Release notes 5.x versions
- Change from HTTP-POST binding to HTTP-Redirect binding in SAML Authentication requests.
- Update MariaDB driver from 1.5.9 to 2.0.3.
- Security improvements
- Security improvements
- Fixed building redirect uri when only the
X-Forwarded-Protoheader is set in the request
- Fingerprint authentication was allowed even though the functionality was disabled in the admin. Only affected users that had fingerprint authentication enabled.
- Added ability to set scope verification service settings via environment variables.
- Moved "API" tab to the "Systems" page in the admin console.
- Improved UX for the admin console events table by moving details to an expandable view.
- Test client now supports the new mobile authentication enrollment flows.
- Restructured and cleaned up the end user API documentation.
- Removed support for Windows devices.
- Added Device API V3 to distinguish between mobile auth and mobile auth with push enrollments.
- Several bugfixes in the admin events log.
- Fix labels on app installations page.
- Set admin cookies to secure.
- Fixed base64 parsing bug in the key enrollment endpoint.
- Disable AJAX request caching in two-way OTP template.
application/xmlcontent type to SAML metadata endpoint.
- Fixed device API bug that did not distinguish between mobile auth and mobile auth with push (breaking change, requires new V3 API).
- Fixed bug where user was not completely deregistered in some scenarios.
- Improve OAuth client configuration in admin panel.
- Move cache TTL values from etcd to be configurable via the admin panel.
- Added database migration to remove lingering OTP IdPs (support was discontinued in 5.01.00).
- Fixed bug in mobile authentication API when checking availability for a user, when the user had multiple devices enrolled.
- Restrict admin mobile authentication request TTL to be equal to or smaller than the cache TTL.
- Fixed default etcd property generation bug.
- Fixed SAML response validation for SSO responses
- Shorten the OTP which makes a QR easier to scan.
- Hide the Mobile authentication section when configuring an app version and the mobile authentication feature is disabled.
- Fixed the Oracle database migration for version 5.5.0.
- Added OTP authentication as a new mobile authentication method, in addition to push and SMS.
- The test client UI now works on mobile devices.
- Restructured and improved the mobile authentication documentation.
- Improved admin console user experience for the mobile platform version configuration.
- Added link to documentation in admin console.
- Updated the MariaDB driver from 1.4.6 to 1.5.9.
- Fixed bug when being redirected back from the IdP in certain cases.
- Added support for IdP-initiated SAML Single Logout.
- Display a numeric keyboard for Android users in the default templates when entering the code for 2WAYOTP or SMS.
- Fixed bug where an unnecessary thread was created for every SAML login.
Note: from this version we removed the leading zeros from our versioning scheme.
- API client support for the two way otp, payload encryption and end user apis.
- Transaction signing support for mobile authentication with push.
Please refer to 4.04.10
- CORS support can be enabled for a set of configurable endpoints and domains.
- Added experimental Custom Authenticator support using the Onegini Extension Engine.
- Proxy support for Google Cloud Messaging with and without preemptive authentication.
- Event details stored in client id field in client validation.
- Some redirects performed by some of the supported IdPs redirect from https to http.
- Invalid attempts for SMS are not properly counted in a stateless cluster setup.
- Discontinued support for the OTP IdP.
- Authentication method and attempt count included in mobile authentication result.
- Optional single user default admin login.
- See fix level of 4.04.07 release.