From 69ab803e61f50952f91ff0f7687e2c1593122b1d Mon Sep 17 00:00:00 2001 From: Joe DeCock Date: Thu, 12 Dec 2024 10:22:53 -0600 Subject: [PATCH] Update docs for 7.1.0-rc.1 - Trial Mode - New defaults for options - 7.0 to 7.1 upgrade guide --- .../docs/content/fundamentals/license_key.md | 22 ++++--- .../v7/docs/content/reference/options.md | 6 +- .../v7/docs/content/upgrades/v7.0_to_v7.1.md | 61 +++++++++++++++++++ .../layouts/partials/menu.html | 24 ++++---- .../layouts/partials/search.html | 2 +- root/trial-mode.html | 3 + 6 files changed, 95 insertions(+), 23 deletions(-) create mode 100644 IdentityServer/v7/docs/content/upgrades/v7.0_to_v7.1.md create mode 100644 root/trial-mode.html diff --git a/IdentityServer/v7/docs/content/fundamentals/license_key.md b/IdentityServer/v7/docs/content/fundamentals/license_key.md index 2b72aa95..53e45732 100644 --- a/IdentityServer/v7/docs/content/fundamentals/license_key.md +++ b/IdentityServer/v7/docs/content/fundamentals/license_key.md @@ -3,7 +3,7 @@ title: "Licensing" weight: 60 --- -IdentityServer is free for development, testing and personal projects, but production use +IdentityServer is [free](#trial-mode) for development, testing and personal projects, but production use requires a [license](https://duendesoftware.com/products/identityserver). ## Editions @@ -14,7 +14,7 @@ The Starter edition includes the core OIDC and OAuth protocol implementation. Th economical option that is a good fit for organizations with basic needs. It's also a great choice if you have an aging IdentityServer4 implementation that needs to be updated and licensed. The Starter edition includes all the features that were part of -IdentityServer4, along with support for the latest .NET release, improved observability +IdentityServer4, along with support for the latest .NET releases, improved observability through OTEL support, and years of bug fixes and enhancements. #### Business Edition @@ -44,10 +44,9 @@ If present, the content of the file will be used as the license key. #### Startup -If you prefer to load the license key programatically, you can do so in your startup code. -This allows you to use the ASP.NET configuration system to load the license key from any -[configuration -provider](https://learn.microsoft.com/en-us/aspnet/core/fundamentals/configuration/?view=aspnetcore-7.0#cp), +If you prefer to load the license key programmatically, you can do so in your startup +code. This allows you to use the ASP.NET configuration system to load the license key from +any [configuration provider](https://learn.microsoft.com/en-us/aspnet/core/fundamentals/configuration/?view=aspnetcore-7.0#cp), including environment variables, appsettings.json, an external configuration service such as Azure App Configuration, etc. @@ -72,7 +71,7 @@ validation. #### Startup Validation At startup, IdentityServer first checks for a license. If there is no license configured, IdentityServer logs a warning indicating that a license is required in a production -deployment. You can ignore these messages in non-production environments. +deployment and enters [Trial Mode](#trial-mode). Next, assuming a license is configured, IdentityServer compares its configuration to the license. If there are discrepancies between the license and the configuration, @@ -96,6 +95,15 @@ Again, the absence of a license is permitted for development and testing, and th does not disable any of these features. Similarly, using an expired license that includes those features does not cause those features to be disabled. +#### Trial Mode +Using IdentityServer without a license is considered Trial Mode. In Trial Mode, all +enterprise features are enabled. Trial Mode is limited to 500 protocol requests. This +includes all HTTP requests that IdentityServer itself handles, such as requests for the +discovery, authorize, and token endpoints. UI requests, such as the login page, are not +included in this limit. Beginning in IdentityServer 7.1, IdentityServer will log a warning +when the trial mode threshold is exceeded. In a future version, IdentityServer will shut +down at that time instead. + ## Redistribution We understand that when IdentityServer is redistributed, log messages from the licensing system are not likely to be very useful to your redistribution customers. For that reason, diff --git a/IdentityServer/v7/docs/content/reference/options.md b/IdentityServer/v7/docs/content/reference/options.md index d4b6d2b3..0a2c7c3a 100644 --- a/IdentityServer/v7/docs/content/reference/options.md +++ b/IdentityServer/v7/docs/content/reference/options.md @@ -326,17 +326,17 @@ Logging related settings, including filters that will remove sensitive values an * ***TokenRequestSensitiveValuesFilter*** - Collection of parameter names passed to the token endpoint that are considered sensitive and will be excluded from logging. Defaults to *client_secret*, *password*, *client_assertion*, *refresh_token*, and *device_code*. + Collection of parameter names passed to the token endpoint that are considered sensitive and will be excluded from logging. In *v7.0* and earlier, defaults to *client_secret*, *password*, *client_assertion*, *refresh_token*, and *device_code*. In *v7.1*, *subject_token* is also excluded. * ***BackchannelAuthenticationRequestSensitiveValuesFilter*** - Collection