New Features in ADONIS 16.6
ADONIS 16.6 is a minor update built on the 16.0 LTS foundation with a host of improvements for administrators, focusing on security, authentication, user provisioning, and integration capabilities. This release enhances existing services, adds new options for configuring OAuth 2.0 and OIDC, and simplifies user management, helping your organisation manage its architecture more efficiently.
Additionally, this release includes fixes for issues discovered since the release of ADONIS 16.0 LTS.
Read on to discover what’s new in ADONIS 16.6!
New Features for ADONIS Administrators
MCP Services: Enhanced Authentication and Security Options
We continue to expand the Model Context Protocol (MCP) server introduced in ADONIS 16.5, which enables AI systems to connect to ADONIS.
MCP Services Decoupled from REST API
To provide clearer separation, the MCP services are now fully decoupled from the ADONIS REST API. The REST API no longer needs to be active, and no authentication mechanism has to be configured for it for the MCP server to function properly. Instead, all required authentication settings can be configured directly in the MCP Services settings.
OIDC Support
In addition to Basic Authentication and OAuth 2.0, you can now configure OIDC authentication as an additional method for authenticating requests to the MCP server.
Extended MCP Security Settings
The MCP tab in the Security Settings now includes two separate IP restriction settings that exclusively control which IP addresses may send requests to the MCP server:
MCP Basic Authentication IP Restrictions: Applies to all Basic Authentication requests.
MCP IP Restrictions: Applies to all other requests (OAuth 2.0 and OIDC authentication).
If no restrictions are configured, all IP addresses are allowed.
For details on enabling the MCP services, please refer to the section "MCP Services" in the Administration Help.
Guidance on using the MCP services and a reference implementation in Python for creating an agent is available via the BOC Developer Portal.
SCIM: User Defaults
Automated user and group provisioning becomes more robust and flexible in ADONIS 16.6. The SCIM settings now also include options for settings defaults for provisioned users.
You can specify certain user groups, system roles and other properties that should apply to all users provisioned via SCIM. These defaults apply only if no specific assignments are provided in SCIM POST requests.
For details, please refer to the section "Configure General SCIM Settings" in the Administration Help.
OAuth 2.0 & OIDC: Generate Tokens & First-Party Applications
ADONIS can act as an OAuth 2.0 Authorization Server and OpenID Provider (OP). In this role, it authenticates users for external applications (OAuth 2.0 or OpenID Connect clients), allowing them to sign in with their ADONIS credentials. ADONIS 16.6 introduces the following enhancements in this area:
Generate Access Tokens and Identity Tokens
For testing purposes, you can now generate access tokens for client authentication and, for OIDC, identity tokens that provide information about the authenticated user, directly in the ADONIS Administration.
First-Party Applications
It is now possible to mark OAuth 2.0 and OpenID Connect clients as first-party applications. Requests from these applications will still require authentication (either an active session or user login), but the user will not need to explicitly grant access.
This setting is intended for applications that are owned and controlled by your organisation (first-party or public clients), where seamless access without repeated authorization is desired.
For details, please refer to the sections "Authentication > OAuth 2.0" and "Authentication > OIDC" in the Administration Help.
OAuth 2.0: "No Scope Provided" Setting
When configuring OAuth 2.0 authentication in ADONIS for the REST API, SCIM services, or MCP services, at least one scope is usually required. The optional No scope provided setting allows ADONIS to accept tokens from clients using the Client Credentials Flow without sending a scope parameter. If enabled, these clients are mapped to the technical user specified in the configuration.
For details, please refer to the sections "MCP Services > Configure OAuth 2.0 Authentication", "SCIM Services > Configure OAuth 2.0 Authentication" and "REST API > Configure OAuth 2.0 Authentication" in the Administration Help.
Extended CORS Security Settings
The Security Settings for Cross-Origin Resource Sharing (CORS) have been extended. Whether you configure CORS at the General, REST or MCP level, you can now not only allow or block CORS for all browser-based requests from other domains, but also define a whitelist of trusted domains.
For details, please refer to the section "Security Settings" in the Administration Help.
Edit Info Texts of Relations, Object & Model Types
Starting with ADONIS 16.6, you can edit the info texts of relations, object types and model types directly on the Properties page. These texts can be adapted in all languages supported by ADONIS, helping your users better understand the purpose and meaning of these metamodel elements.
For details, please refer to the sections "Edit Relation Info Text" and "View and Manage Element Details" in the Administration Help.
The availability of this feature depends on the licence.
Clone User: Random Password
When using Clone User, you can create an exact copy of an existing user. Previously, the cloned user received the same password as the original user. Starting with ADONIS 16.6, cloned users are now assigned a random password instead.
For details, please refer to the section "Clone User" in the Administration Help.
Export Named Users Information to Excel
A new feature allows administrators to export all named users from selected application scenarios (for example, Design & Document) as an Excel file (XLSX format) for use in other applications. The export contains one column per scenario, with rows listing the assigned users.
For details, please refer to the section "Manage Named Users" in the Administration Help.
View Users: Information about Disabled Accounts
A small but helpful enhancement on the Users page adds the option to display the Account disabled column. This column shows whether a user account is disabled and therefore unable to sign in to ADONIS. The same information is also included when exporting user data to Excel.
For details, please refer to the section "View Users" in the Administration Help.
Migration from an Earlier Version of ADONIS to ADONIS 16.6
Changes to Software Requirements
Please note the following changes to the software requirements for running ADONIS when migrating from previous versions.
No longer supported
Tomcat 8 and Tomcat 9
Java 8 and Java 11
Added support for
Tomcat 10.1 and Tomcat 11
Java 17, Java 21 and Java 25
Compiler Runtime Update (Visual C++ Redistributable)
ADONIS 16.6 now requires the Microsoft Visual C++ Redistributable for Visual Studio 2015–2022 (v14) to run the Application Server. If it is not already present on your system, the installer will prompt you to download and install it automatically during setup.
Upgrade ADONIS
The Installation Manual contains a number of migration guides that will help you upgrade ADONIS from an older version to version 16.6. Each guide contains all the steps that need to be taken, with everything explained in detail:
Migration from All Other Versions to ADONIS 16.6
If you are using ADONIS 13.0 or earlier, please contact your ADONIS consultant for assistance with the required steps.
Install Hotfix
You are already using ADONIS 16.6 and want to install a hotfix? Here are step-by-step instructions: