Loading the error template caused a Hibernate lazy initialization exception in some cases.
10.3.11
Improvements
The Onegini Token Server sets cookies for the authorization flow when it redirects to a SAML or OAuth identity provider to sign in. Some browsers do not store these cookies during the redirect. Without cookies the customer cannot sign in. The Onegini Token Server can now show a page to set the cookies. This page will send the customer automatically to the login page, but it can and probably will be visible for a short period. This step was introduced to ensure that the cookies for the Onegini Token Server will be set correctly. This page is optional and is disabled by default. Enable this page with the environment variable AUTHENTICATION_FLOW_RENDER_PAGE_BEFORE_REDIRECT_TO_IDP=true.
10.3.10
Improvements
With some SAML identity providers login could fail, because there was no support for the element NameIDPolicy. This has been improved. From now on, the optional element NamedIDPolicy will be included in authentication requests towards SAML identity providers depending on conditions in the SAML identity provider configuration.
10.3.9
Bug fixes
In authentication requests towards SAML identity providers, the element NameIDPolicy contained an attribute SPNameQualifier. Login failed with some SAML
identity providers because this attribute should not be present for requests from the Onegini Token Server. This problem has been solved: the attribute
SPNameQualifier is no longer sent with SAML authentication requests.
10.3.8
Improvements
Added backwards compatibility support for the browsers that are not handling the SameSite cookies (e.g. Safari running on iOS 12).
Bug fixes
The Onegini Token Server will prevent access tokens from being removed right after they have been created to allow potentially queued requests to complete successfully. The length of the period can be configured via application property, please refer to the OAuth section in the configuration properties for more details.
10.3.6
Bug fixes
Make SameSite=None the default for all cookies
10.3.5
Bug fixes
Add an index for Microsoft SQL Server database type to enhance performance.
10.3.4
Improvements
Improved monitoring of the application status.
Modified the default timeout settings for connections to Redis. Refer to the changed defaults for Redis timeouts for the new default values.
10.3.3
Bug fixes
Added missing database indexes for Microsoft SQL Server database type.
10.3.2
Improvements
New configuration options to close http connections when calling external APIs that take too long to respond. Please check the upgrade instructions since the defaults have been updated.
Bug fix
Pagination has been fixed when a filter on event types is applied in the Activity section of the admin console
10.3.1
Improvement
Return scopes in the JWT Access Token as specified in the latest draft of the Token exchange response specification.
Bug fix
Make error handling more robust in the App to Web SSO flow.
10.3.0
Feature
Tighter integration between the Mobile SDK and Consumer Identity Manager: the configured external identity providers in the Onegini Identity provider (e.g. Sign in with Apple, Facebook, DigiD) can be exposed to the Onegini Mobile SDK.
Deleting certain entities in the Admin console gives a a confirm with more detailed information about their usage.
Bug fixes
The OpenID Connect End Session endpoint combined with SAML Single Logout is now fixed when the Consumer Identity Manager
and the Onegini Token Server are deployed on different domains. The user is now correctly sent to the Post logout URL of the Relying Party after successful logout.
SAML Single Logout combined with unique entity id per client is fixed. The
user is now correctly redirected back to the SAML identity provider.