Skip to content

Release notes 6.x

6.22.3

Improvements

  • We patched yet another Log4j vulnerability.

6.22.2

Improvements

  • We patched the Log4j vulnerability.

6.22.1

Bug fixes

  • Fixed the profile attribute's database inconsistency in case of an already invited person signup

6.22.0

Features

6.21.3

Bug fixes

  • Fixed HEAD requests for some links

6.21.2

Improvements

  • Added new events indicating failure during failed LDAP authentication

Bug fixes

  • Enforced session creation in domain cookie controller

6.21.1

Bug fixes

  • Fixed login issue with SAML external identity providers caused by SameSite bug in Safari browsers on iOS devices

6.21.0

Features

  • From now on it is possible to exclude attributes sent to a service provider when the option Include unmapped custom attributes within SAML Response is enabled.

Improvements

  • Sign in with apple and other OIDC-flows are adapted to work with a SameSite cookie flag.

Bug fixes

  • Fixed SAML SLO for external identity provider session overwritten by username and password session.
  • A problem with resolving resources from extensions has been fixed.
  • A new action token was being generated even though the Login via Action Token was not enabled. It caused an error when tried to authenticate using such token. This has been fixed.
  • Fixed SAML communication problem while exchanging data between Onegini IdP and external identity provider.
  • The Execution of migration logic has been removed from External Identity Coupling, because it triggered sending a PersonMigratedEvent, which was not correct. By removing the logic, the problem has been fixed.
  • Fixed an issue where verified flag could be set to false on already verified email during sign up via API.
  • Fixed an issue with creating an additional User and Password (UnP) identity with an ID from an external Identity Provider.
  • An error was thrown on automatic signup when Allow sign-up without invitation validation and Automated external identity coupling were enabled which resulted in an account not being created. This has been fixed.
  • Fixed an issue with attributes mapping while returning data to the service provider.
  • When a confirmation email was sent via a custom email gateway, the person identifier was not shared with the gateway. As a result the email could not be marked as verified. This has been fixed.
  • Post login action redirect flow is now integrated with SAML. If a user enters Onegini IdP with SAML request, the redirection works correctly.

6.20.1

Bug fixes

  • Fixed an issue related to SAML request data serialization in Redis
  • Added backward compatibility for PERSON_NAME_MANDATORY feature

6.20.0

Features

  • Added possibility to update and fetch attributes configuration with config api

Improvements

  • Alligned to new Facebook Graph API and handling 500 error response from Facebook

6.19.0

Features

  • Divided the first and last name attribute requirement on person creation into two separate requirements

Improvements

  • Extended migration by possibility to migrate accounts created via API

Bug fixes

  • Fixed an issue when custom attribute is configured in custom attribute mapping, but is not present in SAML response
  • Fixed issue related with config API credentials configuration.

6.18.0

Improvements

  • Added e-mail validation when updating person via Person API

Bug fixes

  • Aligned with CM bulk SMS messages API
  • Added default value for missing activation status in PersonSignedUpEvent

6.17.0

Features

  • Added possibility to update features configuration with API call
  • CM API for sending SMS upgraded to newest version

Bug fixes

  • Improved performance for updating person attributes operation causing HTTP timeout
  • Saml response is returned to service provider for SLO request with unknown session index

6.16.0

Improvements

  • Added support for MySQL 5.7+
  • Application cache has changed to use primarily Redis.
  • Custom attributes on signup page are now validated against configuration from admin
  • Flyway "out of order migrations" is now set as the default.
  • Apple ID attributes are automatically mapped to fields on a sign up page

6.15.0

Features

  • SAML SP and IdP implementation is compatible with browsers supporting SameSite cookie attribute
  • Added endpoints in configuration api for fetching features configuration

Improvements

  • Improved handling of service providers with a large number of attributes

6.14.0

Features

  • Added ability to modify API configuration using header. Read more here.

