- Created by Ann Base, last modified on Jan 08, 2020
Version: 3.10
Release Date: 2019-05-24
Introduction
Nexus is proud to announce the availability of Nexus PRIME 3.10.
For information on how to upgrade from PRIME 3.9 to 3.10, read this instruction: Upgrade from PRIME 3.9 to PRIME 3.10.
Main new features
New encoding architecture for smart cards
A new encoding architecture for smart cards has been introduced. The (client side) Java Webstart-based "JPKIEncoder" is deprecated and replaced by a solution based on Personal Desktop App and Personal Messaging. The new PRIME Self-Service allows smart card encoding based on the new technology.
The new PRIME Self-Service is complete with new user interface
The new PRIME Self-Service is now completed and the old PRIME USSP (User Self-Service Portal) is deprecated.
New processes for Virtual Smart Cards (VSC)
PRIME 3.10 introduces two new standard processes for VSCs.
A standard process for certificate renewal on VSCs has been added. This process is used to detect all certificates of virtual smart cards that will expire within the coming period. Also added is a standard process for VSC replacing. This can be used when a laptop is broken, stolen or replaced, and the same VSC as on the previous device, shall be used again.
By adding these two process, PRIME now includes all functionalities to do the full lifecycle management for VSC with the standard package.
Detailed feature list
Features
| JIRA ticket no | Description |
|---|---|
| CRED-7517 | SAML authentication to PRIME Self-Service The new PRIME Self-Service now supports also SAML authentication. |
| CRED-7638 | Support for SCEP registration SCEP protocol is now supported in PRIME and a standard service task for SCEP registration has been added. |
| CRED-7729 | Improved performance when permissions configuration is opened in PRIME Designer Permissions are now loaded when tabs are switched in the permission edit page, instead of loading all permissions at the same time. |
| CRED-7764 | Modify photos in PRIME Self-Service The new PRIME Self-Service provides the possibility to modify uploaded photos (for example, to crop images). |
| CRED-7769 | Support for TCOS 3.0 ECC cards PRIME now supports TCOS 3.0 ECC cards. |
| CRED-7795 | Publish PGP certificates through Nexus CM A standard service task for publication of PGP keys via Nexus Certificate Manager (CM) has been added. |
| CRED-7810 | Multiple Identity Core Templates in one Authentication Profile It is now possible to add multiple Identity Core Templates in one Authentication Profile. This means that multiple user groups (for example, Employees and Contractors) can be configured for one SAML profile. |
| CRED-7812 | Support for uploading CSV files from the client side It is now possible to upload CSV files from the client side (PRIME Explorer or the new PRIME Self-Service). Data is imported into the PRIME database (e.g. new users). |
| CRED-7814 | Support for Transport Certificates in Nexus CM Nexus Certificate Manager PKI connector now supports transport certificate validation of pre-initialized smart cards. |
| CRED-7815 | Search buttons in PRIME Self-Service Search buttons in user forms now also works in the new PRIME Self-Service. |
| CRED-7848 | Secret fields are resolved on REST GET requests The REST process API now supports secret fields as return values. |
| CRED-7882 | Validate uploaded photos with Cognitec FaceVACS SDK A photo validation component from Nexus' partner Cognitec has been integrated. It is used to verify a photo of a person (e.g. full face visible, no sunglasses etc.). The module requires an additional Cognitec license. |
| CRED-7885 | D-Trust connector supports software key creation The D-Trust connector now supports to create key pairs in software mode without using Nexus Certificate Manager (CM) as key store. Typical use case is for issuing authentication soft tokens. |
| CRED-7886 | Extended Virtual Smart Card (VSC) provisioning via Nexus Personal Desktop App Arbitrary AdminKeys can be used as initial settings. |
| CRED-7887 | Delete all existing objects on the Virtual Smart Card (VSC) VSC with Personal Desktop App now supports deleting of all existing objects on the VSC (for example, when doing certificate renewal). |
CRED-7890 | Trigger Personal Desktop App for (Virtual) Smart Card encoding In the new PRIME Self-Service, Personal Desktop App can be triggered for (virtual) smart card encoding. |
| CRED-7894 | D-Trust connector supports ECC certificates The D-Trust PKI connector now also supports ECC certificates. |
| CRED-7895 | New encoding architecture for smart cards A new encoding architecture for smart cards has been introduced. The (client side) Java Webstart-based "JPKIEncoder" is deprecated and replaced by a solution based on Personal Desktop App and Personal Messaging. The new PRIME Self-Service allows smart card encoding based on the new technology. |
| CRED-7964 | Configure connection to Personal Messaging in PRIME Designer The configuration to Nexus Personal Messaging (Hermod) has been moved to PRIME Designer. For example, multiple connections to Personal Messaging can now be set up in one tenant. |
| CRED-8026 | Different permissions for Admin menu items in PRIME Explorer Each menu item in the Admin page of PRIME Explorer (Config Upload, Download, Maintenance Mode, etc.) now has its own permission settings. |
| CRED-8027 | Show/hide processes in PRIME Self-Service New permissions where introduced for how to show/hide processes on the new PRIME Self-Service dashboard or as core template actions. |
| CRED-8028 | Read Virtual Smart Card (VSC) meta data from Personal Desktop App Added a VSC standard service task to read meta data from the client (for example, device ID) via Nexus Personal Desktop App. |
| CRED-8100 | Pre-login process in PRIME Self-Service The new PRIME Self-Service supports also pre-login processes on the login screen. |
