Version: 22.04
Release date: 2022-05-05
The Smart ID 22.04 release provides updates in Identity Manager, Self-Service, Digital Access and Physical Access. Messaging provides minor improvements and bug fixes only. All components also provide several bug fixes and library updates to ensure high quality and security.
Upgrade Smart ID
See Upgrade Smart ID with general information regarding upgrading Smart ID. See also specific information regarding upgrade from 21.10 to 22.04: Upgrade Smart ID Identity Manager from 21.10 to 22.04.
Main new features
Integrated new Nexus GO Cards platform
The Nexus GO Cards service has been updated with a lot of improvements. One significant change is that Nexus GO Cards now uses Nexus Card SDK for printing and encoding cards. This means that from now on, you can use the same encodings and the same card layouts for both local card production and the Nexus GO Cards service. See Set up Nexus GO cards layout template for Identity Manager.
Evaluate SAML authentication context
For SAML, an extra layer of security has been added by limiting the role assignment based on authentication method. By mapping authentication methods to roles, you will restrict a user of certain roles depending on the authentication method used to log in. This is done by evaluating the information in the extension "Authentication Context Reference" in Identity Manager. For example, a strong authentication can be enforced for certificate issuing or renewal processes. See Set up authentication profile in Identity Manager for more information.
Smart ID compatibility
Smart ID 22.04 is compatible with the following component versions:
Detailed feature list
Features
Jira ticket no | Description | Digital Access | Identity Manager & Self-Service | Physical Access | Messaging |
|---|
CRED-10409 | Improved caching in Self-Service and Operator The caching mechanism of configuration data (such as BPMN process lists and template config) has been extended in order to improve response times, especially in scenarios with complex configuration and high load on the system. |
| X |
|
|
CRED-10773 | Evaluate SAML authentication context For SAML, an extra layer of security has been added by limiting the role assignment based on authentication method. By mapping authentication methods to roles, you will restrict a user of certain roles depending on the authentication method used to log in. This is done by evaluating the information in the extension "Authentication Context Reference" in Identity Manager. For example, a strong authentication can be enforced for certificate issuing or renewal processes. See Set up authentication profile in Identity Manager for more information. |
| X |
|
|
CRED-11550 | Improved user experience when opening objects in Self-Service When you open Cards, Certificates, Identities etc. in Self-Service, there is often just one item available in the sub-menus and result lists (for example, "my cards" filter, or just one person or card object in the list). To improve the user experience, the Self-Service now automatically opens the respective sub-item, if there is just one item available, to reduce the necessary clicks. |
| X |
|
|
CRED-11570 | Reduced configuration upload time The waiting time while uploading a new configuration in Identity Manager has been reduced by changing a logging parameter in the docker-compose configuration. |
| X |
|
|
CRED-11622 | Keep aspect ratio in Self-Service photo edit When you upload and edit a photo in Self-Service, you can keep the aspect ratio of the photo when you crop or resize the photo. See Edit photo in Smart ID Self-Service |
| X |
|
|
CRED-11754 | Log4j configuration improved The configuration of Log4j now also allows to configure the process-tracker logging without restarting the application. |
| X |
|
|
CRED-11823 | Integrated new Nexus GO Cards platform The Nexus GO Cards service has been updated with a lot of improvements. One significant change is that Nexus GO Cards now uses Nexus Card SDK for printing and encoding cards. This means that from now on, you can use the same encodings and the same card layouts for both local card production and the Nexus GO Cards service. See Set up Nexus GO cards layout template for Identity Manager. |
| X |
|
|
CRED-11844 | Improved search configuration response time in Identity Manager Admin Earlier, when you had many search configurations set up in Identity Manager Admin, it could take some time to load the list of search configurations. This has been improved to ensure that even a long list of search configurations can be displayed and edited quickly. |
