Page tree
Skip to end of metadata
Go to start of metadata

Version: 3.8

Release Date: 2018-07-20

Introduction

Nexus is proud to announce the availability of Nexus PRIME 3.8. 

Main new features

Data sync proxy introduced

With this release, PRIME gets a new component called DataSync Proxy. The use case for DataSync Proxy is PRIME as a cloud service: when connecting to third party data sources (for example via LDAP, JDBC, or file), then a secure network connection needs to be established from PRIME Explorer or Designer to the data source, that is typically hosted in the customers environment. 

The DataSyncProxy is an easy to use component that is deployed in the customer's network environment and connects via outgoing HTTPS to the PRIME service. PRIME Explorer and Designer can connect in the same way to the third party data sources, via datapool and export configuration, as they would do in the same network.

For more information, see 3.8 - Access local services from Nexus PRIME in the cloud

Nexus GO Cards integrated

With this release, it is possible to connect PRIME to Nexus GO Cards to order cards as a service. Available card layouts in a specific customer account can be downloaded, mapped to corresponding data fields in PRIME and card production via Nexus GO Cards can be triggered via a PRIME process. This means PRIME customers can now choose to print and encode cards either with local card printers or via the Nexus GO service.

For more information on how to add a task to produce cards via Nexus GO Cards, see the Production task in the table in 3.8 - Set up process

PRIME goes Docker

Starting with this release, PRIME will also be available as a Docker container. All PRIME applications, Explorer, Designer, Tenant, and USSP, will be provided as a separate Docker. Nexus is using Kubernetes as reference platform for Docker and will soon provide all releases in an Azure Registry.

Detailed feature list

Features

JIRA ticket noDescription
CRED-5840

Data pool constraints feature removed

The old data pool constraints feature, that was deactivated with PRIME 3.5 in PRIME Designer, is now completely removed from the code. This means that old configurations, using the data pool constrains, have still worked so far. From now on the constraint settings will be completely removed from the configuration and the code base, and therefore will no longer work.

CRED-6353

Nexus GO Cards integrated

With this release, it is possible to connect PRIME to Nexus GO Cards to order cards as a service. Available card layouts in a specific customer account can be downloaded, mapped to corresponding data fields in PRIME and card production via Nexus GO Cards can be triggered via a PRIME process. This means PRIME customers can now choose to print and encode cards either with local card printers or via the Nexus GO service.

For more information on how to add a task to produce cards via Nexus GO Cards, see the Production task in the table in 3.8 - Set up process

CRED-6529

Server-side production revised

The implementation of server-side production (card encoding and printing triggered from the PRIME Explorer server) had several limitations, so that not all encoding use cases could be executed. this implementation was completely revised so that server-side production easily can be configured via a corresponding service task and all typical card operations (for example RIFD, PKI with and without Card SDK) can be executed.

For more information, see 3.8 - Configure server-side card operations in PRIME.

CRED-6778

Performance improvements on database layer

Some adjustments on the database layer were done, that improves the performance of Nexus PRIME. Specifically String-Casts, lower() operations where removed and ARITHABORT=true for MS SQL was verified.

CRED-6784

Multi IDP and multi-tenant support for SAML

The SAML implementation was improved so that we now can setup multiple IDPs for PRIME and decide per tenant, if we want to use SAML (or any other authentication type) and also which IDP should be used for a specific tenant.

Also the the attribute that holds the user ID in the SAML ticket can be configured now in the authentication profile.

CRED-6853

Scrambling of password fields in signEncryptEngine.xml

In one of the last releases we introduced a scrambling mechanism for properties files on the PRIME server so that sensitive data, for example user credentials for the PRIME database connection, are not stored in clear text in the files. The same mechanism is now available for signEncryptEngine.xml to protect the PINs and Passwords for the P12 and HSMs.

CRED-6858

Moved D-Trust Connector to 'internal'

Following Nexus' strategy to move all PKI connectors into the PRIME Designer and Explorer as internal connectors, we have now also moved the D-Trust PKI Connector into the new architecture. The functionality remains the same, but the D-Trust Connector benefits from the new architecture regarding security, error handling, simplified setup, and so on.

For more information, see 3.8 - Integrate PRIME with D-Trust connector.

CRED-6919

Updated Jasper Reports

The reporting tool "Jasper Reports" that is used in PRIME to create any output as PDF (reports, PIN letters, receipts etc.) was updated to the latest version. This means, that customers and partners who want to modify PDF templates, will have to update also the design tool to the latest version (like Jaspsersoft Studio 6.4.2).