of parameter names passed to the backchannel authentication endpoint that are considered senstivie and will be excluded from logging. Defaults to *client_secret*, *client_assertion*, and *id_token_hint*. + Collection of parameter names passed to the backchannel authentication endpoint that are considered sensitive and will be excluded from logging. Defaults to *client_secret*, *client_assertion*, and *id_token_hint*. * ***UnhandledExceptionLoggingFilter*** (added in *v6.2*) A function that is called when the IdentityServer middleware detects an unhandled exception, and is used to determine if the exception is logged. The arguments to the function are the HttpContext and the Exception. It should return true to log the exception, and false to suppress. - The default is to suppress *TaskCanceledException*s when the *CancellationToken* on the *HttpContext* has requested cancellation. Such exceptions are thrown when Http requests are canceled, which is an expected occurrence. Logging them creates unnecessary noise in the logs. + The default is to suppress logging of cancellation-related exceptions when the *CancellationToken* on the *HttpContext* has requested cancellation. Such exceptions are thrown when Http requests are canceled, which is an expected occurrence. Logging them creates unnecessary noise in the logs. In *v7.0* and earlier, only *TaskCanceledException*s were filtered. Beginning in *v7.1*, *OperationCanceledException*s are filtered as well. ## InputLengthRestrictions diff --git a/IdentityServer/v7/docs/content/upgrades/v7.0_to_v7.1.md b/IdentityServer/v7/docs/content/upgrades/v7.0_to_v7.1.md new file mode 100644 index 00000000..14a9f818 --- /dev/null +++ b/IdentityServer/v7/docs/content/upgrades/v7.0_to_v7.1.md @@ -0,0 +1,61 @@ +--- +title: "Duende IdentityServer v7.0 to v7.1" +weight: 29 +--- + +## What's New + +IdentityServer v7.1 includes support for .NET 9 and many other smaller fixes and +enhancements. Please see our [release +notes](https://github.com/DuendeSoftware/IdentityServer/releases/tag/7.1.0-rc.1) for +complete details. + +There are no schema changes needed for IdentityServer 7.1. There are two changes that may require small code changes for a minority of users: +- IdentityModel renamed Duende.IdentityModel +- *ClientConfigurationStore* now uses IConfigurationDbContext + +## Step 1 (Optional): +IdentityServer 7.1 supports both .NET 8 and 9. If you wish, you can update your .NET version as part of this upgrade. + +For example in your project file: + +``` +net8.0 +``` + +would change to: + +``` +net9.0 +``` + +Any NuGet packages that you are using that target an older version of .NET should also be updated. +For example, the version of *Microsoft.EntityFrameworkCore.SqlServer* or *Microsoft.AspNetCore.Authentication.Google* should be updated. +Depending on what your IdentityServer host project is using, there may or may not be code changes based on those updated dependencies. + +## Step 2: + +In your IdentityServer host project, update the version of the Duende.IdentityServer package. +For example in your project file: + +``` + +``` + +would change to: + +``` + +``` + +## Step 3: Breaking Changes + +#### IdentityModel renamed Duende.IdentityModel +Our open source IdentityModel library has been renamed Duende.IdentityModel, and we now depend on Duende.IdentityModel instead of IdentityModel. Duende.IdentityModel is a drop-in replacement for IdentityModel with updated namespaces that include the Duende prefix. If you are using IdentityModel's types in your IdentityServer implementation, you will need to update references from IdentityModel to Duende.IdentityModel (replace "using IdentityModel" with "using Duende.IdentityModel")._ + +#### ClientConfigurationStore now uses IConfigurationDbContext +The *ClientConfigurationStore* in the *Duende.Configuration.EntityFramework* package now depends on *IConfigurationDbContext* instead of *ConfigurationDbContext* to allow for customization. If you have a customized store that derives from the default store, you may need to update your constructors. Note that this only affects the Entity Framework based implementation of the configuration store used by the dynamic client registration configuration API. + +## Step 4: Done! + +That's it. Of course, at this point you can and should test that your IdentityServer is updated and working properly. \ No newline at end of file diff --git a/IdentityServer/v7/docs/themes/hugo-theme-learn/layouts/partials/menu.html b/IdentityServer/v7/docs/themes/hugo-theme-learn/layouts/partials/menu.html index 5583eda0..b7ae55e4 100644 --- a/IdentityServer/v7/docs/themes/hugo-theme-learn/layouts/partials/menu.html +++ b/IdentityServer/v7/docs/themes/hugo-theme-learn/layouts/partials/menu.html @@ -14,7 +14,7 @@
    - {{if eq .Site.Params.ordersectionsby "title"}} + {{if eq .Site.Params.ordersectionsby "title"}} {{range .Site.Home.Sections.ByTitle}} {{ template "section-tree-nav" dict "sect" . "currentnode" $currentNode "showvisitedlinks" $showvisitedlinks}} {{end}} @@ -22,7 +22,7 @@ {{range .Site.Home.Sections.ByWeight}} {{ template "section-tree-nav" dict "sect" . "currentnode" $currentNode "showvisitedlinks" $showvisitedlinks}} {{end}} - {{end}} + {{end}}
{{ $disableShortcutsTitle := .Site.Params.DisableShortcutsTitle}} @@ -31,7 +31,7 @@

