Archive

Enhancements

• To allow the complete removal of the LDAP Server in the near future, the DevOps Portal is now managing local user directories in the Atlassian tools Jira, Confluence, and Bitbucket. For the log-in of the users, nothing is changed, Single-sign on (SSO) works as before.

Improvements

• Like Portal Admins, Project admins can now add additional tools to their projects. Please note, that a tool cannot be removed from a project once it was added.

The LDAP-Server being part of the Identity and Access Management turned out to be unfortunately unstable for instances with 2000 users and more. LDAP is an old protocol anyway, and OpenID Connect is the better solution. Still, a lot of work had to be done to do completely without an LDAP-Server. Now we are migrating Jira, Confluence, and Bitbucket from LDAP backed user directories to local user directories which are managed by the DevOps Portal like it was always done for technical users. The SSO (single-sign-on) will not change, as it is already based on OpenID Connect provided by Keycloak.

As a consequence, we have to drop support for using user passwords to authenticate to APIs of Jira, Confluence, and Bitbucket. This especially also includes using git over HTTPS.

In the future, it will be required to use Personal Access Tokens instead of passwords. This will also increase the security of your account. Therefore, we advise you to start immediately using Personal Access Token where necessary.

Nothing will change for accessing the web user interfaces of these tools. Here you can simply stick to the established SSO (single-sign-on) which asks for your username and password for new sessions.

• Create HTTP Access Token for git usage 
• How to create Personal Access Tokens in Jira and Confluence

Technical users for Jira, Confluence, or Bitbucket which have been created using the DevOps Portal are not affected. They are especially designed for API access only and will continue to work as before.

We have moved the technical documentation for DevOps-as-a-Service, which is publicly accessible on the Internet, from Confluence to X-Wiki. We recommend using the shortcut https://docs.devops.t-systems.net to get to the right place. This URL is also linked in the footer of the DevOps Portal since v1.6.8 as "User Manual".

Please update your bookmarks accordingly. The now obsolete Confluence space will not receive any updates and will be removed in the near future.

New Features

AI Operator

• The Portal now supports the new tool AI Operator. AI Operator is an interactive chat which can answer questions about a project. The knowledge of AI Operator is retrieved from uploaded files which contain project documentation.

Enhancements

• Project admins can now edit and save their projects. This can be used to change the name or description of a project. As always, the change is automatically propagated to all tools.
• A custom plugin was developed for Jira which will now delete screens, screen schemes, and issue-type screen schemes which are no longer used. This is triggered by the DevOps Portal every time a project is deleted. This saves resources and speeds up Jira.

Improvements

• Users with the Portal role CREATOR can now see all users, even when they are not in the default organization. Due to this, they can add now anybody to the projects they have created. For ADMINs this was always possible. Therefore, being not a member of the default organization only limits user visibility for users with a standard portal role.
• When resync roles is invoked on a project, it will also remove users from tools for which they don't have a licence assigned. This is just done for completeness. User are already removed from a tool when the license is unassigned from them.
• Browsers will now use the DevOps-as-a-Service icon instead of a generic icon when installing the DevOps Portal as a web application. The feature is not supported by all browsers at the moment, but works at least in Chrome, also on mobile devices. See https://developer.mozilla.org/en-US/docs/Web/Manifest for compatibility information.
• Adapted URLs for IDEaaS to latest version
• Adapted data retrieval to latest LDAP server version

Security

• Encryption of passwords for technical users was changed to fulfill latest PSA recommendations.
• Access to the portal database is now done using SSL
• The API call for organizations now just returns information required for the permission level of the logged-in user.

Bugfixes

• Unlock user did not work for locked users, which were still assigned to a tool, which has been removed in the meantime from the instance.
• For some users, enabling 2FA did not work. The issue was fixed.