If you support technology that depends on CalNet tools, this is the best place to look to understand if something in the CalNet technology stack has changed and how it could be affecting your services. You can also sign up to receive notices when CalNet has a new release. To subscribe to the list, go to: https://groups.google.com/a/lists.berkeley.edu/d/forum/calnet-releases and click JOIN.
Upcoming Releases
September 27, 2023, 7:00 am
As part of this release, Duo is deprecating the existing device management integrations that are used as part of new user on-boarding and self-service device management via the CalNet Account Manager (CAM). We will be changing both the CalNet claim process and post-claim processes for managing Duo devices. For existing users we are enabling Duo's new Duo Central for device management. This requires that we configure Duo SSO, Duo Central, and integrate them with our existing SAML federation. There is no expected impact to current Duo 2-step functionality as this is a separate feature. This change is to enable these features so that our developers can work on the changes to CAM. Future change requests and communications will address user impact and process changes. CMR: CHG0037120
Services Affected:
- Duo
- CAM
- LDAP
Recent Releases
September 21, 2023, 7:00 pm
In this release, there were changes to GitHub Actions Configuration for SPA Admin App. CMR: CHG0037096
Services Affected:
- SPA Admin App
- LDAP
September 8, 2023, 7:00 am
This release featured patching of Red Hat Enterprise Linux servers to address errata published by Red Hat. This included bug fix, security, and enhancement updates to packages maintained in official Red Hat repositories. In addition we applied patches as needed from custom repositories for Zabbix and Duo. CMR: CHG0037055
Services Affected:
- Zabbix
- Duo
- LDAP
September 7, 2023, 7:00 pm
This release was an upgrade of the CalNet identity management suite that included an infrastructure change to switch to containerization of the Tomcat application server. A Tomcat upgrade was necessary to support the Spring Boot 3 upgrade, also part of this upgrade. There was a 2 hour outage associated with this release.
Release Notes:
Upgrade to Spring Boot 3
Containerization of the services Tomcat app server and upgrade to Tomcat 10 for Spring Boot 3
Support SIS Campus Solutions student claim access codes (will not be enabled until later date)
CNR-2292,CNR-2042: Remove references to affiliates OU that was removed from LDAP some time ago
CNR-2315: Give SUPPORT role ability to see the lock info on the CAT show person page
CNR-2314: Add raw SORObject view (aka 'grey arrows') back for people in the 'View' group in CAT
CNR-2320,CNR-2329: CAT lock emails going out when email button not selected
CNR-2326: Add Ucpath I-280 BUSN telephone numbers to BPR telephone table
CNR-2317: PostgreSQL 14 in development environment
CNR-2336: A nightly job to clean up the various expired token rows in BPR tables
CNR-2319: Improve error message when guest-type-potential-hire tries to claim an account
CNR-2338: CAM ClaimService isEligibleToClaimAccount needs additional checks
CNR-2344: Improve part of ucpath ddods query for efficiency
CNR-2298: Use GitHub Actions
CMR: CHG0037017
Services Affected:
- CAT
- UCPath
- CAM
- LDAP
September 3, 2023, 9:00 am
As a part of this release, we upgraded CAS on the production auth.berkeley.edu cluster to 6.6. This upgrade involved moving to a new cluster running RHEL9 and many architectural changes and underlying library upgrades. An outage was not anticipated; however, because the underlying service ticket registry cluster version was being upgraded clients who authenticate the morning of this change lost their SSO session and were required to re-auth when accessing any SSO applications after the upgrade. CMR: CHG0037004
Services Affected:
- CAS
- LDAP
July 13, 2023, 5:00 pm
For this release, we patched Red Hat Enterprise Linux servers to address errata published by Red Hat. This included bug fix, security, and enhancement updates to packages maintained in official Red Hat repositories. In addition we applied patches as needed from custom repositories for Zabbix and Duo. CMR: CHG0036887
Services Affected:
- Zabbix
- Duo
- LDAP
June 21, 2023, 7:30 pm
For this release, as a last step to complete CalNet's portion of the UCPath GRLN deployment, we reenabled a regularly scheduled job that requests update messages for employees. (Otherwise known as the I-371 job.) This job was disabled as part of CHG0036664 on June 16th. This CHG reenabled it after GRLN go-live. CMR: CHG0036666
Services Affected:
- UCPath
- CalNet
- LDAP
June 20, 2023, 6:00 am
For this release, UCPath launched their GRLN (Lived Name) changes and CalNet needed to deploy changes as part of the project:
#1) Turned back on UCPath data processing that was previously turned off for the UCPath GRLN downtime window that began on June 16th.