Improvements

  • Added possibility to set user language by adding language parameter to Action Token login request

Bug fixes

  • Show correct error message after entering an invalid birthday during the invite process

6.13.0

Features

  • Added possibility to create username and password identity during signup with external identity provider. Read more here
  • eIDAS identity provider extended by possibility to define authentication service
  • Fixed UX of iDIN configuration form in admin

Improvements

  • Added ability to set a key prefix for Redis

Bug fixes

  • Fixed issue that caused SLO to fail when one of identity providers had not specified SLO Service
  • Fixed issue which prevented from logging out from all relying parties

6.12.0

Improvements

  • Primary email address used during the migration is chosen in the following order:
    • use value entered by user if that value is a valid email address
    • use value returned by extension if value entered by user isn't a valid email address
    • migration fails if no valid email is provided (neither by user nor by extension)

Bug fixes

  • Fix the issue that caused infinite redirection loop on unverified email

6.11.1

Improvements

  • Data returned by external data is populated in sign up unp view

6.11.0

Features

  • Added possibility to edit or preview custom attributes on sign-up page. Read more in topic guide
  • Added possibility to define custom attributes mapping for iDIN

Bug fixes

  • Fix the cache for message translations

6.10.0

Features

  • Added mapped attributes (from external identity provider) on registration form attributes mapping
  • Added preview for mapped attributes (from external identity provider) on registration form (experimental feature)
  • Added support for SLO initiated by external identity provider
  • Extension messages and static resources can now be changed and then fetched dynamically in application runtime
  • Fully integrated with {{ no such element: dict object['ersAdmin'] }} which is a new application that manages configurations to git repositories

Improvements

  • It is now possible to create custom messages with custom keys
  • Added timestamp parameter for statistics api
  • Make default templates available for download
  • Introduced support for AWS ElastiCache
  • Changed the default Redis connection manager from Jedis to Lettuce for better performance under higher loads
  • Changed configuration for Redis cache
  • Automatic sign-up can now be executed with any set of mandatory attributes

Bug fixes

  • Fixed an issue preventing some certificates from being correctly updated via the Onegini IdP admin console
  • Corrected signature validation issue preventing iDIN responses from being handled properly

6.9.1

Bug fixes

  • Fix the cache for message translations

6.9.0

Features

  • Added "AutoActivation" option in identity provider configuration form. Read more: activation
  • Added API possibility to fetch and update custom messages for details please refer to the documentation

Improvements

  • Improved performance of persons search API while searching by email address

Bug fixes

  • Facebook attributes parsing now returns known attribute values, even when encounters attribute with unknown format
  • Fixed issue with exception thrown when custom attribute had empty value

6.8.0

Features

  • Added default iDIN integration to Onegini IdP

Bug fixes

  • Problem with resolving entity id, signature validation and assertion encryption has been fixed for SAML identity provider

6.7.2

Improvements

  • Improved security of user login

6.7.1

Bug fixes

  • Minor bugfixes

6.7.0

Features

  • Added support for persistent PseudoID for eIDAS Identity Provider type
  • When eIDAS is responding with BSN or PseudoID the Onegini IdP will validate the incoming identifier signature

Improvements

  • Database connection pool can be configured with additional parameters:
    • IDP_DATABASE_CONNECTION_TIMEOUT can be adapted to set connection timeout (default 500ms)
    • IDP_DATABASE_IDLE_TIMEOUT can be adapted to set idle connection timeout (default 30000ms)
    • IDP_DATABASE_MINIMUM_IDLE can be adapted to set minimum amount of idle connections (default 4)
    • IDP_DATABASE_MAX_LIFETIME can be adapted to set max lifetime of connections (default 600000ms)

Bug fixes

  • Action Token Redirect URI can now contain up to 2000 characters.

