Release notes 6.x

6.0.0-M16

Features

  • Added support for person migration when password reset is triggered for account without Username&Password identity coupled

Bug fixes

  • User can now successfully register in the Onegini IDP when in the SAML flow with ForceAuthn flag set to true

6.0.0-M15

Bug fixes

  • The verified flag is now respected when creating or updating person's attributes via Person API
  • The ui-extension URL validation is now working as expected when both the Onegini IDP and the ui-extension are deployed behind a load balancer

6.0.0-M14

Improvements

  • Changed way of choosing the redirect URI when the Action Token is being created. For more information please refer to the Action Token documentation
  • The Action Token REST APIs will now respond with more precise error messages
  • Changed the way the Onegini IDP is processing the actions which are assigned to the Action Token to transactional

Bug fixes

  • Fixed a bug causing a person's custom attributes set via either an API call or the Onegini IDP extension being removed during attributes synchronization process

6.0.0-M13

Improvemens

6.0.0-M12

Improvements

  • Added error handling on both sides of token processing (token creation and token usage)
  • Update attributes extension point is now also called directly after sign up

6.0.0-M11

Features

  • Added "send_notification" flag to /api/persons/{person_id}/tokens endpoint to allow sending email notifications after token has been generated
  • Moved Action Token related classes to sdk. ActionType, ActionTokenProcessResult, ActionTokenApiExecutionStatus, ActionTokenProcessResponse
  • Added new login method using QR code. More information in documentation

Improvements

  • Moved Data clean-up section from Configuration tab to System tab in admin panel
  • Added automatic removal of expired mobile transactions. For more information please refer to the Token Server Configuration
  • Changed default order of resolving messages to check all of the locale-specific bundles before using default ones. For more information please refer to the Messages resolution order
  • Geolocation data is now send to Onegini Token Server (if it's available) when using QR code login or mobile login
  • Added IdpObjectMapper instance that is expected to be used for serializing/deserializing communication in between extension and CIM core
  • Replace CustomObjectMapper with ExtensionObjectMapper instance that is expected to be used for serializing/deserializing communication in between the idp-extension and CIM core

Bug fixes

  • Fixed problem with coupling person's account via Create signed-up person endpoint while having more than one Identity provider with given type enabled. Since this version there is no possibility to create and couple account while having more than one identity provider with the same type enabled. Error More than one identity provider with given type enabled (1053) is returned in such case

6.0.0-M10

Features

Improvements

  • Improved person lookup view in admin panel by displaying partition list only if partitioning is enabled

Bug fixes

  • Fixed problem with non-ascii characters encoding for data sent via html forms. More information in upgrade instructions
  • Fixed copyright in emails to update every year

6.0.0-M9

Bug fixes

  • Fixed bug with deleting and adding custom attribute with the same name

6.0.0-M8

Features

  • Added new post-process action - Force UnP identity. For more information please refer to the (Authentication post process actions) chapter
  • Added possibility to signup, activate and couple identities in one api call to /api/persons/activated
  • Added possibility to signup already coupled person without providing password
  • Extended Profile Attributes Update extension point to take control of updating profile attributes whenever it has been called by Onegini IDP
  • Added possibility to set email params such as: from, reply to and sent to (for admin related emails) via message keys depending on the user's locale. Newly added message keys are:
    • onegini.common.email.from
    • onegini.common.email.replyTo
    • admin.emailNotifications.toAddress
  • The JWT keys are now generated and managed by the Onegini IDP. For more details please refer to Configure JWT Keys chapter

Bug fixes

  • Fixed issue with uid-urn:oid:0.9.2342.19200300.100.1.1 SAML attribute value not being returned in the SAML AuthnResponse
  • Fixed error which prevented an administrator from updating the Mobile Login configuration

6.0.0-M7

Features

  • Added possibility to add redirect uri to action token request. For more details please refer to Action Token topic guide
  • Added action token redirect uri whitelist to admin panel
  • Email is now marked as verified whenever email_verified claim is returned by OIDC provider.
  • Implemented right to be forgotten for accounts that have been deleted
    • already deleted accounts can be cleaned up in admin panel
    • data for accounts deleted since this version is removed automatically

