Skip to main content
Version: 7.3

Release notes

Axiomatics Services Manager (ASM) features, bug fixes, and known issues by release date.

Version 7.3.0

What's new

  • Kubernetes Axiomatics registry

    With this update, ASM offers the option for easier Kubernetes deployments using a pre-configured remote registry provided by Axiomatics. This new registry eliminates the need to download, build, and push the Docker images, enabling quicker deployments.

  • Attribute Connector versions

    The development of other Axiomatics components that use attribute connectors makes it necessary to state explicitly the version numbers of the attribute connectors that are compatible with the release of each component.

    ASM 7.3.0 is delivered with the following versions of the standard attribute connectors:

    • LDAP Attribute Connector 6.3.0
    • SQL Attribute Connector 6.2.2
    • Table Attribute Connector 7.0.0
    note

    Earlier versions of the attribute connectors should be considered incompatible with this version of ASM and should not be used. Updated versions of the attribute connectors may be released, which may be installed and used with this version of ASM. They should be subject to compatibility information for each attribute connector, respectively.

Improvements

  • asm-core image size reduction

    The image size of asm-core was reduced allowing for quicker transfer and deployment times.

  • Keycloak upgrade

    Keycloak version 20.0.3 is now included with ASM.

  • Policy Designer quicker load times

    This version includes several Policy Designer code improvements for quicker load times.

  • New Policy Designer system messages

    Policy Designer was updated to provide informative messages when configuration issues occur.

  • Policy Designer configuration improvement

    Previously, you could only configure Policy Designer during the ASM deployment stage. If you skipped configuring Policy Designer during this stage, you wouldn't be able to use it later. With this update, you can configure Policy Designer at any time after deploying ASM, which increases deployment flexibility.

Fixed issues

  • Disabled attribute cache causes ADS initialization failure

    Previously, ADS could not be initialized if it was configured to retrieve its authorization domain from ASM and the attributes cache was disabled in the ASM Attribute Connector Management UI (the default behavior).

    This has been resolved, and no workarounds are required.

  • Maven-related error when building ASM

    Fixed an issue that was causing Docker deployments to fail due to a problem with the certificate on Maven's repository.


Version 7.2.0

What's new

  • Policy Designer

    Policy Designer is a web application bundled with ASM that allows business and application owners to express simple policies in a natural language, removing the burden of learning a formal authorization language.

    Policy Designer enables orchestrated authorization across an organization by focusing on the following key goals:

    • Accelerate adoption: Accelerate the adoption of orchestrated authorization.
    • Reduce burden: Reduce policy authoring burden on the IAM/Security team.
    • Scale securely: Empower every application owner to create secure authorization policies.
    • Gain insights: Gain policy insights to evolve the overall authorization strategy.
  • Kubernetes deployment

    ASM offers enhanced support for deployments with Kubernetes (K8s) that achieve improved stability, availability, and efficiency. K8s allows you to easily scale your application and provides self-healing capabilities to restart or replace a container when it fails or crashes. This results in high uptime and performance while reducing costs and administration requirements.

Known issues

  • License update on Kubernetes environments

    The license update procedure through the UI of ASM is not functional on Kubernetes environments. Instead, the procedure should be carried out using the CLI.


Version 7.1.0

What's new

  • Dashboard for authorization metrics

    The Dashboard is a new feature introduced to ASM, providing visualization of key metrics for monitoring the authorization performance of the running ADS instances. The metrics data for the graphs of the Dashboard are published by ADS to ASM, and stored in an instance of InfluxDB running within ASM.

    Graphs display Request Rate (successful requests and errors), Decisions (number of permit/deny/indeterminate/not applicable), and Request Latency (the distribution of the duration of the requests).

    The Dashboard (and the inclusion of the supporting InfluxDB instance) is an optional feature that can be enabled and disabled by the choice of startup command for ASM.

  • User role domain-auditor added

    The role domain-auditor has been added to the user configuration options. This new role is used to manage access to historical data, for example for auditing. Consequently, a user must be assigned this role to have access to the Roll back functionality of ASM.

  • Attribute Connector versions

    The development of other Axiomatics components that use attribute connectors makes it necessary to state explicitly the version numbers of the attribute connectors that are compatible with the release of each component.

    ASM 7.1.0 is delivered with the following versions of the standard attribute connectors:

    • LDAP Attribute Connector 6.3.0
    • SQL Attribute Connector 6.2.2
    • Table Attribute Connector 7.0.0
    note

    Earlier versions of the attribute connectors should be considered incompatible with this version of ASM and should not be used. Updated versions of the attribute connectors may be released, which may be installed and used with this version of ASM. They should be subject to compatibility information for each attribute connector, respectively.

Fixed issues

  • Online documentation updates

    Various revisions and amendments to improve the clarity and usability of the online documentation. In addition, the following chapters have been added:

    • Upgrade
    • Backup and Restore
  • Export button becoming unresponsive after executed export

    Previously, the Export button in the Domain Management UI became unresponsive after one use, and a new export was possible only after a page reload. This has been fixed and the Export button now works as expected.