{{ if not $disableShortcutsTitle}}{{ T "Shortcuts-Title"}}{{ end }}

    {{ range sort . "Weight"}} -
  • +
  • {{.Pre}}{{safeHTML .Name}}{{.Post}}
  • {{end}} @@ -39,11 +39,11 @@

    {{ if not $disableShortcutsTitle}}{{ T "Shortcuts-Title"}}{{ end }}

    {{end}} - {{ if or .Site.IsMultiLingual $showvisitedlinks }} + {{ if or hugo.IsMultilingual $showvisitedlinks }}

      - {{ if and .Site.IsMultiLingual (not .Site.Params.DisableLanguageSwitchingButton)}} + {{ if and hugo.IsMultilingual (not .Site.Params.DisableLanguageSwitchingButton)}}
    • @@ -77,7 +77,7 @@

      {{ if not $disableShortcutsTitle}}{{ T "Shortcuts-Title"}}{{ end }}

    • {{end}} - + {{ if $showvisitedlinks}}
    • {{T "Clear-History"}}
    • {{ end }} @@ -99,7 +99,7 @@

      {{ if not $disableShortcutsTitle}}{{ T "Shortcuts-Title"}}{{ end }}

      {{with .sect}} {{if and .IsSection (or (not .Params.hidden) $.showhidden)}} {{safeHTML .Params.head}} -
    • {{ $currentNode.Scratch.Set "pages" (.Pages | union .Sections) }} {{end}} {{ $pages := ($currentNode.Scratch.Get "pages") }} - - {{if eq .Site.Params.ordersectionsby "title"}} + + {{if eq .Site.Params.ordersectionsby "title"}} {{ range $pages.ByTitle }} - {{ if and .Params.hidden (not $.showhidden) }} + {{ if and .Params.hidden (not $.showhidden) }} {{else}} {{ template "section-tree-nav" dict "sect" . "currentnode" $currentNode "showvisitedlinks" $showvisitedlinks }} {{end}} {{ end }} {{else}} {{ range $pages.ByWeight }} - {{ if and .Params.hidden (not $.showhidden) }} + {{ if and .Params.hidden (not $.showhidden) }} {{else}} {{ template "section-tree-nav" dict "sect" . "currentnode" $currentNode "showvisitedlinks" $showvisitedlinks }} {{end}} {{ end }} {{end}}
    - {{ end }} + {{ end }} {{else}} {{ if not .Params.Hidden }} diff --git a/IdentityServer/v7/docs/themes/hugo-theme-learn/layouts/partials/search.html b/IdentityServer/v7/docs/themes/hugo-theme-learn/layouts/partials/search.html index b6ce9cfc..b14e2737 100644 --- a/IdentityServer/v7/docs/themes/hugo-theme-learn/layouts/partials/search.html +++ b/IdentityServer/v7/docs/themes/hugo-theme-learn/layouts/partials/search.html @@ -7,7 +7,7 @@