3.0.0-M1 (August Xth, 2022)

More than 4 years, around 2000 commits after Syncope 2.1 Fusion, here it comes the first release from the new major series Syncope 3.0 Maggiore.

Syncope 3.0 Maggiore is now a full-fledged IAM system covering provisioning, reconciliation and reporting needs (as with earlier releases), access management and API management.

What's new

At a general level, all components were (re)written to be based on Spring Boot 2.7 and JDK 11 LTS. JDK 17 LTS is fully supported.
This fact provides the greatest deployment flexibility: each component can be run:

• as web application inside one of supported JavaEE containers
• as standalone application
• as Docker image

New component: Keymaster

The Keymaster allows for dynamic service discovery so that other components are able to find each other.
On startup, all other component instances will register themselves into Keymaster so that their references can be found later, for intra-component communication.

In addition, the Keymaster is also used as key / value store for configuration parameters and as a directory for defined domains.

Two different implementations are provided, following the actual needs:

1. as an additional set of RESTful services exposed by the Core, for traditional deployments (also known as Self Keymaster);
2. as a separate container / pod based on Apache Zookeeper, for microservice-oriented deployments.

New component: Web Access (WA)

The Web Access component is based on Apereo CAS: this means (besides the rest) that Authentication, Authorization, Single Sign, OpenID Connect and SAML 2.0 are coming to Syncope.

In addition to all the configuration options and features from Apereo CAS, the Web Access is integrated with Keymaster, Core and Admin UI to offer centralized configuration and management.

New component: Secure Remote Access (WA)

The Secure Remote Access component is built on Spring Cloud Gateway.

In addition to all the configuration options and features from Spring Cloud Gateway, the Secure Remote Access is integrated with Keymaster, Core and Admin UI to offer centralized configuration and management.

The Secure Remote Access allows to protect legacy applications by integrating with the Web Access or other third-party Access Managers implementing standard protocols as OpenID Connect or SAML.

Revised component: Enduser UI

The End-user UI is the web-based application for self-registration, self-service and password reset.

The communication between End-user UI and Core is exclusively REST-based.

This component was rewritten from scratch in Syncope 3.0, to be technologically aligned with Console UI and based on Apache Wicket.

Migrating from older releases

The distance between earlier releases and Syncope 3.0 Maggiore is relevant under different aspects: architecture, technology, project organization and naturally internal data representation.

For this reason there is no practical way to migrate an old project to Syncope 3.0; it is possible, however, to setup a new Syncope 3.0 project, replicate configurations and finally migrate the existing data.
Here is the outlined approach:

1. create a new Maven project based on Syncope 3.0
2. update code customization and extensions made from your previous Syncope project to the new classes and interfaces provided by Syncope 3.0
3. with both projects running:
   1. download relevant configurations - especially connectors and resources - via REST from your previous Syncope project
   2. upload via REST to the new Syncope 3.0 project
   3. configure a new REST resource in the new Syncope 3.0 project to pull users, groups and any objects from your previous Syncope project