tab.
+3. Select the `<realm>/clients/manage` scope and click on the `Save` button.
+4. Navigate to a user and select the `Groups` tab.
+5. Select the `ClientMaster` group and click on the `Save` button.
+
+The user is now configured to manage the `clients` present in the realm.
+
+## Disable Realm
+
+By default, SimpleIdServer is configured to use the Realm. If you do not want to use it, you can disable it by updating the `appsettings.json` configuration files.
+
+To disable the Realm, follow these steps:
+
+1. Open the [IdentityServer](../installation/dotnettemplate#create-identityserver-project) project and edit the `appsettings.json` file.
+2. Set the `IsRealmEnabled` property to `false` and save the file.
+3. Open the [IdentityServer website](../installation/dotnettemplate#create-identityserver-website-project) and edit the `appsettings.json` file.
diff --git a/website/versioned_docs/version-5.0.1/consultancy.md b/website/versioned_docs/version-5.0.1/consultancy.md
@@ -0,0 +1,23 @@
+---
+title: Consultancy
+hide_table_of_contents: true
+---
+
+# Consultancy
+
+If you are seeking consultancy regarding any aspect of the Identity Access Management field, please feel free to contact us via email at agentsimpleidserver@gmail.com.
+
+We provide expertise in the following areas:
+
+* We offer expertise in reviewing and enhancing authentication and authorization strategies.
+* We provide advice and guidelines on architectural considerations, such as implementing identity provisioning and more.
+* We assist financial enterprises in achieving compliance with both FAPI 1.0 and FAPI 2.0 standards.
+* We provide assistance to public sectors, including government and hospitals, in developing trusted APIs that enable the issuance of valid credentials such as Covid Certificates, Driving Licenses, University Degrees, and more.
+
+# Open source and free of charge
+
+The support provided by SimpleIdServer is free of charge, and the source code is open source, licensed under the Apache-2 license.
+
+When it comes to GIT, we kindly request that you take a moment to read the [code of conduct](https://github.com/simpleidserver/SimpleIdServer/blob/master/CONTRIBUTING.md) before initiating an issue.
+
+[If you appreciate our project and wish to extend your support, you have the opportunity to sponsor it or make a donation.](https://github.com/sponsors/simpleidserver?o=esb)
diff --git a/website/versioned_docs/version-5.0.1/contactus.md b/website/versioned_docs/version-5.0.1/contactus.md
@@ -0,0 +1,16 @@
+---
+title: Contact us
+hide_table_of_contents: true
+---
+
+# Who are we
+
+Belgian Company Specialized in the development of Identity and Access Management Solutions.
+
+# Contact us
+
+There are multiple communication methods available to contact our technical team:
+
+* Email : agentsimpleidserver@gmail.com
+* Gitter : https://app.gitter.im/#/room/#simpleidserver:gitter.im
+* Git : https://github.com/simpleidserver