2.5.2.2

Release 2.5.2.2

What's New

• Lots of new stuff in this release!
• OIDC Auth Code Flow + PKCE
• Add Identity button now supports adding an identity by JWT or by URl
  • JWT behavior remains the same
  • support has been added for joining a network by 3rd party CA
  • support added for joining an OpenZiti network v1.2+ by URL. Note, the URL must be
    preconfigured with trust from the OS trust store. Unverifiable URLs cannot be used.
• Keychain support is added! The OpenZiti C SDK uses the
  tlsuv library which as integrated with
  Windows "Cryptography API: Next Generation"
  to support storing private key material through OS API calls. While this can be disabled
  if necessary, it is enabled by default and should remain enabled unless you are sure
  that it shouldn't be.

OIDC Auth Code flow + PKCE

If you are using an OpenZiti controller version 1.2 or higher, you are now able to use
anExternal JWT Signer
to authenticate to the overlay. When configured, you can join the network by using either
the network JWT (downloaded from the ZAC or extracted from the controller's /network-jwts endpoint)

If there are more than one ext-jwt-signers configured, new controls on the item details page will let
the user configure a default external auth provider. When a default is configured, simply clicking the
new "authorize IdP" icon.

Other changes

• removed "add identity" button from the bottom of the screen
• pointers now change to indicate an element is a drag point
• tooltips added to 'Z' icon
• right click on the main screen 'Z' icon to reattach a window
• various UI presentation improvements

Bugs fixed:

• the UI now knows if it's connected or disconnected and shows the label appropriately
• when disabling the UI the lower portion no longer looks truncated

Dependencies

• ziti-tunneler: v1.3.2
• ziti-sdk: 1.3.2
• tlsuv: v0.32.9[OpenSSL 3.3.1 4 Jun 2024]