Release notes 10.x versions
Return scopes in the
JWT Access Token as specified in the latest draft of the Token exchange response specification. Bug fixes
Tighter integration between the Mobile SDK and Consumer Identity Manager: the configured external identity providers in the
Onegini Identity provider (e.g. Sign in with Apple, Facebook, DigiD) can be exposed to the Onegini Mobile SDK. Improvements
The OpenID Connect End Session endpoint combined with SAML Single Logout is now fixed when the
Consumer Identity Manager
and the Onegini Token Server are deployed on different domains. The user is now correctly sent to the Post logout URL of the Relying Party after successful logout. SAML Single Logout combined with
unique entity id per client is fixed. The
user is now correctly redirected back to the SAML identity provider. 10.2.0
Fixed a typo in the OpenID Connect
Discovery API for the key
openid scope can no longer be edited or deleted via the Admin console.
Fixed a race condition that could occur during the start up of the Admin console.
App to Web SSO uses the new dedicated App to Web action token in Onegini CIM.
Fix compatibility issues with the APNs push library.
Upgrade third party libraries with known vulnerabilities.
Fixed configuration issue with in-memory password authentication after Spring Boot 2 upgrade.
Zip archives loaded into the system are checked against most common vulnerabilities.
SAML signature and encryption can be
configured with PEM encoded PKCS #8 RSA keys. Added support for PEM encoded PKCS #8 RSA keys in the certificate configuration of a
SAML Identity provider. SAML IdP Metadata URI
cache TTL can be configured. The Application identifier is added to the response for
available authentication options for a user. Token Introspection will include updated Person API details if the
User Info endpoint is configured. Added bulk delete support to the
Device API when using a list of device identifiers. Templates have been migrated to
ThymeLeaf 3.0. Locale can be passed to
Onegini CIM. Upgraded to Spring Boot 2.
Switched to OpenJDK 11 in Docker images.
UX improvements in the Admin console.
Application Property changes via the Admin console no longer require the Onegini Token Server(s) to restart for changes to take effect.
Some of the caches can be cleared from the Admin console.
Added support for
acr_values with OpenID Connect. Bug fixes
Specifying an Identity Provider (IdP) in the Authorization flow now works as expected.
SAML SP will check with the IdP's capabilities when choosing the binding protocol.
Admin/ Config API list response is aligned with the documentation. Authentication Level is properly passed back in user details when using the
ROPC grant type.
Mobile Auth v4 with push allows for SMS fallback when no
device_id is provided.
API exceptions will no longer return HTML in some situations.
Refresh Token exchange is more reliable for mobile applications.