Release Notes 1.6.1

What’s New

Support for Java 25 and Apache Tomcat 11

With this version of the Identity Service, Java 25 and Apache Tomcat 11 are additionally supported. Support for Java 17 is no longer available.

Support for ArcGIS Enterprise Portal 11.4 and 11.5

Identity Service now also supports ArcGIS Enterprise Portal 11.4 and 11.5 as identity providers.

Separate storage of secrets

To separate secrets from the application configuration, you can now create the file secrets.properties alongside the file application.properties in the Identity Service. You should store configuration parameters with sensitive information such as passwords in this file, while non-sensitive configuration parameters remain in the file application.properties. This increases security because the file secrets.properties can be protected and managed separately.

We recommend moving the following configuration parameters from the file application.properties to the file secrets.properties:

  • security.sharedSecret

  • security.oauth.clientId

  • security.oauth.clientSecret

  • db.jdbc.username

  • db.jdbc.password

Update Notes

If you skip several versions during the update, please also follow all update notes of the intervening versions.

Support for Java 17 discontinued

This version of the Identity Service no longer supports Java 17. Use Java 21 or Java 25 instead.

Changes to configuration parameters

configuration.watch.changes

The configuration parameter configuration.watch.changes has been removed. Changes to the configuration during runtime are no longer supported.

If you set this configuration parameter in the file application.properties, you can remove it.

security.oauth.tokenRules.addDefaults

The configuration parameter security.oauth.tokenRules.addDefaults now has the default value false. As a result, the Identity Service no longer registers the configured identity provider as a trusted service. The use of this configuration parameter is no longer recommended and will be removed in future versions.

If you have set security.oauth.provider to arcgis, add ArcGIS Enterprise Portal or ArcGIS Online as a trusted service. If you have set security.oauth.provider to keycloak, add your Keycloak server as a trusted service. Examples can be found under Trusted services.

Changelog

1.6.1

Fixed Issues

IDENTITY-95

[ArcGIS Enterprise portal] Parallel token refresh requests create duplicate tokens, causing database constraint violation

IDENTITY-97

account/tokens POST does not longer support 'target' as query parameter

1.6.0

New Features

IDENTITY-59

Support transport of 'groups' for ArcGIS Enterprise portal identities

IDENTITY-80

Migrate backend to spring boot

IDENTITY-90

Drop support for 'configuration.watch.changes'

IDENTITY-91

Support 'secrets.properties' to separated application properties and secrets

IDENTITY-94

Change Property 'security.oauth.tokenRules.addDefaults' to false to avoid unexpected rules

IDENTITY-96

[Keycloak] Add role mapping support, via property security.oauth.provider.keycloak.roles

Fixed Issues

IDENTITY-93

[Portal] /tokens endpoint reports BEARER not TOKEN as default for ArcGIS Enterprise portal, if portal is configured with /arcgis context