6.6.0

Features

  • Added SSL configuration for SAML identity providers, e.g. DigiD
  • Key pair system tab in admin panel is now called Certificates. Keys are now uploaded by files.
  • Introduced possibility to configure priority of preferred step up methods, for details please refer to the documentation
  • Introduced new healthcheck endpoint that also verifies status of the database and mail server, available under /actuator/health
  • Extended login response for authentication via extension with additional information pointing to the authentication failure reason. Implementation requires AuthenticationExtension implementation in customer extension. The feature has been added to the following flows:
    • Login via web
    • additional parameter personAuthenticationErrorCode is returned to the view
      • parameter points to the authentication failure reason
    • added possibility to define message shown on login page
      • message key is returned by AuthenticationExtension
      • translations need to be added to the extension messages file
    • Credentials API
    • reason is returned as part of the Unauthorized 401 response
    • SAML
    • reason is returned as error code in SAML response

Improvements

  • The Onegini IdP extension will be notified about attribute verification events

Bug fixes

  • The Configuration API for resolving configured identity providers has changed to make the casing of the response consistent.
  • Fixed issue where providing incorrect credentials for API authentication resulted in 405 return status
  • Fixed issue where mobile number could sometimes be missing in person's profile after accepting invitation

6.5.0

Features

  • Introduced new API for decoupling person identities, please refer to the documentation to get more details
  • Introduced new API for coupling person identities which uses identity provider identifier instead of type, please refer to the documentation to get more details
  • Introduced new configuration API for resolving configured identity providers, please refer to the documentation to get more details
  • Fixed issues with resolving correct language when default language set contained country or variant code

Improvements

  • Removed dependency to personal templates from admin templates to fix potential customization problems in the Onegini IdP extensions

6.4.0

Features

  • Introduced new external Identity Provider type - Sign in with Apple. Users can now log into the Onegini IdP using of their AppleIDs. See topic guide for details
  • Introduced a new REST API (storage api) which allows storing values within the Onegini IdP cache for a preconfigured amount of time. This feature can be used to store authentication data in external authorization flows like Sign-in with Apple

Improvements

Bug fixes

  • Fixed problem with setting locale with variant code when calling Update Person API endpoint
  • Fixes person search api issue where searching person via email was case sensitive

6.3.0

Features

Improvements

  • Improved database connection pool performance

Bug fixes

  • Fixed issue with updating multiple custom attributes when executing call to Person API update person endpoint

6.2.2

Bug fixes

  • Fixed person aggregate deserialization issue caused by class repackaging

6.2.1

Improvement

  • Added possibility to enable experimental features in Features section

Bug fixes

  • Fixed issue where redirecting to whitelisted origin url would fail in some cases
  • Email validity in now visible inside email content in case of reset password
  • Fixed issue that caused infinity redirect loop when user's email addres was verified by API update call, when email verification was enabled

6.2.0

Features

Improvements

  • Added support for displaying RequestDenied and PartialLogout DigiD error messages
  • The Onegini IdP gives possibility to load configuration from the extension repeatedly.
  • When acting as a SAML Service Provider the Onegini IdP will advertise within it's metadata that it sends the AuthnRequest signed (AuthnRequestsSigned=true)

Bug fixes

  • Fixed issue where user could be redirected to Redirect to URL after login in SAML authorization flow when consuming action token in web flow
  • User can now successfully login with QR Code when starting and finishing the flow on the same mobile device
  • Fixed possible login issues when the activation feature was enabled
  • Added variant code locale resolving after redirect from invitation and verification email

6.1.1

Improvements

  • Added possibility to run migrations out of order with environment variable IDP_DATABASE_MIGRATIONS_OUTOFORDER

Bug fixes

  • Fixed issue where user could be redirected to Redirect to URL after login in SAML authorization flow when consuming action token in web flow
  • Fixed axon deserialization issue caused by lack of proper event definition

6.1.0

Features

  • Migration during sign up feature can now be switched per Identity Provider type
  • Added possibility to authenticate via LDAP identity provider in SAML ECP flow
  • Added detailed information about reason why Saml login failed
  • Added new extension point for person pre creation processing. Please see topic guide for details

Improvements

  • Changed the maximum length of the custom attribute value from 255 to 2047
  • Added support for setting customized or randomized admin password during initial install
  • Custom messages with default locale can now be set in admin panel and are resolved correctly
  • Improved application performance by additional data caching

Bug fixes

  • DigiD is now correctly resolved as SAML IdP when it comes to attributes mapping
  • Email verification is now send after email is updated via api and user is not activated
  • Invitation flow with return url is now possible
  • Fixed bug that allowed to skip not finished Post Process Action
  • Identity linking fixed for saml identity providers on dashboard page
  • Fixed bug that allowed unintentional idp coupling

