Nexus' software components have new names:

Nexus PRIME -> Smart ID Identity Manager
Nexus Certificate Manager -> Smart ID Certificate Manager
Nexus Hybrid Access Gateway -> Smart ID Digital Access component
Nexus Personal -> Smart ID clients

Go to Nexus homepage for overviews of Nexus' solutions, customer cases, news and more.


Skip to end of metadata
Go to start of metadata

Version: 3.12.8

Release Date: 2020-10-01

This release notes contains all changes since 3.12.5.

For information on how to upgrade from Smart ID Identity Manager (PRIME) 3.11 to 3.12, read this instruction: Upgrade from PRIME 3.11 to PRIME 3.12.

There is a patch available on the download portal, fixing an PKI card encoding issue with Card SDK: prime_modules_3.12.8_patch1.1.zip.

Patching instructions are included in the zip archive.

Detailed feature list

Features

KeyDescription
CRED-9564

Modify attributes in uploaded Pkcs#10 requests

A new service task is added that allows to modify attributes of an uploaded Pkcs#10 certificate request when using Nexus Certificate Manager as PKI. Read more here: Standard service tasks in Identity Manager: "Cert: Execute Modified PKCS10 Request"

CRED-9697

More attributes can be extracted from X.509 certificates

Extended standard service task for X.509 certificate attribute extraction. Now also keyType, keyUsage, extKeyUsage, hashAlgorithm, cdpUrls and ocspUrls can be extracted from the certificates. Read more here: Standard service tasks in Identity Manager: "Cert: Extract Certificate Attributes".

CRED-9802

Change the secret fields encryption keypair with command line tool

Certificate rollover/re-encryption of encrypted fields in the Identity Manager database can now be done with a corresponding command line tool. Read more here: Change Encryption key of secret field store.

CRED-9829

Improved authentication in Smart ID Agent

The Smart ID Agent now also supports authentication via client certificate. Read more here: Smart ID Agent (DataSyncProxy) in Identity Manager and here: Access local services from Identity Manager in the cloud.

CRED-9865

Logging for SAML has been extended

Extended logging for SAML authentication process on log level INFO.

CRED-9886

Loading latest encryption certificate from LDAP

A new standard service task is added that allows to retrieve the latest encryption certificate for a certain user from an LDAP directory. Read more here: Standard service tasks in Identity Manager: "Process: Search the newest Encryption Certificate".

CRED-9961

Extended logging

Extended logging for Certificate REST API (aka Autoenrollment).

CRED-9988

Introduced the Hybrid Profile concept

A new "hybrid profile" option was added to the VSC use cases, supporting both TPM (and as fallback) Windows certificate store provisioning. Read more here: Read more here: Standard service tasks in Identity Manager: "Personal Messaging: Create key on VSC and Install cert on VSC".

CRED-10106

Improved language selection in Smart ID Self-Service

A language selection is added to the Smart ID Self-Service screen, which is available after login as well. So, users can now select the language before authentication but also at any time when they are working in the Smart ID Self-Service.

CRED-10118

Improved user experience for smart card encoding

In Smart ID Self-Service, when encoding smart cards via Smart ID Desktop App, the user experience and error handling has been improved. No need to do an additional "Next" click after encoding, and the self-service screen is locked so that you can't accidentally switch the page.

Corrected bugs

KeyDescription
CRED-8776Fixed an issue around state selection in the search filters when using a multi-level search in the Extended Search view. Wrong states were displayed in that case.
CRED-9379

Fixed a security flaw when concurrent SAML authentication is done on a multi-tenant system.

CRED-9528

Fixed the error handling in SAML configuration: if password for the uploaded certificate key store is wrong, now a correct error message is shown.

CRED-9537

Fix for disabling REST APIs which were still active while Identity Manager was in maintenance mode.

CRED-9578

Fixed rendering of line breaks in translated labels for Self-Service.

CRED-9686

Fixed an issue in Batch Order: when opening an existing order, removing one item of the objects in the order list didn't work.

CRED-9724

Security fix for JUEL expression language.

CRED-9761

Avoids an unwrapping private key error with PKCS#12 files by repackaging.

CRED-9763

Updated "jetty" library to a newer version to fix known vulnerabilities.

CRED-9775

Fixed handling of empty serial number value in standard service task for SCEP registration. Now the empty value is send to Certificate Manager instead of "null".

CRED-9792

Fix for ActionExceptions, showing resource tags instead of translations in the UI.

CRED-9839

Fixed an issue in the cookie handling of Self-Service (failed authentication) when having a lot of data (e.g. via additional fields) in the user record.

CRED-9854

Fixed display of username and IP address in in object history (was not shown anymore).

CRED-9874

Fixed a displaying issue with text fields in Identity Manager, Admin and Tenant.

CRED-9876

Fixed field validation for read-only fields in user forms for Self-Service.

CRED-9898Fixed starting BPMN process in BatchSync when no target core template is selected.
CRED-9905

Solves an issue with the DB Updater failing on Oracle DBs with multiple Identity Manager schemes.

CRED-9947

Solves a NullpointerException with BatchSync.

CRED-9959When reloading a form that contains validation rules on a date field, a second time in Smart ID Self-Service it was not displayed correctly. This has been fixed now.
CRED-10084Fixed error handling for smart card encoding in Smart ID Self-Service when canceling the PIN dialog. The error is now thrown correctly in the extended error mode and can be handled via a corresponding boundary event in the BPMN process.

Release announcement

-

Limitations

For information on limitations, see Limitations for Identity Manager.

Contact

Contact Information

For information regarding support, training and other services in your area, please visit our website at www.nexusgroup.com/

Support

Nexus offers maintenance and support services for Smart ID Identity Manager to customers and partners. For more information, please refer to the Nexus Technical Support at www.nexusgroup.com/support/, or contact your local sales representative.