| X |
|
|
CRED-11864 | Decoupled verification and deletion of history entries The verification and deletion of history entries are now separated into two independent jobs. This means, that you do not have to verify history entries before you delete them. This helps, especially if you have large object histories, to significantly reduce the execution time of the delete job. Read more here: Upgrade Smart ID Identity Manager from 21.10 to 22.04 and here: Chained signature for object history in Identity Manager. |
| X |
|
|
CRED-11946 | Legacy Kaba Exos integration removed An updated standard integration of Kaba Exos has been released in Physical Access. Therefore, the old native Identity Manager integration of Exos is obsolete and has been removed. All Physical Access use cases will now be handled in the standard Physical Access way. If you use DormaKaba Exos integration, switch to the updated DomaKaba Exos connector in the Physical Access component. Read more here: Set up integration with Dorma Kaba Exos. |
| X |
|
|
CRED-11947 | Switch to new SQL dialect The SQL dialect implementation has been updated to improve the performance on the MS SQL Server. |
| X |
|
|
CRED-11988 | Revised database indices Some database indices in the Identity Manager database schema have been added and modified to improved the overall system performance. This is based on experiences in customer case. |
| X |
|
|
CRED-12107 | Improved translation cache The cashing mechanism for translation of configuration items has been improved, to shorten response time when pages are loaded in the Identity Manager applications. |
| X |
|
|
CRED-12199 | Obsolete Log4j v1 library removed Obsolete Log4j v1 library has been removed. |
| X |
|
|
CRED-12219 | Revised web.xml configs To improve the standard hardening of the Identity Manager applications, the default servlet configuration, http filtering, etc. have been reviewed and cleaned up in the respective web.xml files in the standard container images. |
| X |
|
|
CRED-12354 | Introduced "create GUID" service task There is a new service task in Identity Manager that can create random GUIDs, which can be used for any purpose in the customer projects. See "Generate Random GUID into Data Map Field" in Miscellaneous standard service tasks in Identity Manager. |
| X |
|
|
CRED-12562 | Support for Certificate Manager 8.5 Identity Manager now supports the latest version of Certificate Manager: 8.5. |
| X |
|
|
CRED-12770 | Enhanced drop-down lists in search service task config When configuring a search service task in a process, the available search configurations in the drop-down list were displayed only with the translated name, which is not necessarily unique in the system. Therefore it might be difficult to differentiate the search configurations. For that reason, the (unique) symbolic name was added as well to the drop-down list. |
| X |
|
|
CRED-12792 | Updated logos The Identity Manager Operator, Identity Manager Admin and Self-Service components in Smart ID 22.04 now show the new Nexus IN Groupe logo. |
| X |
|
|
DEVOPS-1328 | Extended "Load Entity" service task The (already existing) standard service task "Process: Load Entity" has been updated. The task can now also refer to data of the authenticated user (via the ${user.*} attributes). Also, the data pool files that will be loaded can be limited, target name in the process map can be influenced, and assigned roles can be loaded as well. Read more in "Process: Load Entity" in Process - Standard service tasks in Identity Manager. |
| X |
|
|
DEVOPS-1352 | "Drop Relations" task improved The (already existing) standard service task "Core Objects: Drop Relations" got an additional parameter to easily drop all existing relations to a certain data pool. See "Core Objects: Drop Relations" in Core Objects - Standard service tasks in Identity Manager. |
| X |
|
|
DA-682 | Change and reset password functionality added for OpenLDAP Added feature to be able to change and reset the OpenLDAP password for a user. This will work if the 'Active Directory Change password' is enabled in the license along with the 'Password Reset' feature. The user can now change or reset their OpenLDAP password if the feature is enabled. The system property 'com.portwise.authentication.openldap.dn' is added in customize.conf with a default value of 'dc'. Change the value if required, based on your domain component. | X |