Bug fixes

  • Fixed issue with welcome email being sent before user activation

Improvements

  • Metadata for OpenID Connect and itsme identity providers is now cached in Redis
  • Axon snapshots for deleted accounts are removed from database directly after deleting the person (GDPR regulations)
  • Turned off default email verification during automatic sign up and introduced verified by default checkbox in the external idp attribute mapping configuration.
  • Added option to manually configure OpenID Connect identity provider
  • Added option to force User Info encryption for OpenID Connect identity provider
  • Added ACR security level configuration to itsme identity provider

6.0.0-M6

Features

  • Added support for OpenID Connect Identity Provider type (currently in beta). For more details please refer to OIDC topic guide
  • Added support for Itsme Identity Provider type (currently in beta)
  • Added support for DigiD Identity Provider type. For more details please refer to DigiD topic guide
  • Added new option for modifying existing velocity engine templates

Bug fixes

  • Fixed authentication level not being returned as part of the SAML response when ECP binding is used
  • Fixed attributes synchronization when LDAP user credentials are validated via Credentials API

6.0.0-M5

Features

  • Header Authentication for Administrator Users
  • Introduced new flag Synchronise Attributes on identity provider configuration form that gives possibility to turn on or off attributes synchronisation during sign in

Improvements

  • Updated LinkedIn API to version 2
  • Migrate from Google Plus Sign-In
  • Added option to choose Assertion Consumer Service URL in SAML response based on URL or index specified in SAML request
  • Extended credentials validation API to validate LDAP credentials

Bugfixes

  • Fixed profile attributes not returned in SAML response
  • Fixed issue after removing all custom attributes
  • SAML error will be returned on authentication with social Identity Provider failure

6.0.0-M4

Features

  • Added support for profile attributes transformation. For more details see appropriate topic guide
  • Added a new search API that includes additional person info (such as account status) in the search result
  • A new password policy rule is added which blocks usage of passwords that have been discovered in a data breach. It uses data from haveibeenpwned.com

Improvements

  • Merged step-up and mobile login callback url configuration and moved it to the Token Server Configuration in System Tab in admin panel
  • Search API is now deprecated and additionally available from /api/v1/persons/search-profile, new search api is available under /api/v2/persons/search
  • Added signature handling to SAML metadata
  • Added overall and time period user activations statistics to admin panel
  • Action token configuration has been changed. See Action token configuration for details

Bug fixes

  • Fixed non-unique list of translations in SAML metadata

6.0.0-M3

Features

  • It is now possible to define an IP range in CIDR format for Identity Providers of LDAP type which will allow only users with matching IP address to login.
  • Added support for forced authentication in SAML

Improvements

  • Updated Mobile Authentication APIs

Bug fixes

  • Fixed blocked and inactive person credentials validation issue

6.0.0-M2

Features

  • User account can now be activated via activation link sent by email, for more detailed info please refer to person activation chapter in the Onegini IDP documentation

Improvements

  • Persons partitioning extended by login with external identity providers
  • Added versions matrix to keep track of compatibility between the Onegini IDP and IDP Extension SDK
  • Extended the ProfileAttributesUpdateExtensionPoint extension point which is triggered whenever person's profile attributes are being updated with a new property containing the whole up-to-date profile representation
  • Added IP range configuration for LDAP identity providers.

Bug fixes

  • Fixed SAML Single Logout functionality which did not redirect to origin url parameter

6.0.0-M1

Features

  • Deleted LDAP configuration for mobile login functionality
  • Extended configuration API by attributes validation rules
  • Moved Mobile step-up authentication related properties to Smart Security - Step-up Authentication configuration section in the admin console, please check upgrade instructions for more info
  • Moved Mobile Login related properties to Configuration -> Identity Providers configuration section in the admin console, please check upgrade instructions for more info

Improvements

  • When email tag is not set it will not be returned within the OAuth flows. A sample response structure can be found in the SDK integration docs

Bug fixes

  • Fixed issue preventing users from performing mobile authentication after external idp login
  • Fixed an issue with coupling a person who has a / character within external id