Release Date: 2019-11-07
Smart ID Identity Manager 3.11 has been released today.
For information on how to upgrade from PRIME 3.10 to 3.11, read this instruction: Upgrade from PRIME 3.10 to PRIME 3.11.
Main new features
Removed Java for PKI encoding in PRIME Explorer
With this release, the last steps are made to remove Java from the clients: PKI encoding in PRIME Explorer is now also possible via Personal Desktop App.
Data Sync Proxy improved
The Data Sync Proxy, the PRIME component to sync data sources remote via HTTPS connections, has been improved. It can now be configured easily in PRIME Designer, and it is possible to set up the proxy per data source. You can now decide which data source that is connected in the local network and which shall go to a remote server.
New admin UI for PACS connector configuration
The Nexus PRIME PACS backend has a new configuration user interface. All PACS connector configuration can now easily be managed on an HTML5 frontend. You can establish the connections to new PACS system and also manage custom configuration parameters for each single PACS system in the UI.
Detailed feature list
|JIRA ticket no||Description|
EJBCA connector included in PRIME standards
EJBCA connector is now included in the new PKI architecture as an "internal connector". Besides improved security and simplified installation this also means that all standard workflows will work out of the box. Key Backup/ Key Recovery is done via Nexus Certificate Manager (CM) (similar as with D-Trust and Quovadis). For more information, see Integrate Identity Manager with EJBCA connector
Improved logging for BPMN Save Service
Improved logging for BPMN Save Service for better troubleshooting: user and core object ID and template name can now be logged.
Added standard service task for requesting order status
Added a standard service task to receive feedback from Nexus GO Cards production. With this service task PRIME can update (for example, via a Batch Sync Job running periodically) the ordering status and RFID chip serials when production is done. See "Card Production: Nexus GO order status" in Card Production - Standard service tasks in Identity Manager.
Listing of assigned user roles has been added
A new view-based data source has been added to the Data Pool configuration. Based on this, a list of all roles, assigned to users (Person CoreObjects) can be created via Search Configuration/Extended Search.
Added standard service task to execute searches
Added a standard service task that can execute search configurations in processes. Result lists will be available in the process map. This service task replaces the searches in beans.xml, and therefore simplifies process search significantly. The old bean-based search still works for compatibility reasons, but it is highly recommended to use the new standard service task instead. See "Process: Execute Search Task" in Process - Standard service tasks in Identity Manager.
PKI encoding in PRIME Explorer executed via Personal Desktop App
PKI encoding tasks (production task and Card Job) in PRIME Explorer, that do not rely on Card SDK, are now executed via Personal Desktop App.
Improved configuration of Assert uniqueness standard service task
The configuration of filter criteria in the Assert uniqueness standard service task has been improved. Parameters can now be added dynamically in the configuration, and each filter criteria can be configured in a separate parameter. See "Process: Assert Uniqueness Task" in Process - Standard service tasks in Identity Manager for the new configuration.
DataSyncProxy can be configured per Data Pool
In previous releases, it was only possible to activate the DataSyncProxy (to connect, for example, from a PRIME cloud service to a local data source) system wide. With this release, the DataSyncProxy can be activated easily in PRIME Designer per Data Pool, so that you can choose which data sources should be connected directly or via the proxy. Read more here: Smart ID Agent (DataSyncProxy) in Identity Manager.
Added standard service task to receive domain list from QuoVadis
To issue TLS server certificates from QuoVadis, allowed domains need to be registered in the QuoVadis account. To do the validation of domain names as early as possible in the request process, the list of valid domains can be received via this service task from the QuoVadis account and stored in a corresponding lookup table. See "Save domain list into PRIME" in Miscellaneous standard service tasks in Identity Manager.
Standard service task configuration supports drop-down lists
Sometimes service task configuration relies on other configuration items (for example, referencing a search configuration) that in previous versions had to be entered manually. Standard service tasks now supports drop-down lists to easily select these linked configurations. In this release this can be used for the new "Process: Execute Search Task" in Process - Standard service tasks in Identity Manager and for all tasks in Smart ID Messaging - Standard service tasks in Identity Manager.
Forms headlines are simplified and aligned
Headlines used in forms (for PRIME Self-Service, PRIME Explorer, for processes or CoreObject views) are now simplified and more user friendly.
