Release notes 2.x

2.39.00

Features

  • Added statistics API
  • Added integration with BankId
  • Added ability to configure which attributes are visible on dashboard page
  • Added ability to verify invitation using letter or SMS
  • Splitted features tab in admin panel
  • Facebook Graph API 2.1 compatibility
  • Changed statistics generator to include all historical data

Bug fixes

  • Fixed not existing log file error during application startup
  • Fixed visibility of error message when external code is invalid on invitation verification page
  • Fixed too short delay for initial statistics generation

2.38.00

Features

  • Added statistics overview in admin panel
  • Added parametrization of custom messages configured in admin panel

2.38.01

Bug fixes

  • Fixed http 505 error on custom messages view for malformed messages
  • Fixed port forwarding when idp is used with external proxy

2.37.00

Features

  • Adjust session timeout with docker configuration
  • Access API, admin panel and personal site via different ports

2.36.00

Features

  • Multilingual support in custom messages
  • Create attribute configuration page in admin panel
  • Add extension points to connect to Extension API

Bug fixes

  • Fixed step-up process not cancelled on dead-end page
  • Fixed captcha error message not shown for the first time the captcha is shown

2.35.00

Features

  • Allow to disable notifications for certain attributes update
  • Allow to configure HTTP Strict Transport Security header
  • Improved captcha on login screen
  • Improvements for migration implementation
  • Added popover with mobile number requirement description on sign-up page

Bug fixes

  • Fixed response status on PersonApi delete person
  • Fixed missing available language in case only branding message file is defined

2.34.00

Features

  • Change user password through Person API
  • Sign up user through Person API
  • Redirect user to predefined URL after password reset procedure
  • Show password reset screen in preferred user language
  • Extension point for updating profile attributes in external service
  • Move identities icons to dashboard area

Bug fixes

  • Fixed not using default-locale when sending emails

2.33.00

Features

  • Inline SAML login with user credentials as SAML login request parameters
  • Removing authentication tokens on password change for all sessions besides the current one

Bug fixes

  • Added PIN backend validation
  • Fix conditions to show mobile number field in sign-up form

2.32.00

Features

  • Messages can be edited via the admin panel.
  • Delivery code view extended by initial view with information that code has been sent. The second view, where user can enter the code, will be shown after time specified in properties.

Bug fixes

  • Externally delivered code step-up was failing for account without address attribute defined.
  • Service provider metadata wasn't recreated after changing it.
  • Changing the attributes via Person API won't send the notification to the user anymore.
  • Email validation via Person API improved.

2.31.00

Features

  • Externally delivered code step-up method.
  • Reason can be set while blocking or deleting person via person api.
  • The configuration for the link on the logo has been separated from the link on the "Go to home" buttons in the dashboard, e-mail verification and error pages.
  • Authentication token is removed on SAML validation failure.

Bug fixes

  • Fixed deleting custom attributes on person signed up and person enriched.

2.30.00

Features

  • Remove authentication token in specific scenarios
  • Allow to suppress post login action through url parameter.
  • Removed message about attributes to verify during sign-up
  • During sign-up message is shown that sending email send failed in case email verification is mandatory and mail service is not available.

Bug fixes

  • Correct setting authentication token to support all login flows.
  • Fixed content page cache configuration.
  • Fixed person id not visible in admin-console when last name is not filled.

2.29.00

Bug fixes

  • Email sending bug fixed (mails weren't sent due to missing message prefix)
  • Updating custom attributes via person api fixed (error 500 was shown)
  • Message shown after mail change update updated

2.28.00

Features

  • SAML cookie based authentication using SAML PreviousSession context (alpha version)
  • Replace phone number control to use intl-tel-input component

Bug fixes

  • Fixed not showing message regarding attributes on sign-up form after reopening the form

2.27.00

Features

  • Providing custom HTML fragment in <head> section of every page in admin panel
  • Last username is no longer remembered in cookies
  • Add cancel link to step-up page which allows not to proceed with step-up and gracefully return to Service Provider
  • Add option to make mobile number optional with mobile number field shown on sign-up page

Bug fixes

  • Fixed returning wrong total results count in Events API
  • Fixed redirection after login and sign-up in case email verification is required

2.26.00

Features

  • New Event API to retrieve events that were triggered via the Person API by a specific agent
  • Restrict access to the admin console on IP address

Bug fixes

  • SAML SLO gives an error page for some requests
  • Set default country in mobile number form when a user has no mobile number
  • Error handling when updating an e-mail address via the Person API leads to a conflict

2.25.01

Bug fix

  • Column name for Post login action is too long for Oracle databases

2.25.00

Features

  • Post login actions (enrich attributes after second login)
  • Support for SAML passive authentication
  • Mark mail as verified for account created by invitation
  • Required mark (*) removed from all fields ('optional' mark added to optional fields)
  • Login page can be opened without registration link visible

Bug fixes

  • 'PartialLogout' returned by SAML SLO if at least one SP can't be logged out
  • Error message is shown once after failed login
  • Feedback for Remind username via SMS shown in new screen

2.24.00

Features

  • Single log-out for all SAML Service Providers in the current session
  • Send username reminder via SMS
  • Add Cancel button to Password forgotten page

