Visit Nexus to get an overview of Nexus' solutions, read customer cases, access the latest news, and more.

Version: 3.12.5

Release Date: 2020-07-15

For information on how to upgrade from Smart ID Identity Manager 3.11 to 3.12, read this instruction: Upgrade from PRIME 3.11 to PRIME 3.12.

Detailed feature list



Small improvement in the PKI Encoding via Card SDK has been introduced: for the parameter "MDCardID" now not only simple 1:1 field mappings but complex expressions (e.g. ${Person_GID}-!{ICCSN.substring(0,8)}) can be used to build the MDCardID dynamically during encoding.


Introducing new standard service task to create ZIP files: the ZIP content will come from a binary field of an arbitrary list of core objects. Therefore different kinds of files (e.g. Photos, PDFs, certificates) can be package in a ZIP file, that a user can download or receive per mail.

(Known limitation: encrypted fields are currently not supported and will come in the next release).


Improvement in Pkcs#10 request parsing with Nexus CM Connector: when uploading a Certificate Signing Request (Pkcs#10) in a User form (e.g. for Server Certificates), the DC attributes where not supported so far. With this release, also multiple DC attributes can be added to the Subject Name of the Pkcs#10 file.


Storage Prio "Yubi" is now supported in the "Personal Messaging" service task for Virtual Smart Card. This means, the service task can now be used also to enroll certificates on Yubico YubiKey 5 PIV token.


Improvement in "Cert: Execute PKCS10 Request" standard service task: the result can now optionally be stored as Pkcs#7 response in a binary datapool field. the Pkcs#7 response will contain also the certificate chain if provided in the response by the PKI.

Corrected bugs


Fixed searching on external data sources (e.g. Ldap) with the "Execute Search" standard service task. The service task didn't return correct results for external data sources.


Language settings for Smart ID Desktop App was not handled correctly when Smart ID Desktop App was called from Smart ID Self-Service. It could happen that Smart ID Desktop App was shown in the wrong language. This has been fixed now.


Full support has been added for Token initialization for Gemalto MD940 cards with SafeNet Middleware client. Previously, only the first card slot could be initialized. Now also the second (signing slot) can be initialized.


Fixed an issue with translation of forms on Smart ID Self-Service when using translated text in multi-line fields.


Fixed an issue in Batch Order: when opening an existing order, removing one item of the objects in the order list didn't work.


Improved error handling in softtoken service task: when both delivery options (download and email) are activated and email sending failed, the certificate was dropped and not available for download. This has been changed, download is still possible even if email failed before.


Fixed URL mapping in SAML authentication. Differences in port and scheme between SP configuration an called URL caused issues.


Security update:

Updated a couple of 3rd party libraries (e.g. UI Framework, JavaScript) to fix known vulnerabilities. Also a vulnerability in the PKI encoder (client-side java) was fixed, that allowed remote code execution via a certain command in JUEL Expression language.


Fixed cookie management for Smart ID Self-Service when using SAML behind a proxy or load balancer.

Release announcement



For information on limitations, see Limitations for Identity Manager.


Contact Information

For information regarding support, training and other services in your area, please visit our website at


Nexus offers maintenance and support services for Smart ID Identity Manager to customers and partners. For more information, please refer to the Nexus Technical Support at, or contact your local sales representative.