Release notes
Axiomatics Services Manager (ASM) features, bug fixes, and known issues by release date.
Version 7.2.0
What's new
Policy Designer
Policy Designer is a web application bundled with ASM that allows business and application owners to express simple policies in a natural language, removing the burden of learning a formal authorization language.
Policy Designer enables orchestrated authorization across an organization by focusing on the following key goals:
- Accelerate adoption: Accelerate the adoption of orchestrated authorization.
- Reduce burden: Reduce policy authoring burden on the IAM/Security team.
- Scale securely: Empower every application owner to create secure authorization policies.
- Gain insights: Gain policy insights to evolve the overall authorization strategy.
Kubernetes deployment
ASM offers enhanced support for deployments with Kubernetes (K8s) that achieve improved stability, availability, and efficiency. K8s allows you to easily scale your application and provides self-healing capabilities to restart or replace a container when it fails or crashes. This results in high uptime and performance while reducing costs and administration requirements.
Attribute Connector versions
The development of other Axiomatics components that use attribute connectors makes it necessary to state explicitly the version numbers of the attribute connectors that are compatible with the release of each component.
ASM 7.3.0 is delivered with the following versions of the standard attribute connectors:
- LDAP Attribute Connector 6.3.0
- SQL Attribute Connector 6.2.2
- Table Attribute Connector 7.0.0
noteEarlier versions of the attribute connectors should be considered incompatible with this version of ASM and should not be used. Updated versions of the attribute connectors may be released, which may be installed and used with this version of ASM. They should be subject to compatibility information for each attribute connector, respectively.
Known issues
License update on Kubernetes environments
The license update procedure through the UI of ASM is not functional on Kubernetes environments. Instead, the procedure should be carried out using the CLI.
Version 7.1.0
What's new
Dashboard for authorization metrics
The Dashboard is a new feature introduced to ASM, providing visualization of key metrics for monitoring the authorization performance of the running ADS instances. The metrics data for the graphs of the Dashboard are published by ADS to ASM, and stored in an instance of InfluxDB running within ASM.
Graphs display Request Rate (successful requests and errors), Decisions (number of permit/deny/indeterminate/not applicable), and Request Latency (the distribution of the duration of the requests).
The Dashboard (and the inclusion of the supporting InfluxDB instance) is an optional feature that can be enabled and disabled by the choice of startup command for ASM.
User role domain-auditor added
The role domain-auditor has been added to the user configuration options. This new role is used to manage access to historical data, for example for auditing. Consequently, a user must be assigned this role to have access to the Roll back functionality of ASM.
Attribute Connector versions
The development of other Axiomatics components that use attribute connectors makes it necessary to state explicitly the version numbers of the attribute connectors that are compatible with the release of each component.
ASM 7.1.0 is delivered with the following versions of the standard attribute connectors:
- LDAP Attribute Connector 6.3.0
- SQL Attribute Connector 6.2.2
- Table Attribute Connector 7.0.0
noteEarlier versions of the attribute connectors should be considered incompatible with this version of ASM and should not be used. Updated versions of the attribute connectors may be released, which may be installed and used with this version of ASM. They should be subject to compatibility information for each attribute connector, respectively.
Fixed issues
Online documentation updates
Various revisions and amendments to improve the clarity and usability of the online documentation. In addition, the following chapters have been added:
- Upgrade
- Backup and Restore
Export button becoming unresponsive after executed export
Previously, the Export button in the Domain Management UI became unresponsive after one use, and a new export was possible only after a page reload. This has been fixed and the Export button now works as expected.
Known issues
Disabled attribute cache causes ADS initialization failure
Attribute caching configuration is optional for ADS. If attribute caching configuration is enabled, then the minimum accepted attribute cache parameters values are 1. In the ASM Attribute Connector Management UI, the attributes cache is disabled by default ("Default" = Time to live (seconds)=0, Max cache size=0). The same values apply for the "NoCache" attribute cache configuration (“NoCache” = Time to live (seconds)=0, Max cache size=0).
When ADS tries to retrieve a domain with zero attribute configuration settings, then ADS cannot be initialized. The issue exists only in the case when ADS is configured to retrieve its authorization domain from ASM. As a workaround the ASM users must navigate to the attribute connectors management UI in the Cache Configuration tab and update the "Default" cache settings (Time to live (seconds), Max cache size) from (0,0) to (1,1).
On top the "NoCache" attribute cache configuration should not be used.
