Release notes 6.x versions

6.5.1

Improvements

  • Updated Java version in Docker images

Bug fixes

  • SAML may use default identity provider now

6.5.0

Improvements

  • Improved performance of the SDK initialization for Android

6.4.3

Bug fixes

  • For MS SQL database the ANSI_PADDING is now set to ON

6.4.2

Bug fixes

  • SAML Service Provider could not be disabled via admin console
  • SAML now correctly uses a KeyDescriptor with no specific 'use' attribute

6.4.1

Bug fixes

  • Configuration of an LDAP server for the Admin console should not be required
  • SAML Service Provider signature validation failed with a generated certificate
  • Enabling mobile authentication for a device which was previously disabled caused errors
  • Refresh Token abuse detection was triggered for clients that do not support this feature

6.4.0

Improvements

  • Change from HTTP-POST binding to HTTP-Redirect binding in SAML Authentication requests.

6.3.5

Bug fixes

  • Fixed removing all tokens when requesting to revoke only the fingerprint tokens via the End User Device API
  • Documentation should use the same scope names as shown in the Admin console
  • Repair failing database migration in MySQL

6.3.4

Improvements

  • Security improvements

6.3.3

Improvements

  • Security improvements

6.3.2

Bug fixes

  • Fix to make the scheme of the redirect URI fully compliant with RFC 3986
  • Correct documentation for header authentication

6.3.1

Bug fixes

  • Fixed triggering Mobile Authentication on a profile with multiple Custom Authenticators
  • Show validation errors in the form for Custom Authenticators
  • Fixed not being able to delete items from some overview pages in the Admin console

6.3.0

Improvements

  • Allow to delete a push messaging configuration that is in use.

Bug fixes

  • Fixed an issue that crashed the admin when visiting a read-only mobile app overview that contains a template set.
  • Fixed a serialization issue that printed Hibernate properties in the event details.

6.2.1

Bug fixes

  • Fixed resolving static resources

6.2.0

Features

  • Added Resource owner password credentials support for web clients validating the user password using the SAML PAOS binding

Improvements

  • Restructured the documentation to improve readability
  • Send the number of pending mobile authentication transactions as the app badge number in a push notification for iOS
  • Allow to disable issuing refresh tokens to mobile apps from the admin console
  • Allow to delete PIN policies
  • Added a client implementation for mobile authentication to the Token Server test client
  • Allow to delete template sets that are in use
  • Added a clone function to clone a mobile application version configuration

Bug fixes

  • Increased the column size of the user agent
  • Fixed not being able to save a form when using multiple browser tabs in the admin console
  • Clean up pending mobile authentication transactions if a user is deregistered

6.1.0

Features

  • Add support for multiple Custom Authenticators
  • Add endpoint to fetch pending mobile authentication transactions
  • Remove FIDO feature

Improvements

  • Add syntax validation when uploading Custom Authenticator scripts
  • Return device information when triggering mobile authentication
  • Show a message why an Application cannot be removed

Bug fixes

  • Fixed incorrect combinations of HTTP status codes and error messages in API calls
  • Only a warning about using the deprecated Token Validation Grant Type when applicable
  • Fixed the bug that required fields were disabled when adding an Identity Provider of type SAML or OAuth

6.0.0

Features

  • Custom Authenticators as a supported feature configurable in the Admin console
  • Introduced implicit authentication feature

Improvements

  • Resource gateway configurable as API client
  • Configure Extension Engine script configuration and connection properties via Admin console
  • Lists in Configuration Admin panel section have a logical alphabetic order
  • Different styling for buttons changing the state of the application in the Admin console
  • Simplify push mobile authentication fallback feature - allow to fallback to SMS or push with PIN using the base mobile authentication type configuration
  • Provide information on which method was used to initialize mobile authentication
  • Improved displaying app installation usage statistics
  • Return a reason why mobile authentication failed on the fetch authentication result endpoint
  • Add filtering on Application instances in the Admin console
  • Distinguish between mobile authentication and push authentication
  • Improve the performance for sending APNS & FCM notifications
  • Improve displaying userAgent on Activity page in the Admin console
  • Events on why an error occurred with custom authenticators are more detailed
  • Use FCM instead of GCM for sending Android push notifications
  • Use APNs token based authentication for sending iOS push notifications, deprecate certificate authentication
  • Add support for an outgoing proxy for communication with APNS
  • Upgraded MariaDB Connector version
  • Upgrade to jQuery 3.x

Bug fixes

  • Display the scopes that the consent was given for in the event details
  • Prevent uploading too large file as template sets in the Admin console
  • User not logged out anymore after Custom Authenticator deregistration
  • Fixed broken app version config export
  • Fixed Side bar length not dynamically adjusted
  • Fixed displaying template set action options on a template set overwiew page
  • Fixed the link to the not existing intro Configuration page
  • Added validation for required defaultScopes field on Application configuration form in the Admin console
  • Fixed a bug that a second level navigation is hidden behind third level navigation in the Admin Console
  • Fixed handling Mobile Authentication with Custom Authenticator abuse (previously it was handled as a push with pin abuse)
  • Mention in the warning on Application form that clients that were using tampering protection would need to register again when development mode is switched to enabled