| IDC-987 | More import/assignment options in Bewator Omnis connector Extended the Bewator Omnis connector in the PACS Backend. Import/assignment on organization level as well as Access Group import/assignment is now available. |
| IDC-1089 | Improvement for Integra PACS connector Multiple system identifiers can now be used to support multiple instances of Integra in PRIME environment. |
| IDC-1096 | Added Siemens SiPort connector Added Siemens SiPort as a new standard connector in the PRIME PACS backend. |
| IDC-1108 | Upgraded the Salto connector Upgraded the Salto connector to the latest Salto Space version in the PRIME PACS Backend. |
| PRSM-106 | Added dedicated state graph for non-personal cards Introduced new standard state graph for non-personal cards in Physical/ Digital ID package. |
| PRSM-126 | Configure all mass production processes in PEM package Added missing Batch order functionalities in the Physical Access Package. |
| PRSM-139 | Added standard process for certificate renewal Added a standard process for certificate renewal on Virtual Smart Cards (VSC). |
| PRSM-141 | Introduced a standard process for VSC re-provisioning Introduced a standard process for Virtual Smart Card (VSC) re-provisioning in the Digital ID package. This can be used when a laptop is broken, stolen or replaced, and the same VSC as on the previous device, shall be used again. |
Corrected bugs
| JIRA ticket no | Description |
|---|---|
| CRED-5950 | There was an issue on save when changing sort order of Search Config in PRIME Designer. |
| CRED-6424 | In Form configuration, when modifying a Text or Encrypted field and selecting the "Display as Image" option, the Type of the field in the form was changed. |
| CRED-6640 | When you create a new AuthProfile in PRIME Designer, AuthProfile CLIENT_CERT_INTERNAL was not available to select and therefore could be created. |
| CRED-6697 | Rendering of Valid to for Date fields in the Form editor in PRIME Designer has been fixed. |
| CRED-6735 | Fixed change detection for binary fields in a form in PRIME Explorer. |
| CRED-6903 | When uploading a new logo for a tenant, it was not scaled correctly in the (HTML) Explorer. |
| CRED-7480 | Root certificate was not written on the smart card when using ADCS Connector. |
| CRED-7634 | Fixed error handling when alpha-numeric value was entered into a number range. |
| CRED-7635 | When setting up a data pool based on an external data source, drag and drop in the field mapping didn't work correctly. |
| CRED-7701 | Fixed issues in SmartACT migration tool when migrating certificate data in from an Oracle database. |
| CRED-7705 | When using the search button in a form on a multi-level search, the result in the process map was not correct (data pool prefix was not removed). |
| CRED-7751 | When using search buttons in forms, it could happen that the result values got translated when adding to the process map. |
| CRED-7766 | Date field formatting in related object view has been aligned with other dialogs. |
| CRED-7790 | Modification Date in CoreObjects was not updated correctly. |
| CRED-7994 | Branding of the new PRIME Self-Service was not possible in an easy way. This is fixed now. |
| CRED-7998 | Change state reasons in standard packages did not match completely to D-Trust revocation reasons. This is fixed now in the D-Trust connector. |
| CRED-8015 | Improved handling of multi-select results in user forms (using search button and list element). |
| CRED-8087 | Fixed UTF-8 encoding in CSV Export-Config. |
| CRED-8115 | Transaction handling of PKI connectors was not correct. In some cases a rollback was done when an error during encoding occurred. |
| CRED-8168 | Fixed display of date fields in the new PRIME Self-Service. |
| CRED-8175 | Fixed an issue when executing BPMN sub-processes in the new PRIME Self-Service. |
| IDC-1072 | Fixed some issues in the setup scripts of PRIME PACS Backend. |
| IDC-1133 | Fixed change PIN functionality in Integra PACS connector. |
| PRSM-67 | Object states (for example Person, Card) were not always in sync with the PACS when an error occurred. |
| PRSM-76 | Card replacement was not published correctly to PACS in the Physical Access package. |
| PRSM-129 | Fixed mass production card processes in standard packages. Unnecessary user interaction is removed. |
| PRSM-130 | Fixed error handling when PRIME synchronizes with subsystems (PACS and PKI) on changing status. |
| PRSM-148 | "Lock Card" for Contractor cards was not visible when using the Phyiscal Access package. |
Release announcement
Important notes on this release
The new PRIME Self-Service replaces the old PRIME USSP, which is now deprecated. Also the Java Webstart PRIME Explorer is deprecated.
The Drools API Business Rules Management System for BPMN is no longer supported.
Limitations
For information on limitations, see Limitations for Identity Manager.
Contact
Contact Information
For information regarding support, training and other services in your area, please visit our website at www.nexusgroup.com/.
Support
Nexus offers maintenance and support services for Nexus PRIME to customers and partners. For more information, please refer to the Nexus Technical Support at www.nexusgroup.com/support/, or contact your local sales representative.
Related information
- Release note Nexus PRIME 3.10.32
- Release note Nexus PRIME 3.10.30
- Release note Nexus PRIME 3.10.28
- Release note Nexus PRIME 3.10.27
- Release note Nexus PRIME 3.10.25
- Release note Nexus PRIME 3.10.19
- Release note Nexus PRIME 3.10.17
- Release note Nexus PRIME 3.10.14
- Release note Nexus PRIME 3.10.13
- Release note Nexus PRIME 3.10.12
- Release note Nexus PRIME 3.10.10
- Release note Nexus PRIME 3.10.8
- Release note Nexus PRIME 3.10.7
- Release note Nexus PRIME 3.10.6
- Release note Nexus PRIME 3.10.5
- Release note Nexus PRIME 3.10.3
- Release note Nexus PRIME 3.10.2
- Release note Nexus PRIME 3.10.1