What’s New in HiveMQ 4.19?

The HiveMQ team is proud to announce the release of HiveMQ Enterprise MQTT Platform 4.19. This release provides increased observability and feedback in the HiveMQ Health API, enhanced security and user experience in the HiveMQ Enterprise Security Extension with OIDC, and several usability improvements.

Highlights

• Expanded HiveMQ Health API
• OpenID Connect logout support in the HiveMQ Enterprise Security Extension

HiveMQ Health API Enhancements

We introduced the Health API in HiveMQ platform 4.14 to make monitoring the health and readiness of on-premise and managed cloud service HiveMQ deployments easier. Since the initial release, we have seen broad adoption of the feature. Based on customer feedback, the HiveMQ Health API 4.19 release significantly increases your ability to assess the operational and functional status of your HiveMQ broker components and extensions.

How it works

The HiveMQ Health API now provides more information about the deployment state of your HiveMQ platform. Each HiveMQ deployment consists of multiple core components such as MQTT listeners, REST API, Control Center, and extensions.

In addition to summing up the overall system health, our expanded Health API lets you request specific health and readiness information for individual components of interest. Since many of our customers configure multiple listeners in their deployments, we also split the cluster state and the state of MQTT listeners. The latest Health API now offers fine-grained health information for each listener you configure. This type of data makes it possible to detect issues early, respond effectively, and ultimately resolve problems even faster.

Example listener snapshot from the HiveMQ Health API:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30

{
    "status": "UP",
    "components": {
        "mqtt": {
            "status": "UP",
            "components": {
                "tcp-listener-1883": {
                    "status": "UP",
                    "details": {
                        "bindAddress": "0.0.0.0",
                        "isProxyProtocolSupported": false,
                        "isRunning": true,
                        "port": 1883,
                        "type": "TCP Listener"
                    }
                },
                "tls-tcp-listener-8883": {
                    "status": "UP",
                    "details": {
                        "bindAddress": "0.0.0.0",
                        "isProxyProtocolSupported": false,
                        "isRunning": true,
                        "port": 8883,
                        "type": "TCP Listener with TLS"
                    }
                }
            }
        }
    }
}

How it helps

The HiveMQ 4.19 Health API release adds precise information about the health and readiness of your HiveMQ deployment. Easy access to clear and structured data simplifies debugging and makes it easier for your site reliability engineers to maintain the availability and performance of your system. Getting a detailed overview of your deployment via the Health API boosts your ability to proactively identify and address issues, reduce downtime, and ensure the smooth operation of your application. For more information on all the new HiveMQ Health API endpoints and configuration options, see HiveMQ Health API.

Support for OpenID Connect session logout in the HiveMQ Enterprise Security Extension

Our HiveMQ 4.17 platform release added support for OpenID Connect (OIDC) authentication of Control Center users with an OIDC provider of your choice to the HiveMQ Enterprise Security Extension.

OpenID Connect (OIDC) is an open authentication protocol commonly used to support scenarios requiring enterprise-wide single sign-on (SSO) capabilities.

Now, HiveMQ 4.19 expands the OIDC realm of your HiveMQ Enterprise Security Extension with configurable logout functionality for Control Center users. The new OIDC configuration options allow you to influence OIDC logout behavior and implement redirects to a specific endpoint after logout in your OIDC flows.

How it works

The OIDC authentication manager of your HiveMQ Enterprise Security Extension offers a new configuration option that allows you to set a post-logout-redirect-uri. This setting lets you define a Universal Resource Indicator (URI) to which your Control Center user redirects after successful logout.

Example OIDC authentication manager configuration with a post-logout redirect URI:

1
2
3
4
5
6

<oidc-authentication-manager>
    <realm>oidc-realm-name</realm>
    <redirect-uri>http://localhost:8080/callback</redirect-uri>
    <post-logout-redirect-uri>http://localhost:8080</post-logout-redirect-uri>
    <authorization-key-claim>user</authorization-key-claim>
</oidc-authentication-manager>

Additionally, the OIDC realm adds a new configuration that lets you set an optional <end-session-endpoint>. This setting is useful for implementations in which your OIDC provider does not provide an end_session_endpoint in its metadata response. To learn more about these responses, see OIDC Metadata.

How it helps

The new OIDC logout options in the HiveMQ Enterprise Security Extension extend the enterprise-wide single sign-on (SSO) capabilities of the OpenID Connect Authorization Code Flow for your HiveMQ Control Center. The added OIDC support enables a seamless and consistent user log-out experience and further increases compliance and security for your HiveMQ platform. For more information, see OIDC for the HiveMQ Control Center.

More Features and Improvements

HiveMQ Enterprise MQTT Broker

• Replaced deprecated OpenJDK base image with Eclipse Temurin

HiveMQ Enterprise Security Extension

• Added the ability to use the allow-all authorization manager for Control Center and REST API pipelines. The allow-all authorization manager can now be used on all ESE pipelines.
• Added permissions to regulate access to the Active License Information and Statistics per Node views on the HiveMQ Control Center dashboard.

HiveMQ Data Governance Hub

• Fixed an issue that could prevent the correct application of a schema after a stateful start of the HiveMQ broker.

Get Started Today

To upgrade to HiveMQ 4.19 from a previous HiveMQ version, take a look at our HiveMQ Upgrade Guide. To learn more about all the features we offer, explore the HiveMQ User Guide.

About HiveMQ Team

We love writing about MQTT, IoT protocols and architecture in general. Our experts are here to help, so reach out to us if we can help!

Contact HiveMQ