|
|
|
DA-750 | Support of animated QR codes for Bank ID v5.1 Added support of animated QR codes for Bank ID v5.1. Digital Access 6.2.0 or above implements Bank ID API v5.1 and will not support Bank ID v5.0 APIs after upgrading to any version above 6.2.0. See Swedish national eID - BankID and Mobile BankID for more information. | X |
|
|
|
IDC-1910 | Migration of PACS connectors to .net 6 framework Migrated all PACS connectors to .net 6 framework. |
|
| X |
|
Corrected bugs
Jira ticket no | Description | Digital Access | Identity Manager & Self-Service | Physical Access | Messaging |
|---|
CRED-5981 | There was a multi-user issue when downloading the Identity Manager configuration on two clients at the same time. This has been fixed. |
| X |
|
|
CRED-8072 | Fixed handling of static multi-line texts in user forms. |
| X |
|
|
CRED-8657 | Previously it was necessary to set two parameters in system.properties to deactivate the quartz scheduler. This has been changed. Now it is enough to set "quartzScheduler.enable=false". See List of Identity Manager system properties. |
| X |
|
|
CRED-9567 | The service task to fetch Nexus GO order status did not handle BPMN error boundary events. This has been fixed so that the boundary events are working as well. |
| X |
|
|
CRED-10052 | The assignee of an open task was not shown for some authentication types (for example LDAP), in the process list of the core object details view. This has been fixed. The user is now visible for all authentication types. |
| X |
|
|
CRED-10053 | There was an issue where the process start date was not displayed in the open task list of the core object details view. This has been fixed. |
| X |
|
|
CRED-10119 | When running Self-Service on small screens (for example a mobile phone), it was not possible to minimize the menu when having long texts in the menu. The user experience has now been improved and corrected for small devices as well. |
| X |
|
|
CRED-10344 | There was an issue where an exception was thrown when an "Action" was selected before selecting a Search Config, in the BatchSync configuration. This has been fixed. |
| X |
|
|
CRED-10492 | There was an issue when using the "delete" button in the core object details view, where the corresponding process behind the button did not load the core object data into the process list. This has been fixed. |
| X |
|
|
CRED-10577 | Fixed usage of "*" wildcards in search filters. |
| X |
|
|
CRED-10669 | There was an issue where the "Extended Search" in Identity Manager Operator did not fill up the whole result grid in some cases and left some rows empty. This has been fixed. Now all available rows are used for the search results. |
| X |
|
|
CRED-11013 | There was an issue where the "execute search" task did not return a correct CoreObjectDescriptorList to the process map in some cases. This has been fixed. |
| X |
|
|
CRED-11319 | There was an issue where the BPMN-history cleaner missed some records, such as orphan sub-processes. This has been fixed. |
| X |
|
|
CRED-11417 | There was an issue when closing a user form with an expired timer-boundary event, where an unclear error message was thrown. The error handling has been improved so that the user gets a clear message that the task has been closed in the background. |
| X |
|
|
CRED-11810 | Fixed multi-level search with filter values for batch orders. |
| X |
|
|
CRED-11927 | There was an issue in Self-Service, when using filters in form-based searches, where the "OR" command in the filter was ignored. This has been fixed. |
| X |
|
|
CRED-11961 | Fixed icon display of "help" links in Identity Manager Operator. |
| X |
|
|
CRED-11995 | When pushing certificates from Certificate Manager to Identity Manager via distribution rule, while Maintenance mode was activated, an unexpected error was thrown. The error handling has been extended and a correct (HTTP 403) error code is returned. |
| X |
|
|
CRED-12072 | Fixed setting initialization values from number ranges in Self-Service user forms. |
| X |
|
|
CRED-12197 | The behavior of searches on Boolean values in "additional data pool fields" was not consistent when fields were empty. This has been fixed. |
| X |
|
|
CRED-12223 | When using predefined read-only filter values in search forms in Self-Service, the filter values were editable. This has been fixed so that the corresponding values appear read-only. |
| X |
|
|