Ongoing Virtual Smartcard provisioning not sent to the Open Tasks list
A parameter was introduced that prevents BPMN engine from sending an ongoing Virtual Smartcard provisioning to the Open Tasks list.
Added standard service task to execute script tasks
A standard service task has been added that can execute a script task (for example, Groovy, BeanShell). This can be useful for BatchSync Jobs to avoid using BPMN processes. Small changes (for example, string concatenation or changing format of field values can now be done in a (fast) script instead of using less performant BPMN processes. See "Process: Execute script" in Process - Standard service tasks in Identity Manager.
Introducing new admin UI for PACS backend
PRIME PACS Backend now provides a user friendly web frontend to configure and manage the different PACS systems. The user interface includes standard connection settings but you can also manage PACS specific settings and features.
Using BatchSync instead of BPMN timer process
Replaced all BPMN timer processes in the standard packages with BatchSync Jobs to make configuration changes easier for administrators.
Introduced new search service task in standard packages
Replaced all bean-based "searchexecutors" in the standard packages with the new standard search service task.
|JIRA ticket no||Description|
|CRED-8226||There was an issue in the standard service task "Process: Copy Values of LoggedIn User to Process Map" when using it with LDAP/certificate-based authentication.|
Fixed NullPointerException in change password dialog when leaving new password blank.
|CRED-8447||Fixed size of check boxes in PRIME Self-Service. Style is now aligned to the other form elements.|
The log file "velocityEngine" was not needed and was removed.
|CRED-8560||There was an issue with date conversion when accessing Datasources via DataSync Proxy.|
|CRED-8562||Fixed an issue when deleting a tenant.|
In PRIME Self-Service, an issue with translation of template names and process IDs has been fixed.
|CRED-8632||The polling time in DFN PKI Connector has been increased.|
|CRED-8633||Fixed an issue in the session handling during PKI card encoding. The encoding was running in unhandled error state when swapping the cards during the card production process.|
|CRED-8663||Fixed handling of internal corObject id in data pool configuration. Data pool granted direct access read/write to this field. This has been changed.|
|CRED-8685||Fixed an issue with ECC certificate provisioning when running multiple PRIME Explorer instances on one Tomcat.|
|CRED-8686||When using coreObject result lists in user forms there were empty records when using multiple searches with different core templates. This has been fixed now.|
|CRED-8696||There was an issue with translation of custom buttons in user forms in PRIME Self-Service.|
|CRED-8702||There was an issue with max length field validation in user forms in PRIME self-service.|
|CRED-8738||Fixed an issue with multi-threading in number ranges.|
|CRED-8844||Fixed an issue when deleting a Tenant.|
|IDC-1317||Fixed an issue with entitlement withdrawal in Access Rules.|
|IDC-1327||Fixed a performance issue when sending entitlement requests to the message queue.|
|PRSM-77||Fixed an issue with the error handling when requesting entitlements in the Physical Access package.|
|PRSM-142||Fixed an issue with broken dependencies when uploading the Digital ID softtoken package.|
|PRSM-192||There was an issue in the softtoken recovery process.|
|PRSM-194||Fixed permission setting in Digital ID package: removed "Lock Certificates" process from PRIME Self-Service dashboard.|
|PRSM-206||Added "forgot password" link to PRIME Self-Service login page in default configuration.|
|PRSM-210||Fixed an issue with withdrawal of non-personal cards when employee record gets locked.|
|PRSM-212||Fixed an issue with withdrawal of non-personal cards in Smart ID Physical Access package.|
|PRSM-214||Fixed an issue with the error handling when creating Entitlement Approvers and Responsibles in the Physical Access Package.|
|PRSM-220||Fixed some translations in the softtoken replacement process.|
|PRSM-225||Fixed some broken dependencies and removed dead links in PRIME modules packages.|
Important notes on this release
Several beans in the custom beans files have been removed. Therefore, the PRIME configuration must be updated. For more information, see Upgrade from PRIME 3.10 to PRIME 3.11.
For information on limitations, see Limitations for Identity Manager.
For information regarding support, training and other services in your area, please visit our website at www.nexusgroup.com/.
Nexus offers maintenance and support services for Nexus PRIME to customers and partners. For more information, please refer to the Nexus Technical Support at www.nexusgroup.com/support/, or contact your local sales representative.