#2) Deployed code changes to adapt to the new way that UCPath would be storing lived names in the DDODS database.
#3) Deployed code changes to change how names are set in LDAP and Active Directory to align with lived names that are now stored in UCPath for active employees and UCPath affiliates. These UCPath lived names were to replace the preferred names that employees and UCPath affiliates had previously set in the Directory Update application. It was expected many names in LDAP would change due to this change.
#4) Deployed a change to the Directory Update Application hosted at directory.berkeley.edu that disallowed active employees to change their preferred name in the application and provided a link to UCPath where their name could be changed within UCPath.
CMR: CHG0036665
Services Affected:
- UCPath
- CalNet
- LDAP
- Active Directory
June 16, 2023, 3:00 pm
As part of this release, UCPath was down starting June 16th at 3pm for the GRLN rollout. At approximately the same time all UCPath data processing was shut off for the CalNet identity management system. This required an application restart. CMR: CHG0036664
Services Affected:
- UCPath
- CalNet
- LDAP
June 16, 2023, 6:00 am
As part of this release, UCPath launched their GRLN (Lived Name) changes. With this update, CalNet no longer allows the generation of preferred (display) names using the Directory Update application (directory.berkeley.edu) for anyone with a staff affiliation. CMR: CHG0036667
Services Affected:
- UCPath
- CalNet Directory
- LDAP
June 7, 2023, 7:00 pm
This release included the following:
CNR-2265 CAT, limit displayed names to preferred (lived) names unless they have specific roles to grant access to other names that may include legal names
CNR-2118 Upgrade from h2db 1.4 to 2.1
CNR-2261 ucb-bidms should use same CalnetIdRules as CAM
CNR-2167 Convert calnet-ui from using Bower to using NPM
CNR-2264 Where possible, upgrade JavaScript dependencies in calnet-ui
CNR-2122 SGS Camel xmljson functionality has been deprecated and needs to be replaced with something else
CNR-2279 Create a REST service for changing uid on namespace entries
CNR-2280 There is a CS M02-related regression bug preventing admit role being asserted in some edge cases
CNR-1955 Reassign namespace entries when merging
CNR-2288 Upgrade CAT, CAM to latest Grails version
CNR-2284 Upgrade bidms dependencies, including Spring Boot
CNR-2121 Upgrade to Camel 3 for SGS
CMR: CHG0036676
Services Affected:
- CAT
- CAM
- LDAP
June 7, 2023, 7:00 pm
There were two parts to this release:
1. We *stopped* sending the samAccountName from Active Directory back to CAS as the asserted principal user ID. Instead, CAS now uses the user-supplied account name for attribute lookups after authentication is successful.
2. We configured CAS to check both the sAMAccountName and the alias section of the userPrincipalName during authentication (i.e. alias@BERKELEY.EDU(link sends e-mail)).
