How Can We Help?
Information on change to supported systemsInformation on change to supported systems
Executive Summary:
- Going forward, Pure will only support SAML2 protocol based Single Sign On authentication.
- Going forward, for legacy on premise customers, Pure will only support "on premise installation of Pure" using the Postgres database on a current version Linux server.
This document details the reasoning behind our decision to materially change the set of supported systems and what direct consequences we expect this to have for our customers. Please refer to the announcements in the release notes for details on the timing.
Authentication mechanisms
As part of our continuous evaluation of the security posture of Pure, we have in collaboration with the Elsevier security, and architecture teams decided that it is necessary to make a number of changes to our offering. We have over the last couple of years seen an increasingly aggressive security landscape, with high-profile vulnerabilities also affecting the Pure application.
As a natural consequence of this, we will be making several changes to reduce the attack surface, and general security posture of Pure. The most disruptive of these is that we will remove direct support for numerous authentication mechanisms in Pure. Specifically, we will remove support for the CAS, LDAP & AD, Radius, VETUMA, Request header based, Request remote user based, Static user, and Basic authentication mechanisms.
The SAML2 protocol is a well-established, secure protocol, used extensively by enterprises and governments for sharing identity data.
We are aware that this decision is disruptive for those not already on the SAML2 or Elsevier authentication mechanisms. That said our investigations show that major SSO products support SAML2, so we expect that for most customers the impact is limited to a re-configuration of their existing product.
Your IT-department will be able to clarify whether SAML2 is or can be supported using your existing SSO product. If you need assistance in configuring Pure or if you need to explore other options, please reach out to us using our normal support channels.
Databases
While we strive the provide a variety of options for our customers, it has become increasingly difficult to guarantee acceptable performance and high quality for all three database variants of our software code. To ensure the most effective use of our valuable development resources, providing the most functionality for your application users, the Pure engineering team will focus it's coding and de-bugging efforts on a single database. The database we have chosen is Postgres.
Please note that this only applies to the actual Pure database, any database synchronizations against SQL-Server or Oracle databases will still function precisely as they do now. That said, we recommend that any customers using database synchronizations consider rewriting their integration to the XML-backed synchronization as we will likely deprecate the database synchronizations as well at some point.
The migration of Pure data to the Postgres database will be performed by your personnel leveraging a Java-based tool provided and supported by the Pure team. The time needed for this operation is similar to what is usually needed for a backup and restore of your current Pure database.
The Postgres database is the leading open-source product in its category. And while there is no licensing cost involved you should expect to invest some time in how to configure, run and maintain the product. If this is not possible for you, we recommend that you consider moving to a hosted solution.
Operating systems
The Pure team no longer has the necessary Windows system administration capabilities in-house to provide the high level of support we provide on other aspects of the application. This means we will no longer support Windows, and other non-Linux operating systems, as a supported hosting environment for the Pure application.
We recommend that impacted customers migrate to a modern Linux operating system or consider moving to a hosted solution.
Updated at July 27, 2024