Release notes old versions
2.04.07
Bug fixes
- Fixed bug where the mobile authentication enrollment failed in cluster mode
2.04.06
Features
- to improve the UX of the enrollment flow, scope verification is added before the one time password is sent
- Basic authentication is enforced on OAuth endpoints
- A rest endpoint is added to check if a user has entered his device code on the login portal
- Check for scope verification service in two way OTP and call scope verification service before generating the response code
- The language of the user can be selected based on a Cookie value
- Added a new optional header authenticator configuration option: header.auth.languageCode.cookieName Cookie name used to determine the language for the user, if set and cookie is available this is preferred over the header value.
Bug fixes
- iOS: Demo App Push message no longer shows the full message
- Deleting an application sometimes results in an exception
- In test env user redirected to http after successful saml auth
- APNS SSL certificate is being overridden during App version edit when no changes are being done
- NN Enrollment Token update is not propagated between cluster nodes
- As a client I should not be able to use the transaction cookie of another client
- As Harry I want to enable revoking of devices via admin for operators and helpdesk
- Push secret and certificate are shown unencrypted in event log of admin
- The post form on the consent page has an invalid action
- As Johan I want the dead-end page to use the correct styling also without the transaction cookie
- As Lisa I want a numeric keyboard when entering a code for two way OTP
2.04.00
- displays Authorization Complete page after finishing authorization flow on mobile clients
- adds unique device id to distinguish user devices
- adds support of SAML Identity Providers which doesn't have an accessible metadata URL
- introduces default Identity Provider flag
- adds support for OpenID Connect scopes
- adds support for OpenId Connect signed id_tokens
- allows administrators to create custom attribute mappings between Identity Provider and id_token
- introduces new Identity Provider type (OTP) which requires One Time Password during enrollment process
- creates a relation between authentication apps and user devices
- increases security of mobile authentication callback mechanism
- enriches initial authentication response with "expires_in" property to allow Portal clients with different time/date settings to properly handle timeout
- adds platform property (ex. android) to device object returned by the public API
- allows administrators to remove Identity Providers
- enables clients to override default text messages displayed by the Token Server
- introduces PIN Policies to prevent the usage of a weak PIN
- push secret and certificate must be hidden in event log (OAUTH-755)
2.03.06.00
- Added a new optional header authenticator configuration option: header.auth.languageCode.cookieName
Property | Example Value | Description |
---|---|---|
header.auth.languageCode.cookieName | Language | Cookie name used to determine the language for the user, if set and cookie is available this is preferred over the header value. |
2.03.00
- allows to serve client specific templates to mobile clients
- changes the session timeout to 15 minutes
- allows to use server time during Dynamic Client Registration process
- allows administrators to explicitly define push server endpoint
- allows helpdesk users to detach devices