Bug fixes

  • Account notifications should only be sent to activated users
  • Accepting Terms and Conditions can be bypassed
  • Incorrect HTTP status code response from Credential API when it is disabled
  • Long device names break UI in Connected devices list

2.23.00

Features

  • User can reset password using SMS code instead of link sent by email
  • Search person in Person API by phone number

Bug fixes

  • Fixed CSRF Token missing in case name, mobile number and pin are not required

2.22.01

Bug fixes

  • Sign up could not be completed under certain conditions
  • Remove menu for logged in users on page to verify the email address

2.22.00

Features

  • Add option to register an account without providing a name
  • Add option to register an account without providing a mobile number
  • Add option to migrate an account without providing a date of birth
  • Add option to only allow persons with a verified email address to log in
  • Show if the password meets the policy when setting a password
  • Add support for searching a person via Person Search API by a part of their email address

Bug fixes

  • Fix to clear maintenance notification message

2.21.01

Bug fixes

  • Fixed not storing custom attributes in database after just-in-time migration
  • Fixed error on creating person via Person API in case custom attributes is set to null

2.21.00

Features

  • Add option to plug in just-in-time migration after login
  • Add option to migrate user on Credentials API call
  • Add option to migrate user on password reset request
  • Add option to verify external user repository to check whether username is available on sign-up and email change
  • Allow to search for user using partial match on email in Person API
  • Add basic authorization properties for external email gateway

Bug fixes

  • Fixed error message on password change screen when provided current password is invalid

2.20.00

Features

  • Hook to check check user existence in external user repository

Bug fixes

  • Fixed Person Search API returning non-empty list with null for search with no results

2.19.00

Features

  • Credentials REST API to verify person credentials
  • Password policy configurable in admin panel

Bug fixes

  • Added metadata to step-up related events
  • Added explanation for verification code removed event
  • Showing correct status of mobile number verification on change mobile number page
  • Spaces are removed from mobile numbers when stored and when used to send SMS message

2.18.02

Bug fixes

  • Don't show icon for mobile number verification in change mobile number form

2.18.01

Bug fixes

  • Correct FormValidatorUtils bean include that broke the overlay

2.18.00

Features

  • Placeholder for analytics script in the head section

Bug fixes

  • Prevent iOS devices from zooming in when an input field is selected
  • Catch all exceptions when sending an email to a removed person
  • Do not allow to create a person with an empty or invalid email address via the person API

2.17.00

Features

  • Application events can be viewed as a list filtered by properties in admin console
  • Links in pages and email can be configured in admin console
  • Mobile number without country code allowed in confirmation field

Bug fixes

  • Removed invalid links in admin console
  • Case sensitive email address confirmation
  • Redirection error after step-up authentication for device removal

2.16.00

Features

  • Sending verification email after changing email address
  • Add Oracle support for Docker
  • Allow to disable mobile number verification
  • Allow to send emails by connecting external service

2.15.01

Bug fixes

  • Always send a person signed up command on invitation complete even when no attributes are changed.

2.15.00

Features

  • Allow to resend invitation when previous invitation is still unexpired
  • Introduced api to reset person and remove identities
  • Allow change security related person attributes via person api

Bug fixes

  • Error responses in Person Search API don't contain specific error code
  • Do not show organisation name and logo on login page when in single tenant mode
  • Fixed email and mobile number confirmation on invitation sign up
  • Do not allow storage of empty mobile number via update functionality when pin disabled or pin not available

2.14

Features

  • Improved documentation
  • A default login success URL can be configured
  • Confirmation of an email address at sign-up and change email can optionally be enabled
  • Confirmation of a mobile number at sign-up and change mobile number can optionally be enabled
  • Authentication level required to change password can be configured
  • Authentication level required to change mobile number can be configured

Bug fixes

  • While creating an account, the phone number does not disappear anymore when selecting the country

2.13

Features

  • Added popovers with mobile number explanation, password disclaimer, migration
  • Configure a default URL after login into Onegini IDP
  • Limit long display names in the header to 50 characters to prevent breaking the UI

2.11

Features

  • Onegini IDP can be overwritten to have a similar look and feel as a customer:
    • Links in logo, security indicator and footer configurable
    • There is a document which messages can be overridden for content links
  • All links to content pages to go to my own website

Bug fixes

  • Updated the documentation of Onegini IDP with the new stub
  • SingleTenant last logins are fixed
  • Fix the authentication loop in Onegini IDP
  • Risk based authentication is not passed with Mobile Authentication on a new device
  • JSON response can be vulnerable to JS Array constructor overrides
  • On some pages there was no cancel button
  • Risk based authentication not passed via Mobile authentication
  • Improved text of security page

2.10

Bug fixes

  • Don't want to show when a password reset was triggered with an invalid email address for security reasons

2.09

Features

  • Make it possible to disable the PIN step-up

Bug fixes

  • Change email functionality does not indicate a duplicate email address
  • Styling of emails contained a bug

2.08

Bug fixes

  • Replicate the cache for storing SAML request id in order to prevent SAML request replay attacks