Release notes 7.x

7.13.0

Improvements

  • Added a possibility to customise login error messages.

Bug fixes

  • Cron jobs definitions are no longer lost on multi node setup.
  • Wrong default message has been shown on login page for blocked Username & Password identity. This has been fixed.

7.12.0

Features

  • Added direct support for externally delivered code activation type (no ui extension needed).

Improvements

  • Migration login updates attributes from original login method used for authentication.
  • Primary email can now be replaced in PersonCreationPreProcessExtension when it's provided in the response.

Bug fixes

  • Fixed issue where mobile authentication could get stuck during authentication status fetching.
  • After a user accepted the invitation, the activation email was sent even though the Force activation after accepting invitation was unchecked. This has been fixed.
  • Username and Password sign up page is not prefilled with data returned by external identity provider.
  • Added additional error message for Credentials API validate endpoint when incorrect password was provided too many times.
  • Fixed a problem with returning identifier of a person to service provider in cookie based authentication.
  • Fixed problem with changing profile attribute after authenticating in SAML passive method.
  • Twilio specific properties were still required even though a different SMS provider was used. This has been fixed.
  • User was allowed to complete invitation process despite being blocked. This has been fixed.

7.11.0

Features

  • Issuer can now be configured in Google Authenticator TOTP uri. Refer to OIDC Logout for more information.

Improvements

  • Added possibility to configure Alphanumeric Sender ID on SMS messages

Bug fixes

  • Could not reset password when the JavaScript validation was turned off. This has been fixed.

7.10.0

Features

  • Update profile attributes extension point has been extended by possibility to delete profile attributes.

Improvements

  • Added information about user's address and custom attributes on invitation sign up page to model map.

Bug fixes

  • Fixed password reset username validation on web flow.

7.9.0

Features

  • Introduced new FlowContext type for all password reset flows.

7.8.1

Bug fixes

  • Admin console could not have been accessed when the idp partitioning was turned off. This has been fixed.

7.8.0

Features

Bug fixes

  • Configuration of attributes mapping for iDIN identity provider has been fixed.
  • Fixed an issue when user needed to double click login button after incorrectly typing password for the first time.
  • Fixed an issue where user's last identity could not be removed via API.
  • The removable flag is now respected when decoupling identity via API.
  • Mapping for custom attributes has been fixed in migration during signup flow.
  • Fixed HEAD requests for some links.
  • Enforced session creation in domain cookie controller.

7.7.0

Features

  • Added a possibility to configure Identity Providers per partition.
  • Extended LDAP IdP configuration allowing to specify which attributes will be requested when a user logs in.
  • Added a possibility to return attributes with authentication information to a Service Provider.
  • Added possibility to choose Name ID Format returned by Service Providers in the Organisation.

Improvements

  • Improved integration with password managers.
  • Added new events indicating failure during failed LDAP authentication.

7.6.1

Bug fixes

  • Fixed an issue with failing identity decoupling via API call.
  • Fixed an issue where mobile step up always failed when user logged in with an action token.
  • Verified flag from email address of newly migrated user was ignored. This has been fixed.

7.6.0

Features

  • Users can now be logged out of OpenID Connect Identity Providers in all logout flows. Refer to OIDC Logout for more information.
  • It is now possible to localize push message notifications for Step-up Authentication and Mobile Login.
  • The Configuration API is now extended with settings for a Content Security Policy (CSP).

Bug fixes

  • When a user logged in with a SAML external Identity Provider on an older iOS device, a SameSite bug in Safari browsers could cause a redirect to an error page. This issue has been fixed.

7.5.0

Features

  • Added an admin section under Smart Security that enables to set a CSP header for user pages.
  • Onegini IdP can now export security events to OneSee. These events can be used by Security Information and Event Management (SIEM) systems.
  • From now on, the option Use stronger coupled Identity Provider is available under Step-up authentication. This option enables a user to use Identity Providers to increase the authentication level during Step-up authentication.

Improvements

Bug fixes

  • Post login action redirect flow is now integrated with SAML. If a user enters Onegini IdP with SAML request, the redirection works correctly.
  • When a confirmation email was sent via a custom email gateway, the person identifier was not shared with the gateway. As a result the email could not be marked as verified. This has been fixed.

7.4.0

Features

  • Added partitionId information in PersonDetails object (Person API)
  • Added possibility to fetch login methods via Configuration API.

Improvements

  • Sign in with apple and other OIDC-flavored flows are adapted to work with a SameSite cookie flag
  • Implemented resiliency policy for the application
  • Added initial setup of the step-up method documentation
  • Made Configuration API V2 backwards compatible

Bug fixes

  • Fixed translation in Smart Security form
  • Fixed error with automatic signup when "Allow sign-up without invitation validation" is enabled
  • Fixed problem with returning attributes to service provider
  • Fixed issue where Force creating username & password during sign-up was not respected during automatic sign up

7.3.2

Bug fixes

  • Fixed release notes link.
  • Fixed upgrade instructions.

7.3.1

Bug fixes

  • User is redirected to service provider in case post login action is configured instead of being redirected to dashboard

7.3.0

Features

Improvements

  • SAML SLO is not executed for identity providers that don't have SingleLogoutService defined in metadata. Because of that change SAML Success response is returned to Service provider instead of PartialLogout after logging out the user.
  • Added logs for measuring metadata generation time
  • property name changed from IDP_ERS_ADMIN_API_BASE_URI to IDP_ERS_ADMIN_API_BASEURI
  • property name changed from IDP_ERS_ADMIN_INSTANCE_ID to IDP_ERS_ADMIN_INSTANCEID

Bug fixes

  • Fixed an issue where verified flag could be set to false on already verified email during sign up via API
  • Fixed an issue with creating additional UnP identity with id from external Identity Provider

7.2.0

Features

  • Added possibility to force activation via externally delivered code after accepting invitation
  • Added new idp AzureAD B2C
  • Allowing to setup a step up method for the first time even though authentication level is insufficient

Improvements

  • Sign up flow is now handled in one transaction to ensure data consistency
  • Added support for HTTP-Redirect binding used for SLO with external identity provider
  • Updated controls labels texts in Smart Config admin panel
  • The dashboard is hidden behind authentication level protection

7.1.0

Features

  • Introduced new BLOCK_LOGIN action in the AuthenticationPostProcessExtension extension point
  • Added ability to request a specific authentication method when logging in with an external SAML IdP.
  • Exposed new dialect for thymeleaf that allows to access flow context storage bean via #flowContext

Improvements

  • Added UI Extension to the Configuration API
  • Added new message personal.login.error.insufficientAuthLevel when external IDP returns insufficient authentication level
  • Redis cache prefix is generated on application startup (can be overridden by SPRING_CACHE_REDIS_KEYPREFIX environment variable)
  • Added new password encryption implementation examples in documentation

Bug fixes

  • Fixed problem associated with resolving resources from extension
  • Fixed check if action token feature is enabled when generating new token
  • Fixed SAML communication problem while exchanging data between CIM and external identity provider
  • Removed execution of migration logic from automated external identity coupling

7.0.0

Features

  • Password parameter is optional when creating activated person through the API
  • Added possibility to activate created person without any identity. See person api documentation for details.
  • Added ability to exclude attributes send to service provider when Include unmapped custom attributes within SAML Response is enabled.

Improvements

  • Action Token Login no longer requires user to have Username and Password identity
  • Removed support for oracle and sql server databases

Bug fixes

  • Fixed SAML SLO for external identity provider session overwritten by username and password session