CRED-12253 | There was an issue where forcing block PIN after smart card encoding only worked for card profiles that allow 4-digit PINs. This has been fixed so that cards with any PIN length can be blocked right after the encoding. |
| X |
|
|
CRED-12254 | Fixed translation of symbolic names, (for example template names), in search result lists. Now translated texts are shown. |
| X |
|
|
CRED-12367 | There was an issue where Self-Service user forms did not respect the mandatory flag when a field had a drop-down list. This has been fixed so that user entry is also enforced for fields with drop-down lists. |
| X |
|
|
CRED-12423 | When using a pre-configured search filter on "meta-fields" (such as status or core template), the search execution could throw an exception. This has been fixed. |
| X |
|
|
CRED-12485 | There was an issue where loading data of the authenticated user in a post-login process, returned data of the technical pre-authentication user instead of the real user. This has been fixed. The correct user data is now returned. |
| X |
|
|
CRED-12514 | Improved response time when opening Core Template Dialogs (Cards, Identities, Certificates etc.) in Identity Manager Admin. |
| X |
|
|
CRED-12797 | Fixed an issue in the object history signing and verification job. |
| X |
|
|
DA-816 | Removed the "Download as pdf" option in Reports to remove iText vulnerable version dependency. | X |
|
|
|
IDC-2010 | There was an issue in RCO M5 Admin API PACS system where some optional user fields from RCOM5 were not mapped in userfieldmappings. This has been fixed. |
|
| X |
|
IDC-2011 | There was an issue in Sipass PACS system where the user validity was not mapped to Physical Access database fields when the user was exported. It was using default values instead. This has been fixed so that the user validity is mapped if present. If not present, the system will use the default validity. |
|
| X |
|
IDC-2013 | In RCO M5 PACS system, the ssn field is made optional. The user can now decide to only map the ssn if required using userfieldmappings. |
|
| X |
|
PMOB-3462 | Updated Spring Boot to ensure that it is not affected by the Spring4Shell vulnerability. See also Spring4Shell Vulnerability. |
|
|
| X |
Release announcement
From this release, only Docker deployment is supported for the Smart ID components Identity Manager, Physical Access, Digital Access and Messaging. For full instructions, see Deploy Smart ID.
From Smart ID 20.11 and on, components now only have the Smart ID version number and not the different component version numbers. For information on previous releases, see Nexus Documentation Archive.
For details on the updated Smart ID configurations and deployment configurations, see here:
Smart ID configuration release note
Smart ID deployment configuration release note
CODE
All notable changes to this project will be documented in this file. Be aware that the [Unreleased] features are not yet available in the official tagged builds.
## [Release 23.10.2-2023-10-27]
### Added
### Changed
- Modified permissions of the 'certs' directory in init-smartid.sh to 755 (to allow Hermod to read the directory). [CRED-16526]
- Updated Prime Connectors version. [CRED-16153]
## [Release 23.04.9-2023-10-31]
### Added
### Changed
- Modified permissions of the 'certs' directory in init-smartid.sh to 755 (to allow Hermod to read the directory). [CRED-16526]
## [Release 23.04.7-2023-08-28]
### Added
- Added missing attestation key config to signencrypt.xml (fixes VSC). [CRED-16128]
## [Release 23.04.5-2023-07-17]
### Added
- Added a readme-wsl-dev.txt how to setup SmartID Docker containers in a WSL environment. [CRED-15948]
- Added environment variable to docker-compose.yml of authentication service.
### Changed
- Restored environment references for Digital Access and Physical Access containers [CRED-15915]
## [Release 23.04.4-2023-06-30]
### Added
- Added restart-all.sh for easy stopping and starting of all containers or a subset of them. [CRED-15854]
### Changed
- The variable DOCKER_NETWORK_MTU has the default value 1500 now. You are not forced to choose between several options. [CRED-15854]
- When executing init-smartid.sh a message informs you about the current MTU value and when it is recommended to reduce it. [CRED-15854]
- The names of most of the docker containers start with "smartid-" by default. This prefix can be changed now via variable DOCKER_CONTAINER_BASE_NAME in file smartid.env. [CRED-15854]
- The hostname of the postgresql container now has the DOCKER_CONTAINER_BASE_NAME prefix as well.
