MuseKnowledge™ Proxy 4.2 has been Launched

A new version of MuseKnowledge Proxy, the result of constantly adding features, is available since June 10th 2016 for downloadtrial and purchase/upgrade.

On source profiling for non IP vendor authentication, sources requiring Extractors can make use of inline server-side JavaScript for special processing of the tokens extracted. Sources requiring user certificate authentication are now covered via a client side JKS KeyStore containing a key pair (private key and certificate) and also using a KeyStore password that must coincide with the key pair one (Java’s standard).

Sources with bad SSL configuration, refusing the Server Name Indication extension and yielding “handshake alert: unrecognized_name” are also working as we found a JDK workaround to the global static Virtual Machine setting.

On integration side, HMAC login is used together with other login modules whose parameters besides authentication are used during the signature process. HMAC (keyed-hash message authentication code) signed and time limited links are securing login links with credentials by restricted their usage from a certain portal for a brief period (e.g. 30 seconds).

Either for integration purposes or just as a normal standalone requirement MuseKnowledge Proxy supports SAML 2.0 authentication as a Service Provider in a multi-tenant fashion. All products supporting SAML 2.0 in Identity Provider mode (e.g. ADFS, Okta, Shibboleth, OpenAM, Efecte EIM or Ping Federate) should be compatible with MuseKnowledge Proxy. We performed successful tests with the Shibboleth IDP implementation (with Open LDAP and with Active Directory at the other end), Simple SAML PHP IDP, with SSOCircle IDP and with Shibboleth Discovery Service implementation. As the SAML implementation is quite a big subject there are many features related to it:

  • metadata management supporting adding IDP metadata and generation of SP metadata, pre-validation of IDP metadata to detect the need of certificates, tests for authentication, inspecting SAML attributes, guidelines and more;
  • local discovery service;
  • external discovery;
  • IDP metadata configuration through URL (with a local file backup with periodically refreshes) or through file upload;
  • specifying IDP metadata as a file/url containing one EntityDescriptor or as multiple EntityDescriptor wrapped in EntitiesDescriptor (e.g. a federation) with filters eliminating conflicts if the SP metadata is also present in the same file.

Besides the existent support for enabling remote rewritten content to be served using gzip compression, we added support to serve the local content encoded using gzip; hence content originating to MuseKnowledge Proxy, such as the application interfaces is now served using gzip compression.

There are more cases in which HTTP responses with error status are not reported as error using the MuseKnowledge Proxy error templates, but rather the native error is shown. The status codes are 403 Forbidden, 404 Not Found, 500 Internal Server Error and 503 Service Unavailable.

The detailed list of changes is available in MuseKnowledge Proxy Release Notes PDF Document and the new features are described in the manuals that are part of the distribution. As usual we offer a Free 30 Day Trial period to fully evaluate the new version of MuseKnowledge Proxy. You can request a Trial License Key by simply filling in the trial form.