Release notes old versions

2.04.07

Bug fixes

  • Fixed bug where the mobile authentication enrollment failed in cluster mode

2.04.06

Features

  • to improve the UX of the enrollment flow, scope verification is added before the one time password is sent
  • Basic authentication is enforced on OAuth endpoints
  • A rest endpoint is added to check if a user has entered his device code on the login portal
  • Check for scope verification service in two way OTP and call scope verification service before generating the response code
  • The language of the user can be selected based on a Cookie value
  • Added a new optional header authenticator configuration option: header.auth.languageCode.cookieName Cookie name used to determine the language for the user, if set and cookie is available this is preferred over the header value.

Bug fixes

  • iOS: Demo App Push message no longer shows the full message
  • Deleting an application sometimes results in an exception
  • In test env user redirected to http after successful saml auth
  • APNS SSL certificate is being overridden during App version edit when no changes are being done
  • NN Enrollment Token update is not propagated between cluster nodes
  • As a client I should not be able to use the transaction cookie of another client
  • As Harry I want to enable revoking of devices via admin for operators and helpdesk
  • Push secret and certificate are shown unencrypted in event log of admin
  • The post form on the consent page has an invalid action
  • As Johan I want the dead-end page to use the correct styling also without the transaction cookie
  • As Lisa I want a numeric keyboard when entering a code for two way OTP

2.04.00

  • displays Authorization Complete page after finishing authorization flow on mobile clients
  • adds unique device id to distinguish user devices
  • adds support of SAML Identity Providers which doesn't have an accessible metadata URL
  • introduces default Identity Provider flag
  • adds support for OpenID Connect scopes
  • adds support for OpenId Connect signed id_tokens
  • allows administrators to create custom attribute mappings between Identity Provider and id_token
  • introduces new Identity Provider type (OTP) which requires One Time Password during enrollment process
  • creates a relation between authentication apps and user devices
  • increases security of mobile authentication callback mechanism
  • enriches initial authentication response with "expires_in" property to allow Portal clients with different time/date settings to properly handle timeout
  • adds platform property (ex. android) to device object returned by the public API
  • allows administrators to remove Identity Providers
  • enables clients to override default text messages displayed by the Token Server
  • introduces PIN Policies to prevent the usage of a weak PIN
  • push secret and certificate must be hidden in event log (OAUTH-755)

2.03.06.00

  • Added a new optional header authenticator configuration option: header.auth.languageCode.cookieName
Property Example Value Description
header.auth.languageCode.cookieName Language Cookie name used to determine the language for the user, if set and cookie is available this is preferred over the header value.

2.03.00

  • allows to serve client specific templates to mobile clients
  • changes the session timeout to 15 minutes
  • allows to use server time during Dynamic Client Registration process
  • allows administrators to explicitly define push server endpoint
  • allows helpdesk users to detach devices