CMR: CHG0036702
Services Affected:
- CAS
- LDAP
June 1, 2023, 5:00 pm
This release involved patching of Red Hat Enterprise Linux servers to address errata published by Red Hat. This included bug fix, security, and enhancement updates to packages maintained in official Red Hat repositories. In addition we applied patches as needed from custom repositories for Zabbix and Duo. CMR: CHG0036705
Services Affected:
- CAS
- Grouper
- LDAP
- Shibboleth
April 20, 2023, 5:00 pm
This release involved patching of Red Hat Enterprise Linux servers to address errata published by Red Hat. This included bug fix, security, and enhancement updates to packages maintained in official Red Hat repositories. In addition we applied patches as needed from custom repositories for Zabbix and Duo. CMR: CHG0036590
Services Affected:
- CAS
- Grouper
- LDAP
- Shibboleth
April 19, 2023, 5:00 pm
This release involved patching of Red Hat Enterprise Linux servers to address errata published by Red Hat. This included bug fix, security, and enhancement updates to packages maintained in official Red Hat repositories. In addition we applied patches as needed from custom repositories for Zabbix and Duo. CMR: CHG0036589
Services Affected:
- CAS
- Grouper
- LDAP
- Shibboleth
March 28, 2023, 7:00 pm
As part of this release we removed the displayed userName from the default login and logout CAS pages. While these pages only allowed an authenticated user to see their own userName (e.g. CalNet ID), they also allowed accounts authenticated via trusted third-party sites to see their userName. This could have been undesirable in some cases. CMR: CHG0036528
Services Affected:
- CAS
March 23, 2023, 7:00 pm
This release involved patching of Red Hat Enterprise Linux servers to address errata published by Red Hat. This included bug fix, security, and enhancement updates to packages maintained in official Red Hat repositories. In addition we applied patches as needed from custom repositories for Zabbix and Duo. CMR: CHG0036457
Services Affected:
- CAS
- Grouper
- LDAP
- Shibboleth
March 16, 2023, 7:00 pm
This release upgraded our SAML IdP from 4.2.1 to 4.3.0 to address minor security vulnerabilities and ensure we are on the latest version. No outage was expected. CMR: CHG0036456
Services Affected:
- Shibboleth
March 15, 2023, 7:00 am
This release moved the current CalNet Directory Update application to a new host to help decommission the existing host. This involved a temporary redirect of the current http://directory.berkeley.edu(link is external) "Update your listing" link to the new URL. We requested that Public Affairs update that link at their leisure once we were confident the new host was working as expected with the temporary redirect. CMR: CHG0036451
Services Affected:
- CalNet Directory Update Application
March 12, 2023, 7:00 am
This release included changes to the underlying algorithm for storing hashed passwords for LDAP service accounts in ldap.berkeley.edu. CMR: CHG0036431
Services Affected:
- LDAP
March 2, 2023, 7:00 pm
This release included a configuration and restart for the new Cirrus API key. There was a brief outage associated with this release. CMR: CHG0036421
Services Affected:
- Cirrus
February 9, 2023, 1:00 pm
This release involved an enhancement/bug fix release for the CalNet BIDMS application suite. CMR: CHG0036376
CNR-2232: Improve the access denied error message for SPAs
CNR-2242: Fix AD error when locking expired people
CNR-2243: Remove unneeded reconciliation page cache
CNR-2250: Add clarifying log entries about AD passphrases when locking accounts
CNR-2251: Expand list of reserved CalNetIDs to align with bConnected
CNR-2252: Fix recognition of certain AD errors in setting passphrase
CNR-2253: (Test environment) Fix GreenMail plugin
CNR-2255: Fix displaying error message when invalid identifier type is selected on passphrase reset page
CNR-2256: Cirrus is requesting new credentials for their API endpoint
Services Affected:
- Special Purpose Accounts
- Active Directory (AD)
January 29, 2023, 7:00 am
This release performed maintenance recommended by our vendor to address some lingering error messages in our logs. The process was to reset the 'generation ID' of our replication domain to ensure any stale entries were not replicated. CMR: CHG0036342
Services Affected:
- LDAP
January 23, 2023, 5:00 pm
This release applied a required certificate update on the Apache ActiveMQ server used by CalGroups and the Berkeley Person Registry. CMR: CHG0036289
Services Affected:
- CalGroups
- Berkeley Person Registry
January 10, 2023, 5:00 pm
This release involved cadds enhancements to the BIDMS lock API that is needed for locking accounts in large batches. CMR: CHG0036286
Services Affected:
- CalNet Admin Tool (CAT)
- LDAP
- CalGroups API