CRED-6920

Introducing DataSync Proxy

With this release PRIME gets a new component called DataSync Proxy. Use Case for DataSync Proxy is PRIME as a cloud service: when connecting to 3rd party datasources (for example via LDAP, JDBC or File), then a secure network connection from the PRIME service (Explorer, Designer) to the datasource (typically hosted in the customers environment) needs to be established.

The DataSyncProxy is an easy to use component that will be depolyed in the customers network environment and connects (via outgoing HTTPS) to the PRIME service. PRIME Explorer and Designer can connect in the same way (via Datapool, Export Config) to the 3rd party datasources as they would be in the same network.

CRED-6925

Domain component (DC) attribute now supported in Certificate Templates

We added support for encoding DC attributes in all certificates that are requested via PRIME. DC can be added as a certificate attribute (similar like CN, OU or others) in the certificate templates.

CRED-6926

Execute Service Tasks via Batch Sync

Batch Sync can now execute directly Standard Service Task without using a BPMN process.

CRED-6927

Execute Process in Batch Sync for all records

In the previous release the execution of processes via BatchSync as limited to records that are inserted or updated. Now the administrator can choose for a batch Job, if the processes should only be executed for insert/update of if he wants to execute a process for all records that are in the data source (no matter if the record in the target remains unchanged).

CRED-6960

Request/ Recover PGP Keys with CM

PRIME provides now a standard service task that can be used to request or recovery PGP Keys from Nexus CM. The service task works in a similar way like the Softtoken Service task: Keys can be requested and will be send either via mail or downloaded in a User Form.

CRED-6966

Set certificate validity in PRIME

CM allows to override the certificate validity date (set in the Token Procedure) via the CM SDK request. This means the predefined validity in the PKI Policy can be set dynamically in the certificate requests. PRIME now introduces a new parameter in the PKI Encoding Description to set the certificate validity date.

CRED-7016

IDNomic PKI Connector

with this release we have introduced a standard connector to IDNomic PKI. the connector supports all types of user certificates (authentication, signing, encryption). Key backup and key recovery is also supported.

For more information, see 3.8 - Integrate PRIME with IDNomic connector.

CRED-7032

Bulk certificate provisioning for Personal Mobile

The integration to Nexus Personal Mobile is improved. PRIME can now provision multiple certificates in one step to Personal Mobile. The corresponding standard service tasks are extended, and the standard process in Nexus Smart ID Digital ID is adapted accordingly.

CRED-7087

PRIME goes Docker!

Starting with this release, PRIME will be available as a Docker container as well. All PRIME applications (Explorer, Designer, Tenant, USSP) will be provided as a separate Docker. Nexus is using Kubernetes as reference platform for Docker and will provide all releases in an Azure Registry soon.

CRED-7088

CM 7.17 supported

The latest version of Nexus Certificate Manager (7.17) is supported with PRIME 3.8.

CRED-7092

Edit existing images via Card SDK

Until now, it was only possible to change (for example cropping, rotation) photos during the capturing procedure via Nexus Card SDK. Sometimes it is necessary to modify Photos in a later stage of the user enrolment, for example if the Photo comes from another source and an Operator has to select a frame later on. Therefore, existing photos can be pushed into the Card SDK capture dialog and modified with the existing Card SDK features in the capture dialog.

Note that this feature requires Card SDK version 5.3.0.51 or later.

CRED-7097

Execute Batch Jobs without a target

BatchSync was introduced as a tool for batch data synchronization between PRIME and a 3rd party data source. Now it is also possible to use BatchSync as a general purpose batch tool: the target data pool is now an optional parameter, which means that arbitrary processes can be execute on a certain set of data records. this means that BatchSync provides similar functionality like BPMN timer processes. To simplify configuration, it is recommended to use BatchSync instead of timer processes, if possible from now on.

LPM-470

Revised Server Certificate Management

The server certificate management module was reviewed, processed improved, made more user friendly, improved error handling.

LPM-473

Introducing Processes for auto-enrollment for Server Certificate Management

it is no possible to manage certificates that are issued via auto-enrollment from Nexus Certificate Manager (CM). Certificates that are issued will be pushed from CM automatically to PRIME so that these certificates are visible there for further operations

LPM-484

Introducing soft token management as an add-on to Smart ID Digital ID

With PRIME 3.8 there is an add-on package for Smart ID Digital ID available to manage the lifecycle of user soft tokens.

Request, revoke, replace, renew one or several (for example authentication and encryption) certificates per user is possible, either in Self-Service or Operator mode.

