github openziti/ziti v0.25.11
on GitHub

latest releases: v1.8.0-pre3, v1.6.12, v1.6.11...
3 years ago

Release 0.25.11

What's New

  • Edge
    • Management API: Breaking Changes
    • Management API: New Endpoints
    • Management API: JWKS Support
    • Bug fixes
  • Fabric
    • Bug fixes
    • Metrics API
  • Ziti CLI
    • N/A
  • SDK Golang
    • N/A

Edge

Management API Breaking Changes

The following Edge Management REST API Endpoints have breaking changes:

  • POST /ext-jwt-signers
    • kid is required if certPem is specified
    • jwtEndpoint or certPem is required
    • issuer is now required
    • audience is now required
  • PUT /ext-jwt-signers - kid is required if certPem is specified, issuer is required, audience is required
    • kid is required if certPem is specified
    • jwtEndpoint or certPem is required
    • issuer is now required
    • audience is now required
  • PATCH /ext-jwt-signers - kid is required if certPem is specified, issuer is required, audience is required
    • kid is required if certPem is set and kid was not previously set
    • jwtEndpoint or certPem must be defined or previously set of the other is null
    • issuer may not be set to null or ""
    • audience may not be set to null or ""

The above changes will render existing ext-jwt-signers as always failing authentication is issuer and audience
were not previously set.

Management API: New Endpoints

The following new endpoints have been added:

  • GET /identities/:id/enrollments - returns a pre-filtered list of enrollments for the identity specified by :id

Management API: JWKS Support

JWKS (JSON Web Key Sets) is defined in rfc7517 and defines the format
and methods that public and private keys may be published via JSON. JWKS support enables Ziti to obtain
public signing keys from identity providers as needed. This enables identity providers to rotate signing keys without
breaking SSO integrations.

To facilitate this, ext-jwt-signers now support jwksEndpoint which is a URL that resolves to a service that returns
a JWKS JSON payload. When specified, the certPem and kid files are no longer required. Additionally, when a JWT iss
fields matches an existing extj-jwt-signers's issuer field and the kid is currently unknown, the jwksEndpoint
will be interrogated for new signing keys. The jwksEndpoint will only be interrogated at most once every five seconds.

Bug Fixes

Fabric

Bug Fixes

Metrics API

The following new endpoint has been added:

  • GET /metrics - returns metrics for the controller and all routers in the Prometheus text exposition format. See [https://openziti.github.io/ziti/metrics/prometheus.html] for more information and instructions to set it up.
Check out latest releases or
releases around openziti/ziti v0.25.11

Don't miss a new ziti release

NewReleases is sending notifications on new releases.

Get notifications