6.0.0

Features

  • Added support for person migration when password reset is triggered for account without Username&Password identity coupled
  • Added "send_notification" flag to /api/persons/{person_id}/tokens endpoint to allow sending email notifications after token has been generated
  • Moved Action Token related classes to sdk. ActionType, ActionTokenProcessResult, ActionTokenApiExecutionStatus, ActionTokenProcessResponse
  • Added new login method using QR code. More information in documentation
  • Added email saml attribute with valid urn
  • Introduced new API for validating the Action Tokens, please refer to the documentation to get more details
  • Marked old Action Token credentials API as deprecated
  • Added new post-process action - Force UnP identity. For more information please refer to the (Authentication post process actions) chapter
  • Added possibility to signup, activate and couple identities in one api call to /api/persons/activated
  • Added possibility to signup already coupled person without providing password
  • Extended Profile Attributes Update extension point to take control of updating profile attributes whenever it has been called by Onegini IdP
  • Added possibility to set email params such as: from, reply to and sent to (for admin related emails) via message keys depending on the user's locale. Newly added message keys are:
    • onegini.common.email.from
    • onegini.common.email.replyTo
    • admin.emailNotifications.toAddress
  • The JWT keys are now generated and managed by the Onegini IdP. For more details please refer to Configure JWT Keys chapter
  • Added possibility to add redirect uri to action token request. For more details please refer to Action Token topic guide
  • Added action token redirect uri whitelist to admin panel
  • Email is now marked as verified whenever email_verified claim is returned by OIDC provider
  • Implemented right to be forgotten for accounts that have been deleted
    • already deleted accounts can be cleaned up in admin panel (more info in upgrade instructions)
    • data for accounts deleted since this version is removed automatically
  • Added support for OpenID Connect Identity Provider type. For more details please refer to OIDC topic guide
  • Added support for Itsme Identity Provider type
  • Added support for DigiD Identity Provider type. For more details please refer to DigiD topic guide
  • Added new option for modifying existing velocity engine templates
  • Header Authentication for Administrator Users
  • Introduced new flag Synchronise Attributes on identity provider configuration form that gives possibility to turn on or off attributes synchronisation during sign in
  • Added support for profile attributes transformation. For more details see appropriate topic guide
  • Added a new search API that includes additional person info (such as account status) in the search result
  • A new password policy rule is added which blocks usage of passwords that have been discovered in a data breach. It uses data from haveibeenpwned.com
  • It is now possible to define an IP range in CIDR format for Identity Providers of LDAP type which will allow only users with matching IP address to login
  • Added support for forced authentication in SAML
  • User account can now be activated via activation link sent by email, for more detailed info please refer to person activation chapter in the Onegini IdP documentation
  • Deleted LDAP configuration for mobile login functionality
  • Extended configuration API by attributes validation rules
  • Moved Mobile step-up authentication related properties to Smart Security - Step-up Authentication configuration section in the admin console, please check upgrade instructions for more info
  • Moved Mobile Login related properties to Configuration -> Identity Providers configuration section in the admin console, please check upgrade instructions for more info

