> For the complete documentation index, see [llms.txt](https://docs.keeper.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.keeper.io/release-notes/enterprise/sso-connect/sso-connect-on-prem-17.0.2-1.md).

# SSO Connect On-Prem 17.1.0

#### What’s New <a href="#whats-new" id="whats-new"></a>

* SAML Engine Modernization: Migrated from the legacy OpenSAML-based stack to the Keycloak SAML library for improved security posture, maintainability, and FIPS-friendly operation. No administrator action required.
* Modern HTTP Transport: Upgraded to Apache HttpClient 5 (httpcore5) bringing improved connection management and support for HTTP/2.

#### Improvements <a href="#improvements.1" id="improvements.1"></a>

* Hardened authentication and login path with refined validation and standardized error handling.
* Internal API call paths were consolidated to reduce duplication and improve reliability under load.

#### Security & Bug Fixes <a href="#security-and-bug-fixes" id="security-and-bug-fixes"></a>

* Dependency updates across the platform, including Jetty, Keycloak SAML, Jackson Databind, Log4j, Bouncy Castle (bcprov/bcpkix), and Apache Commons Lang to current secure versions.
* Addressed Jetty advisory CVE-2026-2332 via upgrade to Jetty 12.1.8.
* No externally reported Critical customer bugs were recorded for this release at sign-off.

#### Compatibility & Upgrade Notes <a href="#compatibility-and-upgrade-notes" id="compatibility-and-upgrade-notes"></a>

* No configuration changes are required for existing SSO deployments. All prior IdP/SP configurations remain compatible.
* We recommend testing against your IdP (such as Okta, Entra ID, ADFS, Ping, or Keycloak) in a lower environment before production rollout.

#### Components Updated <a href="#components-updated" id="components-updated"></a>

|   | Component              | Previous | Updated | Benefit                             |
| - | ---------------------- | -------- | ------- | ----------------------------------- |
| 1 | Jetty                  | 12.1.6   | 12.1.8  | Security hardening and CVE coverage |
| 2 | Keycloak SAML          | 26.5.3   | 26.6.0  | Modern, supported SAML processing   |
| 3 | Jackson Databind       | 2.13.5   | 2.21.1  | Remediation of older advisories     |
| 4 | Log4j                  | 2.20.0   | 2.25.4  | Latest stable logging stack         |
| 5 | Bouncy Castle (bcprov) | 1.78     | 1.84    | Cryptography library updates        |
| 6 | Bouncy Castle (bcpkix) | 1.77     | 1.84    | Enhanced crypto support             |
| 7 | Apache Commons Lang    | 3.14.0   | 3.18.0  | Maintenance uplift                  |


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.keeper.io/release-notes/enterprise/sso-connect/sso-connect-on-prem-17.0.2-1.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.