Page Comparison

Overview

V4.1 introduces a new configuration management aid to the IdP called "modules", or "IdP modules" to distinguish them from other uses of the term. The point of an IdP module is to encapsulate information about an optional feature of the software, together with a way to install, update, and remove optional files that are needed to use the feature.

As an example, if you're using Duo, the feature requires at least a view, a set of properties, and occasionally an XML file in a particular spot for more advanced configuration. If you're not using it, none of those files are needed. So, if you're not using Duo, having those files installed and in the way is just annoying and confusing. Making the Duo login flow a module allows the system to recognize whether the feature is being used, deploy initial versions of the needed files after installation of the IdP, and even remove them if the feature is no longer needed.

...

To manage expectations, this is still a Spring-based application that is wired together very statically and relies on a lot of older technology that is not amenable to dynamic plug-and-play behavior. The goal was not to redesign the system, but to redesign as much of the configuration as possible to work in a more "default to safe" way to reduce the number of files that a new deployer would be faced with. Many features are used by few (or no) deployers, so having to accomodate accommodate those configurations by default became less and less attractive.

It is likely possible that future major versions may remove certain features and turn them into optional plugins that would be installable separately to shrink the footprint further.

...