Improvements

  • Added parameter "user_id" to Search Events API endpoint in order to allow searching for events associated with specific user
  • Make all actions on action token creation atomic. Each one of them can now be processed independently
  • Updated GitlabCI and Java docker images
  • Changed way of choosing the redirect URI when the Action Token is being created. For more information please refer to the Action Token documentation
  • The Action Token REST APIs will now respond with more precise error messages
  • Changed the way the Onegini IdP is processing the actions which are assigned to the Action Token to transactional
  • Extended the list of entries that informs extension about updated attributes for particular person
  • Tokens validate endpoint has been deprecated (more info in upgrade instructions)
  • Added error handling on both sides of token processing (token creation and token usage)
  • Update attributes extension point is now also called directly after sign up
  • Moved Data clean-up section from Configuration tab to System tab in admin panel
  • Added automatic removal of expired mobile transactions. For more information please refer to the Token Server Configuration
  • Changed default order of resolving messages to check all of the locale-specific bundles before using default ones. For more information please refer to the Messages resolution order
  • Geolocation data is now send to Onegini Token Server (if it's available) when using QR code login or mobile login
  • Added IdpObjectMapper instance that is expected to be used for serializing/deserializing communication in between extension and CIM core
  • Replace CustomObjectMapper with ExtensionObjectMapper instance that is expected to be used for serializing/deserializing communication in between the idp-extension and CIM core
  • Improved person lookup view in admin panel by displaying partition list only if partitioning is enabled
  • Metadata for OpenID Connect and itsme identity providers is now cached in Redis
  • Axon snapshots for deleted accounts are removed from database directly after deleting the person (GDPR regulations)
  • Turned off default email verification during automatic sign up and introduced verified by default checkbox in the external idp attribute mapping configuration
  • Added option to manually configure OpenID Connect identity provider
  • Added option to force User Info encryption for OpenID Connect identity provider
  • Added ACR security level configuration to itsme identity provider
  • Updated LinkedIn API to version 2
  • Migrate from Google Plus Sign-In
  • Added option to choose Assertion Consumer Service URL in SAML response based on URL or index specified in SAML request
  • Extended credentials validation API to validate LDAP credentials
  • Merged step-up and mobile login callback url configuration and moved it to the Token Server Configuration in System Tab in admin panel
  • Search API is now deprecated and additionally available from /api/v1/persons/search-profile, new search api is available under /api/v2/persons/search
  • Added signature handling to SAML metadata
  • Added overall and time period user activations statistics to admin panel
  • Action token configuration has been changed. See Action token configuration for details
  • Updated Mobile Authentication APIs
  • Persons partitioning extended by login with external identity providers
  • Added versions matrix to keep track of compatibility between the Onegini IdP and IDP Extension SDK
  • Extended the ProfileAttributesUpdateExtensionPoint extension point which is triggered whenever person's profile attributes are being updated with a new property containing the whole up-to-date profile representation
  • Added IP range configuration for LDAP identity providers

Bug fixes

  • Notifications can be sent to the user that is in CREATED state when activation is not required
  • User can now successfully register in the Onegini IdP when in the SAML flow with ForceAuthn flag set to true
  • The verified flag is now respected when creating or updating person's attributes via Person API
  • The ui-extension URL validation is now working as expected when both the Onegini IdP and the ui-extension are deployed behind a load balancer
  • Fixed a bug causing a person's custom attributes set via either an API call or the Onegini IdP extension being removed during attributes synchronization process
  • Fixed problem with coupling person's account via Create signed-up person endpoint while having more than one Identity provider with given type enabled. Since this version there is no possibility to create and couple account while having more than one identity provider with the same type enabled. Error More than one identity provider with given type enabled (1053) is returned in such case
  • Fixed problem with non-ascii characters encoding for data sent via html forms (more information in upgrade instructions)
  • Fixed copyright in emails to update every year
  • Fixed bug with deleting and adding custom attribute with the same name
  • Fixed issue with uid-urn:oid:0.9.2342.19200300.100.1.1 SAML attribute value not being returned in the SAML AuthnResponse
  • Fixed error which prevented an administrator from updating the Mobile Login configuration
  • Fixed issue with welcome email being sent before user activation
  • Fixed authentication level not being returned as part of the SAML response when ECP binding is used
  • Fixed attributes synchronization when LDAP user credentials are validated via Credentials API
  • Fixed profile attributes not returned in SAML response
  • Fixed issue after removing all custom attributes
  • SAML error will be returned on authentication with social Identity Provider failure
  • Fixed non-unique list of translations in SAML metadata
  • Fixed blocked and inactive person credentials validation issue
  • Fixed SAML Single Logout functionality which did not redirect to origin url parameter
  • Fixed issue preventing users from performing mobile authentication after external idp login
  • Fixed an issue with coupling a person who has a / character within external id
  • Fixed a bug with duplicated primary emails on extension side when updating person via API

6.0.0-M16

Features

  • Added support for person migration when password reset is triggered for account without Username&Password identity coupled