Corrected bugs

JIRA ticket noDescription

CRED-5075

Change detetction in Designer CoreTemplate configuration did not recognize processes that where removed as additional commands. Fixed in this release.

CRED-6364

SAML Redirect with HAG didn't work properly in some use cases. This is fixed now.

CRED-6378

mapping of binary fields to Card Designer (for example photo or signature) was not working properly for all datapools. In some cases only a subset of available fields or the wrong fields where shown. this is fixed now.
CRED-6520the user preferences/ user processes in the HTML Explorer didn't show up anymore. This is fixed in PRIME 3.8
CRED-6726Fixed USSP UI for Mobile devices. Some issues style settings caused wrong rendering of combo boxes and buttons.
CRED-6745Deleting Tenants was not possible in a system that was udpated from PRIME 3.5. Fixed now.
CRED-6824Uploading multiple files of the same binary type in the same form didn't work. Fixed now.
CRED-6873Comboboxes in USSP did not respect the read-only flag in the form. this is fixed, now read-only comboboxes can't be changed in USSP anymore.
CRED-6874Executing Search in a USSP Form (search button) didn't work if the mapping was empty in the form configuration. Fixed in this release.
CRED-6875Fixed security issue in USSP forms: it was possible to modify read-only fields via manipulation of HTML code on the client side.
CRED-6881Fixed DB update script to 3.7, JOB_CONFIGURATION_LOCATION was not updated correctly.
CRED-6884Fixed NullPointerException in USSP multi-select search form. Occured, when no entries where selected and apply button was pressed.
CRED-6885Fixed 'changeStateinCA' Task: writing history entries didn't work.
CRED-6889dupliate libraries (asm) in different versions caused issues with the scripting engine in some cases. Library conflicts are solved, asm library is now only deployed in the latest version
CRED-6902Drag&Drop field mapping for Certificate template configuration required two tries each time. this is corrected now.
CRED-6918Fixed encoding of PRIME language files, several files were not stored in UTF-8 format.
CRED-6945Deleting a Tenant was not possible anymore, after maintenance mode was used once. Fixed in this release.
CRED-6949fixed an issue regarding connection handling for PKI Encoding.
CRED-6970Fixed fetching CA Configuration Data in PRIME Designer. Duplicates where created when fetching the config multiple times.
CRED-6984Fixed incorrect handling of Hash vaules for binary object history entries. the issue caused errors during process execution.
CRED-6986Fixed handling 'null' values for Secret field store.
CRED-7007Language detection in the browser failed when using SAML Login. This was caused by a bug in the UI framework. Fixed by updating the UI framework for 3.8 release.
CRED-7011Fixed BPMN error handling of the EMail Task.
CRED-7136when opening a user form in a sub process via USSP, the process data map was not loaded correctly (parent data map was shown). This is fixed in PRIME 3.8
CRED-7139When using the List Element in USSP forms, Core Templates and Object state was not shown correctly. Fixed in this release.
CRED-7149fixed handling of binary data in the SmartACT migration tool for Oracle Database.
CRED-7182fields in search form layout was cropped when using lot of filters and different search config in USSP. Layout of filter fields and config selection is rearranged.
CRED-7185changing subprocesses required the usage for the Eclipse Activiti Designer so far. This is fixed now, can be changed in PRIME Designer now.
CRED-7192D-Trust Connector did not support SN and GN attributes in the request. due to changes in the D-Trust policies, these fields are mandatory now. Added the corresponding fields in the implementation now.
CRED-7227Fixed "StoreUserCertOnly=true" for writing encryption certificates on the smart card.
CRED-7251Popups in the PKI encoding process (for example PIN popup) were not always shown as topmost dialog. This is fixed now, encoding dialogs are now always send to the foreground.


Release announcement

Important notes on this release

PRIME 3.8 will be the last release with full support for Java webstart technology.

From PRIME 3.9 and on, the plan is to support Java 18.9 (where webstart is deprecated) in parallel to Java 8.

From PRIME 3.10 the latest, all Java client technologies will be completely removed, including the java-based PRIME Explorer and PKI Encoder client. The PKI Encoder client will be replaced with technology based on Nexus Personal / Messaging Server. 

Contact

Contact Information

For information regarding support, training and other services in your area, please visit our website at www.nexusgroup.com/

Support

Nexus offers maintenance and support services for Nexus PRIME to customers and partners. For more information, please refer to the Nexus Technical Support at www.nexusgroup.com/support/, or contact your local sales representative.

Related information