Visit Nexus to get an overview of Nexus' solutions, read customer cases, access the latest news, and more.

Version: 3.12.8

Release Date: 2020-10-01

This release notes contains all changes since 3.12.5.

For information on how to upgrade from Smart ID Identity Manager 3.11 to 3.12, read this instruction: Upgrade from PRIME 3.11 to PRIME 3.12.

There is a patch available on the download portal, fixing an PKI card encoding issue with Card SDK:

Patching instructions are included in the zip archive.

Detailed feature list



Modify attributes in uploaded Pkcs#10 requests

A new service task is added that allows to modify attributes of an uploaded Pkcs#10 certificate request when using Nexus Certificate Manager as PKI. Read more here: Standard service tasks in Identity Manager: "Cert: Execute Modified PKCS10 Request"


More attributes can be extracted from X.509 certificates

Extended standard service task for X.509 certificate attribute extraction. Now also keyType, keyUsage, extKeyUsage, hashAlgorithm, cdpUrls and ocspUrls can be extracted from the certificates. Read more here: Standard service tasks in Identity Manager: "Cert: Extract Certificate Attributes".


Change the secret fields encryption keypair with command line tool

Certificate rollover/re-encryption of encrypted fields in the Identity Manager database can now be done with a corresponding command line tool. Read more here: Change Encryption key of secret field store.


Improved authentication in Smart ID Agent

The Smart ID Agent now also supports authentication via client certificate. Read more here: Smart ID Agent (DataSyncProxy) in Identity Manager and here: Access local services from Identity Manager in the cloud.


Logging for SAML has been extended

Extended logging for SAML authentication process on log level INFO.


Loading latest encryption certificate from LDAP

A new standard service task is added that allows to retrieve the latest encryption certificate for a certain user from an LDAP directory. Read more here: Standard service tasks in Identity Manager: "Process: Search the newest Encryption Certificate".


Extended logging

Extended logging for Certificate REST API (aka Autoenrollment).


Introduced the Hybrid Profile concept

A new "hybrid profile" option was added to the VSC use cases, supporting both TPM (and as fallback) Windows certificate store provisioning. Read more here: Read more here: Standard service tasks in Identity Manager: "Personal Messaging: Create key on VSC and Install cert on VSC".


Improved language selection in Smart ID Self-Service

A language selection is added to the Smart ID Self-Service screen, which is available after login as well. So, users can now select the language before authentication but also at any time when they are working in the Smart ID Self-Service.


Improved user experience for smart card encoding

In Smart ID Self-Service, when encoding smart cards via Smart ID Desktop App, the user experience and error handling has been improved. No need to do an additional "Next" click after encoding, and the self-service screen is locked so that you can't accidentally switch the page.

Corrected bugs

CRED-8776Fixed an issue around state selection in the search filters when using a multi-level search in the Extended Search view. Wrong states were displayed in that case.

Fixed a security flaw when concurrent SAML authentication is done on a multi-tenant system.


Fixed the error handling in SAML configuration: if password for the uploaded certificate key store is wrong, now a correct error message is shown.


Fix for disabling REST APIs which were still active while Identity Manager was in maintenance mode.


Fixed rendering of line breaks in translated labels for Self-Service.


Fixed an issue in Batch Order: when opening an existing order, removing one item of the objects in the order list didn't work.


Security fix for JUEL expression language.


Avoids an unwrapping private key error with PKCS#12 files by repackaging.


Updated "jetty" library to a newer version to fix known vulnerabilities.


Fixed handling of empty serial number value in standard service task for SCEP registration. Now the empty value is send to Certificate Manager instead of "null".


Fix for ActionExceptions, showing resource tags instead of translations in the UI.


Fixed an issue in the cookie handling of Self-Service (failed authentication) when having a lot of data (e.g. via additional fields) in the user record.


Fixed display of username and IP address in in object history (was not shown anymore).


Fixed a displaying issue with text fields in Identity Manager, Admin and Tenant.


Fixed field validation for read-only fields in user forms for Self-Service.

CRED-9898Fixed starting BPMN process in BatchSync when no target core template is selected.

Solves an issue with the DB Updater failing on Oracle DBs with multiple Identity Manager schemes.


Solves a NullpointerException with BatchSync.

CRED-9959When reloading a form that contains validation rules on a date field, a second time in Smart ID Self-Service it was not displayed correctly. This has been fixed now.
CRED-10084Fixed error handling for smart card encoding in Smart ID Self-Service when canceling the PIN dialog. The error is now thrown correctly in the extended error mode and can be handled via a corresponding boundary event in the BPMN process.

Release announcement



For information on limitations, see Limitations for Identity Manager.


Contact Information

For information regarding support, training and other services in your area, please visit our website at


Nexus offers maintenance and support services for Smart ID Identity Manager to customers and partners. For more information, please refer to the Nexus Technical Support at, or contact your local sales representative.