Auth0 Appliance Release Notes

Get the latest updates in Auth0

See old releases

2016-11-23: Auth0 9632

Added

  • Appliance

    Webtask on the appliance is now upgraded to version 14.5.1.

  • Appliance

    Webtask endpoints added to healthchecks for Appliance.

  • Appliance

    Appliance will no longer forward arbitrary fwd. parameters for authentication requests.

  • Appliance

    Add-as-arbiter scripts have been extended to support two-arbiter configurations

  • Appliance

    Fixed a mis-match in per_page limits on user searches.

  • Appliance

    api v1 has been split from auth0-server to run from a separate service, auth0-api1.

  • Appliance

    Encryption and hashing keys are rotated during initial appliance setup when set-as-first is run.

  • Appliance

    Instrumentation metrics can now be sent to a DataDog endpoint by providing a DataDog API Key in configuration.

  • Appliance

    Azure WAAD thumbprints are now automatically updated nightly from one of the appliance nodes.

Fixed

  • Appliance

    During re-configuration, webtask should be restarted only when necessary.

  • Appliance

    Internet connectivity healthcheck moved from ping to HTTP HEAD request

  • Appliance

    Ensure dhcpclient is stopped when switching networking from dynamic to static

  • Appliance

    The multifactor auth link now links to #/multifactor instead of #/guardian

  • Appliance

    The appliance can be setup to us proxies on initial install and during updates.


2016-10-13: Auth0 8986

Added

  • Appliance

    You can now add trusted certificates to the cert store on the appliance. This helps for certain situations, like the use of a transparent proxy.

  • Appliance

    Per node instrumentation is now available. Instrumentation provides historical data and a UX for the node that shows system metrics, database metrics, and transaction rates. Detailed instrumentation for 24 hours is retained, and down-sampled metrics are available for 7 days.

  • Appliance

    You can configure log retention in the dashboard. The log retention period applies to all tenants, and defaults to 30 days. Performance can be adversely affected by setting this beyond 30 days. Please consult your CSE.

  • Appliance

    You can disable http for authenticated health checks in the management dashboard. By default both http and https are allowed, with the http interface intended for use on isolated networks. If you aren't on an isolated network or only want to allow https, then you can disable http.

  • Appliance

    The docker repository can now use port 443 instead of port 5000 for getting updates. In some environments using a non-standard port was problematic.

  • Appliance

    Added a posture check to the configuration process. This ensures that the services came up correctly after configuration, and that all configuration has completed running.

  • Appliance

    Extensions are now supported. You must have configured webtasks (auth0-sandbox mode) for extensions to work, and a certificate issued by a public certificate authority. A few extensions from the public cloud do not work on the appliance, and you will not see those extensions in the extensions gallery.

Changed

  • Appliance

    Improved CLI scriptability by always returning 0 on success, and 1 on failure. Also standardized output for commands, and error handling. The CLI also now automatically updates to the metadata version for the cluster release.

Fixed

  • Appliance

    The client credentials authentication flow no longer depends upon webtasks.

  • Appliance

    Appliance tenants are now created as premium customers.

  • Appliance

    When using proxy protocol (typically AWS), tenant logs fail when auth0-sandbox is configured (webtasks).

  • Appliance

    The consistency checks at startup for tty1 (auth0-start) forced an application update sometimes when first adding a node to an operating cluster. These checks now only warn.

  • Appliance

    The update process sometimes failed when both configuration and app updates are indicated. The app update is applied first, and it may in some circumstances apply invalid settings, causing a failure. Now configuration updates are always applied before application updates.


2016-09-01: Auth0 8293

Added

  • Appliance

    Customers can disable TLS for SMTP. Normally Auth0 servers negotation TlS with SMTP servers using START_TLS. In some cases customers want to actively disable the use of TLS. You can now force TLS off for SMTP.

Changed

  • Appliance

    Performance fixes and enhancements.

Fixed

  • Appliance

    Filtering of patch releases done improperly, resulting in update to the latest version rather than selected version in some cases.


2016-08-08: Auth0 7941

Added

  • Appliance

    A connectivity command can now be ran against an instance in the cluster using the CLI to verify connecting on a ip address and port for each node.

  • Appliance

    A nslookup command can now be ran against an instance in the cluster using the CLI to verify dns setup for each node.

  • Appliance

    CSE can now adjust the maximum memory for several processes that can vary under load to match the profiles being used by the customer.

  • Appliance

    An additional fix was made to backup decompression logic.

Changed

  • Appliance

    Open logout redirects are now disabled by default on new appliances. Logout redirects must be white listed.

  • Appliance

    Webtasks are now enabled by default on new installations for rule execution.


2016-07-27: Auth0 7760

Added

  • Appliance

    Added a default from email address. If a template does not specify a from address then this address is used. Additionally there is an option to send dashboard administrator invitations from the default email address rather than the inviting administrator. This helps customers using transactional email services where they must white list from email addresses.

  • Appliance

    Added the ability to turn off MX record checking for email recipients. In some cases customers use domains that do not have MX records for emails.

  • Appliance

    Improved diagnostics and troubleshooting view by adding RabbitMQ to service checks and showing each cluster node application version in the node view. RabbitMQ is responsible for queuing emails, and if it stops email will not be sent. This check now shows the status in the dashboard and also at the healthcheck endpoint.

  • Appliance

    Bulk user import now works on the appliance. Customers that have to import a large number of users can use the apiv2 mechanism for bulk user import.

  • Appliance

    Information on response times for different authentication stages are now written to the logs. This helps customers understand where bottlenecks are occurring if logins are slow.

Fixed

  • Appliance

    Increased keep-alive timeout to 100 seconds. Some technologies like .NET use a 100 second timeout limit, and the previous setting of 60 seconds could cause issues.

  • Appliance

    The CLI would fail if an invalid key was specified for a user in the management dashboard. This fixes provides a clearer message and performs key checking.

  • Appliance

    Fixed an issue with invalid compression on large backups.


2016-06-17: Auth0 7247

Added

  • Appliance

    Support for SSL offloading is now available. You can now configure the appliance to accept http. Your load balancer needs to provide a X-Forwarded-Proto header with this feature. The operational environment is responsible for ensuring http access is locked down to the load balancer.

  • Dashboard

    The management dashboard can now use a different SSL certificate than the tenant authentication domains. With this feature you could for example run your authentication endpoints on externally facing domains while using an internal domain for the dashboard.

  • Search

    Search queries for users and transaction logs can execute on a secondary database instance. This reduces the load on the primary database node, ensuring that authentication transactions are not affected by expensive search queries in high load environments.

  • Stats

    Auth0 now periodically collects aggregate statistics from appliance clusters. Customers can request a dump of the statistics collected.

Fixed

  • Appliance

    The apiv1 user search endpoint caches results of a count operation for 5 minutes. The number of users should be considered an approximate count when doing search operations using apiv1.

  • Management API

    For queries that return a large number of results, the apiv2 user search endpoint will not return a count if a time limit for counting matching users is exceeded. Doing overall count queries, or count queries for a connection are efficient and will return results even when there are millions of users.