Bug fixes

  • User can now successfully register in the Onegini IdP when in the SAML flow with ForceAuthn flag set to true

6.0.0-M15

Improvements

  • Updated GitlabCI and Java docker images

Bug fixes

  • The verified flag is now respected when creating or updating person's attributes via Person API
  • The ui-extension URL validation is now working as expected when both the Onegini IdP and the ui-extension are deployed behind a load balancer

6.0.0-M14

Improvements

  • Changed way of choosing the redirect URI when the Action Token is being created. For more information please refer to the Action Token documentation
  • The Action Token REST APIs will now respond with more precise error messages
  • Changed the way the Onegini IdP is processing the actions which are assigned to the Action Token to transactional

Bug fixes

  • Fixed a bug causing a person's custom attributes set via either an API call or the Onegini IdP extension being removed during attributes synchronization process

6.0.0-M13

Improvements

  • Extended the list of entries that informs extension about updated attributes for particular person
  • Tokens validate endpoint has been deprecated (more info in upgrade instructions)

6.0.0-M12

Improvements

  • Added error handling on both sides of token processing (token creation and token usage)
  • Update attributes extension point is now also called directly after sign up

6.0.0-M11

Features

  • Added "send_notification" flag to /api/persons/{person_id}/tokens endpoint to allow sending email notifications after token has been generated
  • Moved Action Token related classes to sdk. ActionType, ActionTokenProcessResult, ActionTokenApiExecutionStatus, ActionTokenProcessResponse
  • Added new login method using QR code. More information in documentation

Improvements

  • Moved Data clean-up section from Configuration tab to System tab in admin panel
  • Added automatic removal of expired mobile transactions. For more information please refer to the Token Server Configuration
  • Changed default order of resolving messages to check all of the locale-specific bundles before using default ones. For more information please refer to the Messages resolution order
  • Geolocation data is now send to Onegini Token Server (if it's available) when using QR code login or mobile login
  • Added IdpObjectMapper instance that is expected to be used for serializing/deserializing communication in between extension and CIM core
  • Replace CustomObjectMapper with ExtensionObjectMapper instance that is expected to be used for serializing/deserializing communication in between the idp-extension and CIM core

Bug fixes

  • Fixed problem with coupling person's account via Create signed-up person endpoint while having more than one Identity provider with given type enabled Since this version there is no possibility to create and couple account while having more than one identity provider with the same type enabled. Error More than one identity provider with given type enabled (1053) is returned in such case

6.0.0-M10

Features

Improvements

  • Improved person lookup view in admin panel by displaying partition list only if partitioning is enabled

Bug fixes

  • Fixed problem with non-ascii characters encoding for data sent via html forms (more information in upgrade instructions)
  • Fixed copyright in emails to update every year

6.0.0-M9

Bug fixes

  • Fixed bug with deleting and adding custom attribute with the same name

6.0.0-M8

Features

  • Added new post-process action - Force UnP identity. For more information please refer to the (Authentication post process actions) chapter
  • Added possibility to signup, activate and couple identities in one api call to /api/persons/activated
  • Added possibility to signup already coupled person without providing password
  • Extended Profile Attributes Update extension point to take control of updating profile attributes whenever it has been called by Onegini IdP
  • Added possibility to set email params such as: from, reply to and sent to (for admin related emails) via message keys depending on the user's locale. Newly added message keys are:
    • onegini.common.email.from
    • onegini.common.email.replyTo
    • admin.emailNotifications.toAddress
  • The JWT keys are now generated and managed by the Onegini IdP. For more details please refer to Configure JWT Keys chapter

Bug fixes

  • Fixed issue with uid-urn:oid:0.9.2342.19200300.100.1.1 SAML attribute value not being returned in the SAML AuthnResponse
  • Fixed error which prevented an administrator from updating the Mobile Login configuration

6.0.0-M7

Features

  • Added possibility to add redirect uri to action token request. For more details please refer to Action Token topic guide
  • Added action token redirect uri whitelist to admin panel
  • Email is now marked as verified whenever email_verified claim is returned by OIDC provider.
  • Implemented right to be forgotten for accounts that have been deleted
    • already deleted accounts can be cleaned up in admin panel (more info in upgrade instructions)
    • data for accounts deleted since this version is removed automatically