Known issues

  • Disabled attribute cache causes ADS initialization failure

    Attribute caching configuration is optional for ADS. If attribute caching configuration is enabled, then the minimum accepted attribute cache parameters values are 1. In the ASM Attribute Connector Management UI, the attributes cache is disabled by default ("Default" = Time to live (seconds)=0, Max cache size=0). The same values apply for the "NoCache" attribute cache configuration (“NoCache” = Time to live (seconds)=0, Max cache size=0).

    When ADS tries to retrieve a domain with zero attribute configuration settings, then ADS cannot be initialized. The issue exists only in the case when ADS is configured to retrieve its authorization domain from ASM. As a workaround the ASM users must navigate to the attribute connectors management UI in the Cache Configuration tab and update the "Default" cache settings (Time to live (seconds), Max cache size) from (0,0) to (1,1).

    On top the "NoCache" attribute cache configuration should not be used.


Version 7.0.1

Fixed issues

  • State of the containers externalized by using volumes

    Previously, if ASM was stopped using the command docker-compose down, it resulted in the loss of the ASM database, as this command stops the container and removes all the running services. This has been fixed. ASM now uses volumes to externalize the state of the containers, ensuring the persistence of data generated by and used by Docker containers. ASM can now be stopped and restarted without the risk of losing container data.

  • Online documentation updates

    Various revisions and amendments to improve the clarity and usability of the online documentation.

Known issues

  • Lack of clarity regarding JDBC and JNDI data sources for attribute connectors

    Only the JDBC data source is supported in ASM 7.x. JNDI is not supported. However, in the UI of the Attribute Connector configuration for SQL and Table, JNDI still appears as an option, and there is also an advice against using JDBC displayed. This can be disregarded.

    The performance problem referred to in the UI does not apply anymore, and JDBC must be selected as the data source for a working configuration of an attribute connector.


Version 7.0.0

What's new

  • Simplified installation of ASM

    This release introduces a simplified way to install and run ASM based on Docker. The new installation process delivers the functionality of ASM without the need to install and run a separate application server.

  • New ASM license required

    The ASM 7.0.0 application requires a version 7.0.0 license. A license created for any previous version of ASM will not work. Contact Customer Support for more information.

  • Online documentation

    The documentation for ASM has been converted to an online format, and is now exclusively available at https://docs.axiomatics.com. PDFs are no longer included in the distribution. The online distribution model will improve availability and ensure that users always have easy access to the latest version of the documentation.

  • Domain Management redesigned

    The Domain Management functionality has been refactored with a new user interface and an enhanced workflow. This is intended to provide users with an improved user experience when creating, editing, and managing domains in ASM.

    Three new features are introduced to Domain Management:

    • Copy will allow users to copy the contents of a domain to another domain.
    • Roll back will allow reverting to an earlier version of a domain.
    • Delete will allow users to delete a domain.
  • ASM can call endpoints directly

    It is possible to manage domains by calling the endpoints directly, using a domain management API, as an alternative to using the UI. The project functionality of ASM is implemented in the API via the use of namespaces. This domain management API is also supported by the standalone component Authorization Domain Manager (ADM). See the "Domain Management" section of the documentation for more information.

  • Attribute Connector versions

    The development of other Axiomatics components that use attribute connectors makes it necessary to state explicitly the version numbers of the attribute connectors that are compatible with the release of each component.

    ASM 7.0.0 is delivered with the following versions of the standard attribute connectors:

    • LDAP Attribute Connector 6.1.1
    • SQL Attribute Connector 6.2.2
    • Table Attribute Connector 7.0.0
    note

    Earlier versions of the attribute connectors should be considered incompatible with this version of ASM and should not be used. Updated versions of the attribute connectors may be released, which may be installed and used with this version of ASM subject to compatibility information for each attribute connector, respectively.

  • Database platform support

    ASM 7.0.0 only supports PostgreSQL for the ASM database. This is handled automatically during the installation, during which a PostgreSQL database is provided and configured for the purpose.

  • Services management for ASM-PDP has been removed

    The Services management functionality for ASM-PDP has been removed. ASM 7.x will not manage ASM-PDP instances. Access Decision Service (ADS) is the primary authorization engine for ASM 7.x onwards.

Known issues

  • Missing or invalid license blocks ASM

    If ASM 7.0.0 is initialized with a missing or invalid license during startup, all further actions are blocked. An invalid license would be an expired ASM 7.0.0 license or a license created for any previous version of ASM.

    To resolve the issue of an invalid license, replace the invalid license with a valid license and run the docker compose -- build command again.

    To resolve the issue with a missing license, navigate to the docker\ folder of the extracted distribution. There you will find an empty folder with the name of the license file. Delete the folder, put a valid license file in the docker/ folder and run the docker compose -- build command again.

  • Error message appears on user's first login

    When a new user logs in for the first time, an error message may appear. Logging out and then logging back in again will resolve this. If the user has not yet been assigned to a project, an information message to that effect will be displayed.

  • Export button unresponsive after executed export

    When the Export button in the Domain Management UI is clicked, the authorization domain is exported as expected. After that, the button becomes unresponsive for that particular domain, and clicking it again will not trigger a new export action. Reloading the page will make the button responsive again.

  • Changing project name causes domains to be unavailable

    If the name of a project is changed, the authorization domains previously assigned to that project can no longer be retrieved. Changing back to the original name restores the domain assignments.

  • Projects cannot be removed

    Projects created in ASM 7.0.0 cannot currently be removed. This feature will be provided in an upcoming release.