Release notes 7.x versions

7.2.2

Bug fixes

  • For MS SQL database the ANSI_PADDING is now set to ON

7.2.1

Bug fixes

  • Deny access to configuration of disabled features
  • Custom truststore was not being used when starting the token server
  • Enabling mobile auth for a device which was previously disabled caused error
  • Configuration of an LDAP server for the Admin console should not be required
  • Refresh Token abuse detection was triggered for clients that do not support this feature

7.1.0

Features

  • API-based registration
    • Two-way OTP as an API identity provider
    • Custom Registration via the Extension Engine
  • Ability to register with a selection of identity providers with a mobile application
  • Parallel sessions are now supported for Web Clients

Improvements

  • Change from HTTP-POST binding to HTTP-Redirect binding in SAML Authentication requests.
  • Attribute mapping configuration only shows for SAML and Header Identity Providers

Bug fixes

  • Implicit access tokens are now cleaned up when a new one is created
  • Metadata in SAML IdP can be made empty
  • SAML Service Provider signature validation failed with a generated certificate

7.0.0

Features

  • Ability to delete items from the read-only view in Admin console
  • Ability to use multiple browser tabs within Admin console and save from any tab

Improvements

  • Change from EHCache to Redis for faster and more scalable caching
  • Authentication applications API has been deprecated, see devices API
  • Support for FIDO has been removed
  • Simpler property resolution with removal of etcd

Bug fixes

  • User will no longer be logged out when disabling fingerprint when logged in via fingerprint
  • Fixed error response for invalid scopes during token refresh
  • Fixed sorting on overviews in Admin console
  • Added server side validation for ROPC Client config
  • Mobile App can now utilize multiple custom authenticators
  • In Admin console, Errors were not properly shown with invalid custom authenticator script
  • Fixed Delete modal on some pages
  • Allow app schemes to contain a hyphen
  • Redirects no longer fail when app scheme contains a hyphen
  • Documentation on 'header auth properties' contained a typo
  • Fixed Disable Fingerprint endpoint in the end user device API to clean up only fingerprint tokens