Bug fixes

  • Fixed issue with welcome email being sent before user activation

Improvements

  • Metadata for OpenID Connect and itsme identity providers is now cached in Redis
  • Axon snapshots for deleted accounts are removed from database directly after deleting the person (GDPR regulations)
  • Turned off default email verification during automatic sign up and introduced verified by default checkbox in the external idp attribute mapping configuration.
  • Added option to manually configure OpenID Connect identity provider
  • Added option to force User Info encryption for OpenID Connect identity provider
  • Added ACR security level configuration to itsme identity provider

6.0.0-M6

Features

  • Added support for OpenID Connect Identity Provider type (currently in beta). For more details please refer to OIDC topic guide
  • Added support for Itsme Identity Provider type (currently in beta)
  • Added support for DigiD Identity Provider type. For more details please refer to DigiD topic guide
  • Added new option for modifying existing velocity engine templates

Bug fixes

  • Fixed authentication level not being returned as part of the SAML response when ECP binding is used
  • Fixed attributes synchronization when LDAP user credentials are validated via Credentials API

6.0.0-M5

Features

  • Header Authentication for Administrator Users
  • Introduced new flag Synchronise Attributes on identity provider configuration form that gives possibility to turn on or off attributes synchronisation during sign in

Improvements

  • Updated LinkedIn API to version 2
  • Migrate from Google Plus Sign-In
  • Added option to choose Assertion Consumer Service URL in SAML response based on URL or index specified in SAML request
  • Extended credentials validation API to validate LDAP credentials

Bug fixes

  • Fixed profile attributes not returned in SAML response
  • Fixed issue after removing all custom attributes
  • SAML error will be returned on authentication with social Identity Provider failure

6.0.0-M4

Features

  • Added support for profile attributes transformation. For more details see appropriate topic guide
  • Added a new search API that includes additional person info (such as account status) in the search result
  • A new password policy rule is added which blocks usage of passwords that have been discovered in a data breach. It uses data from haveibeenpwned.com

Improvements

  • Merged step-up and mobile login callback url configuration and moved it to the Token Server Configuration in System Tab in admin panel
  • Search API is now deprecated and additionally available from /api/v1/persons/search-profile, new search api is available under /api/v2/persons/search
  • Added signature handling to SAML metadata
  • Added overall and time period user activations statistics to admin panel
  • Action token configuration has been changed. See Action token configuration for details

Bug fixes

  • Fixed non-unique list of translations in SAML metadata

6.0.0-M3

Features

  • It is now possible to define an IP range in CIDR format for Identity Providers of LDAP type which will allow only users with matching IP address to login
  • Added support for forced authentication in SAML

Improvements

  • Updated Mobile Authentication APIs

Bug fixes

  • Fixed blocked and inactive person credentials validation issue

6.0.0-M2

Features

  • User account can now be activated via activation link sent by email, for more detailed info please refer to person activation chapter in the Onegini IdP documentation

Improvements

  • Persons partitioning extended by login with external identity providers
  • Added versions matrix to keep track of compatibility between the Onegini IdP and IDP Extension SDK
  • Extended the ProfileAttributesUpdateExtensionPoint extension point which is triggered whenever person's profile attributes are being updated with a new property containing the whole up-to-date profile representation
  • Added IP range configuration for LDAP identity providers

Bug fixes

  • Fixed SAML Single Logout functionality which did not redirect to origin url parameter

6.0.0-M1

Features

  • Deleted LDAP configuration for mobile login functionality
  • Extended configuration API by attributes validation rules
  • Moved Mobile step-up authentication related properties to Smart Security - Step-up Authentication configuration section in the admin console, please check upgrade instructions for more info
  • Moved Mobile Login related properties to Configuration -> Identity Providers configuration section in the admin console, please check upgrade instructions for more info

Bug fixes

  • Fixed issue preventing users from performing mobile authentication after external idp login
  • Fixed an issue with coupling a person who has a / character within external id