Version 7.0.1
Fixed issues
State of the containers externalized by using volumes
Previously, if ASM was stopped using the command
docker-compose down
, it resulted in the loss of the ASM database, as this command stops the container and removes all the running services. This has been fixed. ASM now uses volumes to externalize the state of the containers, ensuring the persistence of data generated by and used by Docker containers. ASM can now be stopped and restarted without the risk of losing container data.Online documentation updates
Various revisions and amendments to improve the clarity and usability of the online documentation.
Known issues
Lack of clarity regarding JDBC and JNDI data sources for attribute connectors
Only the JDBC data source is supported in ASM 7.x. JNDI is not supported. However, in the UI of the Attribute Connector configuration for SQL and Table, JNDI still appears as an option, and there is also an advice against using JDBC displayed. This can be disregarded.
The performance problem referred to in the UI does not apply anymore, and JDBC must be selected as the data source for a working configuration of an attribute connector.
Version 7.0.0
What's new
Simplified installation of ASM
This release introduces a simplified way to install and run ASM based on Docker. The new installation process delivers the functionality of ASM without the need to install and run a separate application server.
New ASM license required
The ASM 7.0.0 application requires a version 7.0.0 license. A license created for any previous version of ASM will not work. Contact Customer Support for more information.
Online documentation
The documentation for ASM has been converted to an online format, and is now exclusively available at https://docs.axiomatics.com. PDFs are no longer included in the distribution. The online distribution model will improve availability and ensure that users always have easy access to the latest version of the documentation.
Domain Management redesigned
The Domain Management functionality has been refactored with a new user interface and an enhanced workflow. This is intended to provide users with an improved user experience when creating, editing, and managing domains in ASM.
Three new features are introduced to Domain Management:
- Copy will allow users to copy the contents of a domain to another domain.
- Roll back will allow reverting to an earlier version of a domain.
- Delete will allow users to delete a domain.
ASM can call endpoints directly
It is possible to manage domains by calling the endpoints directly, using a domain management API, as an alternative to using the UI. The project functionality of ASM is implemented in the API via the use of namespaces. This domain management API is also supported by the standalone component Authorization Domain Manager (ADM). See the "Domain Management" section of the documentation for more information.
Attribute Connector versions
The development of other Axiomatics components that use attribute connectors makes it necessary to state explicitly the version numbers of the attribute connectors that are compatible with the release of each component.
ASM 7.0.0 is delivered with the following versions of the standard attribute connectors:
- LDAP Attribute Connector 6.1.1
- SQL Attribute Connector 6.2.2
- Table Attribute Connector 7.0.0
noteEarlier versions of the attribute connectors should be considered incompatible with this version of ASM and should not be used. Updated versions of the attribute connectors may be released, which may be installed and used with this version of ASM subject to compatibility information for each attribute connector, respectively.
Database platform support
ASM 7.0.0 only supports PostgreSQL for the ASM database. This is handled automatically during the installation, during which a PostgreSQL database is provided and configured for the purpose.
Services management for ASM-PDP has been removed
The Services management functionality for ASM-PDP has been removed. ASM 7.x will not manage ASM-PDP instances. Access Decision Service (ADS) is the primary authorization engine for ASM 7.x onwards.
Known issues
Missing or invalid license blocks ASM
If ASM 7.0.0 is initialized with a missing or invalid license during startup, all further actions are blocked. An invalid license would be an expired ASM 7.0.0 license or a license created for any previous version of ASM.
To resolve the issue of an invalid license, replace the invalid license with a valid license and run the
docker compose -- build
command again.To resolve the issue with a missing license, navigate to the
docker\
folder of the extracted distribution. There you will find an empty folder with the name of the license file. Delete the folder, put a valid license file in thedocker/
folder and run thedocker compose -- build
command again.Error message appears on user's first login
When a new user logs in for the first time, an error message may appear. Logging out and then logging back in again will resolve this. If the user has not yet been assigned to a project, an information message to that effect will be displayed.
Export button unresponsive after executed export
When the Export button in the Domain Management UI is clicked, the authorization domain is exported as expected. After that, the button becomes unresponsive for that particular domain, and clicking it again will not trigger a new export action. Reloading the page will make the button responsive again.
Changing project name causes domains to be unavailable
If the name of a project is changed, the authorization domains previously assigned to that project can no longer be retrieved. Changing back to the original name restores the domain assignments.
Projects cannot be removed
Projects created in ASM 7.0.0 cannot currently be removed. This feature will be provided in an upcoming release.