Release Notes - Version 5.0¶
This is the first release for CentOS 9. Version 5 for all server products, including: TeamDrive Registration Server, TeamDrive Host Server and TeamDrive Web Portal is required for CentOS 9.
5.0.0 (2024-08-01)¶
The “standalone” version of the Registration Server is no longer supported (REGSERVER-1823). This means that a Registration Server must always be connected to a TDNS (TeamDrive Name Server) instance. The options on setup of a new server are “Standard” or “Master” Registration Server.
A Provider may now specify that manual activation of devices is required (REGSERVER-1854). This feature enabled by setting the Provider setting;
MANUAL_ACTIVATION_REQUIRED
toTrue
. See requiring_manual_activation for a detailed description of this feature.Added a new Provider setting:
NEW_DEVICE_NOTIFICATION_LIST
which is a list of users to be notified when a new device is installed.The server now supports paging when fetching a large number of keys from the Key Repository (REGSERVER-1849). This fixes problems involving accounts with over 1200 spaces, but also requires a TeamDrive Client update (TDCLIENT-3241).
Added setting
AssumeHttpsAccess
(REGSERVER-1848). If set toTrue
then the Registration Server will assume that clients are using HTTPS to connect to the server (see AssumeHttpsAccess for details).Added new email template: “public-file-download” (HOSTSERVER-905). This is sent to notify users that a public file has been downloaded.
Changed the “From:” on license report emails from the Provider email address to the
EMAIL_SENDER_EMAIL
Provider setting (REGSERVER-1838).API: The <shadowkeyhash> tag is now returned by several API calls (“loginuser”, “getuserdata”, “registeruser”, “verifyauthorizationtoken”, “getinboxkeyseq”, “authenticateuser”) so that the caller can detect a change of the user password, or an explicit logout (REGSERVER-1850).
Improved handling of various 2-Factor Authentication (2FA) flags (REGSERVER-1863). In general the rules are as follows: 1. Explicit DISABLE on the account level overrides everything (but cannot disable
2FA done by the External Authentication Service).
- Explicit ENABLE (Email OTP, Google Authenticator or MS Authenticator) overrides
everything (which means if 2FA is done by the External Authentication Service, then 2FA will be performed twice).
- Otherwise:
- 3.1. If 2FA is done by the External Authentication Service, then this disables
the account level settings, but not the user level setting (see above).
3.2. If 2FA is enable on the account level, then this applies. 3.3. If 2FA is enable for Web logins only, on the account level, then will be
applied.
Added support for updating the public/private keys of old TeamDrive client installations (REGSERVER-1873). Update to client version 5.1.2 is required.
Settings that allow the use of HTTP rather than HTTPS have been deprecated (REGSERVER-1865). This means HTTPS is now used by all URLs that reference the server and the setting
EnforceHttps
has therefore been removed.The Provider settings:
REG_SERVER_PROTOCOL
andHOST_SERVER_PROTOCOL
will be removed in a future version. These settings are now hidden (not visible in the Admin Console), and are set to “https” during the server upgrade process.These setting control the protocol used by the TeamDrive clients when accessing all Registration and Host Servers. This change ensures that there are no longer any acceptions and all clients belonging to the Registration Server will use HTTPS when accessing TeamDrive servers.
The setting
SimulateRegServer20
is deprecated and has been removed. Compatibility with TeamDrive 2.0 clients is no longer guaranteed by the Registration Server. Please upgrade to the latest version as soon as possible.Fixed error: “Parameter login-url value missing” when creating a Web Portal service (REGSERVER-1847).
Security¶
Support HMAC hashing based keys for the Host Server API access (REGSERVER-1826).
It is now possible to set the Authorisation Type on services belonging to other Registration Servers (REGSERVER-1825). This applies to Shop and Web Portal services that are referenced using the
SHOP_SERVICE_NAME
andWEBPORTAL_SERVICE_NAME
Provider settings.In other words, if you have a Shop or Web Portal that provides services to multiple Registration Servers, then the authorisation type and key can be specified separately for each Registration Server.
The “References” column has been added to the Service list in the Admin Console, which indicates references to a service from other Providers. This column is only filled after a Registration Server update.
Added support for Microsoft Authenticator App for users that require 2-Factor authentication (REGSERVER-1861). This feature requires a client update.
The Registration Server no longer support the Diffie-Hellmen (DH) public/private keys, also known as DH/1.0 keys (REGSERVER-1864). Only RSA public/private keys are supported.
In some cases this may require a TeamDrive client update to version 5.2.0. This includes:
- some client installations from 2012 or earlier,
- the Key Repository is enabled with a large number of keys (> 500 Spaces),
- a large profile picture is uploaded,
- an large activity report is sent via email by the client.
External Authentication¶
You can now specify that an External Authentication Services performs Two-facter Authentication (2FA). In this case the Registration Server will not perform 2FA when the user’s account is set to 2FA required (REGSERVER-1815).
External authentication now supports “session based” login (REGSERVER-1851). Using this method, the TeamDrive App redirects to the Auth Service, and then use a (previously obtained) session ID to verify whether the login is successful. This removes the need for an embedded browser in the TeamDrive Desktop App.
External Authentication: when accessing a Authentication Service that does not return the service name (in the verify authentication token reply), then the Provider setting
DEFAULT_AUTH_SERVICE_NAME
must be set.Note that this is only the case when dealing with an Authentication Service that has not been upgraded (or cannot be upgraded) to the latest version.
Administration Console¶
- A column “Referenced By” has been added to the list of Services on the “Manage Domains & Services” page. This column contains a list of Providers that reference the service.
- It is now possible to disable access to the Admin Console for a specific Provider (REGSERVER-1853). When disabled, no user or administrator of the Provider is allowed to login to the Admin Console.
- When deleting a user you can now add a comment (REGSERVER-1827). This will appear in the change history of users in the Admin Console.
- Fixed listing of Spaces on the “Edit Depot” Depot page (REGSERVER-1837).
- Fixed the “Move Space” dialog on the “Edit Depot” page which was returning an when the Depot owner was entered (REGSERVER-1870).
- Fixed the output of the “Edit Auto Task” page.
- Removed certain incorrect entries from the Depot “Change History” (REGSERVER-1839).