Release notes 4.x versions
- Change from HTTP-POST binding to HTTP-Redirect binding in SAML Authentication requests.
- Security improvements
- Security improvements
- Fixed building redirect uri when only the
X-Forwarded-Protoheader is set in the request
- Fixed SAML response validation for SSO responses
- Fixed persisting redirect bugs for specific scenarios
- Removed duplicated context root in request url for some scenarios
- Removed double context path in redirects for some scenarios
- UTF-8 BOM stripped from template files to prevent database storage issues.
- Correct client id set for client credential events.
- PGP invalid signature length error resolved.
- Https to http redirect issues in IdP communication resolved.
- Only allow mobile authentication message data to be fetched once.
- Properly remove all data related to an application for a user when using the application end user api.
- Added preemptive authentication support for the external REST services proxy configuration
- Switched to Docker Compose variables for configuration instead of ETCD properties.
- Added proxy support for GCM.
- Remove FIDO user authenticators on delete consent.
- Invalid attempts during SMS abuse now properly stored in cache.
- FIDO deregistration now only deregisters one authenticator instead of all of them.
- Improved FIDO error handling.
- Unique constraint issue with multiple IdP attribute mappings on Oracle and MSSQL.
- Display max resend value for Mobile authentication via SMS in read only view.
- Use of semicolon as user dns separator instead of space.
- Mobile authentication via SMS exception in stateless cluster setup.
- Dummy user IdP shows a page to provide a userId if no userId was provided as request parameter.
- Mobile authentication transaction marked as unanswered when result fetched before callback is answered in stateless cluster setup.
- Acknowledged mobile authentication transactions resend in stateless cluster setup.
- Integrated custom implementation of two way OTP authentication into core code base, transparent change.
- Send the callback after a mobile authentication answer asynchronous.
- Make REST communication with other services stateless.
- Don't fully rely on FIDO server to validate registration during authentication.
- Validate the user identifier not empty in SAML response.
- Mobile authentication disabled when device disconnection via Token end user api.
- Users with operator role not able to download app config and template set exports.
- Unable to find user details when clicking on user id in events overview for case sensitive user identifiers.
- Performance improvements user search admin console.
- Allow fallback on PIN for mobile authentication via FIDO.
- More detailed events for FIDO success and failure responses.
- SSL/TLS ciphers are made configurable.
- Mobile authentication via FIDO fixes.
- Add check for duplicate name for Mobile authentication types.
- No longer allow to send a mobile authentication answer multiple times until callback is handled by portal.
- Potential concurrent modification exception during push resend for iOS.
- FIDO moved from experimental feature to supported feature
- FIDO configuration via admin console
- Mobile authentication via FIDO
- Use of sha256 in RSA keys for mobile authentication
- Database exception on iOS push resend
- Oauth identify provider endpoints return page not found
- Mobile authentication initialization doesn't work with email address as user id.
- Non UTF-8 characters in device name can't be stored in MySQL.
- Scope verification rest api json does not use snake case parameters.
- Event list in admin console does not perform well in MySQL.
- Error for missing Log4j2.xml printed at application startup.
- Switching default identity provider in admin console raises exception.
- Event filter date fields in admin console ignored.
- Menu items admin console renamed.
- Identity provider and pin policy of application config can not be unset.
- Adding API client doesn't work on Oracle.
- Renamed authorization properties to mobile authentication types.
- Updating mobile authentication types in Oracle can lead to exception.
- FIDO integration fails to initiate due to class not found exception.
- Spaces and special characters no longer allowed in certificate names.
- Updated logging framework
- Option to exclude token validation events via event log filter in admin console.
- Application secret renamed to application signature in the admin console.
- Import and export functionality for translations in the admin console.
- Statistics dashboard is the homepage for admin console users with the role
- User section is the homepage for admin console users with role
- All configuration in admin console is moved to a configuration tab.
- Copy paste functionality in admin console without flash requirement.
- Removed event statistics from statistics dashboard.
- Disabled logging of SAML metadata reloading by default.
- Unable to handle email address as user id in mobile authentication init request.
- Removal of mapping table from db template entities.
- MSSQL migrations needing the db user to be
- Invalid redirect uri used during authorization for custom app schemas when consent and authorization complete page disabled.
- Profile picture not loaded by test resource gateway.
- DCU fails from non tampering protected version to tampering protected version or the other way around.
- Database migration for push message configuration fails on MariaDB.
- Resending of non handled iOS push messages on client validation.
- Trend in unique user logins.
- A summary of used OS versions.
- Total of unique users enrolled.
- Total of application installations per platform.
- Overview between failed and passed login attempts per login method.
- Possibility to explicitly disable the consent notification service.
- Rest/JSON extension point for scope validation service.
- Custom i18n message translations can be managed via the Admin panel.
- Custom templates sets can be uploaded and managed via the Admin panel.
- Mobile authentication API protected with the use of API clients.
- Redesign admin panel user interface.
- Separate dockers for Admin, Engine and Test client.
- Push message config can be reused for multiple mobile application versions.
- Configurable pin length.
- SMS code used for mobile authentication can be resend.
- Optionally allow enrollment of mobile authentication on a different device.
- Improved error handling for json and html responses.
- Discontinue the support for custom platforms.
- New white label templates using Thymeleaf layout dialect.
- Improve the performance of the user event search for MySQL.
- Remove oauth client when last user is disconnected via the admin panel.
- Exception when client not found when using FIDO.