## [Release 23.04.3-2023-06-23]
### Added
- Added AriadNext Connector Docker image. [CRED-14963]
- Added file .gitattributes to make \*.sh and \*.env files always containing only LF instead of any CRLF. Fixed file datadog.env accordingly. [CRED-15795]
### Changed
- Escaped the ESC character (0x1B) in echo statements of shell scripts to avoid problems with Azure file preview and git diff output. [CRED-15795]
## [Release 23.04.2-2023-06-02]
### Added
### Changed
## [Release 23.04.1-2023-05-11]
### Added
- Added init-smartid.env to configure the docker network MTU. [CRED-14088 via CRED-15316]
- Added helperFunctions.sh and helperCreateLink.sh to be used by init-smartid.sh. [CRED-14088 via CRED-15316]
### Changed
- Replace deprecated docker network syntax in docker-compose.yml files. [CRED-14088 via CRED-15316]
- init-smartid.sh / stop-smartid.sh detect if docker needs sudo. [CRED-14088 via CRED-15316]
- init-smartid.sh now optionally removes files created by previous runs (postgres db, bootstrapped certs, etc). [CRED-14088 via CRED-15316]
- No explicit setting of env_file in docker-compose.yml files. [CRED-14088 via CRED-15316]
- Messaging database is now configured via MESSAGING_DB_URL var. [CRED-14088 via CRED-15316]
- stop-smartid.sh now uses the compose command "down" instead of "stop", which also removes the containers after shutting them down. [CRED-14088 via CRED-15316]
## [Release 23.04.0-2023-04-28]
### Added
- Added Workspace One Connector Docker image. [CRED-14215]
### Changed
## [Release 22.10.8-2023-11-27]
### Added
### Changed
- Modified permissions of the 'certs' directory in init-smartid.sh to 755 (to allow Hermod to read the directory). [CRED-16526]
## [Release 22.10.0-2022-09-20]
### Added
- Added ContentProviderJWSSigner descriptor in signencrypt.xml. [CRED-12232]
- Added renewFromKeypairs.sh to renew end-entity certs.
WARNING:
- This only works if you (re-)bootstrap with the updated createca.sh, as the old version discarded data required for renewal.
- Re-bootstrapping will invalidate any encrypted secrets and history signatures in IDM due to chaning the keys.
- Re-bootstrapping will also overwrite the certificates and keys in the docker deployment folder, so make a backup first,
so you can use the respective tools for re-signing and re-encrypting existing history/secrets.
### Changed
- automatically (re-)start mailhog
- fixed naming of traefik rules for mobile-iron
- Changed createca.sh to retain keypairs and CA metadata, so we can enable renewal (see above).
- Removed cRLSign attribute from ca.conf to avoid issues with failing CRL checks.
NOTE: This only has an effect on newly bootstrapped CAs.
## [Release 22.04.0-2022-05-05]
### Added
- Added Mobile Iron Docker image. [CRED-11817]
- Added new properties for MI image in smartid.env. [CRED-11817]
### Changed
- Changed properties for Nexus GO Cards API V2. [CRED-12951]
## [Release 21.10.0-2021-11-09]
### Added
- Added Digicert Global Root CA certificate. [CRED-11688]
- Added some Let's Encrypt root certificates. [DEVOPS-971]
- Added documentation for maxProfiles option to hermod-conf.yml
- Added `.yamllint` file to set default YAML linting config. [DEVOPS-1085]
- Added volume mapping for logs folder in IDM and Self Service. [DEVOPS-403]
- Fixed cacerts folder permissions in init-smartid.sh script.
- Added support for docker compose v2 command in init-smartid.sh script.
### Changed
- New properties for CAAS credentials in smartid.env (placeholders must be replaced before using Nexus GO Cards). [CRED-11688]
- Fixed some copy issues in the init-smartid.sh script.
- Changed the default selfservice config to include auth methods params example.
- It is now possible to change IDM language settings via system properties. [DEVOPS-860]
- It is now possible to change Self-Service configuration via `CONFIG_JSON` environment variable. [DEVOPS-945]
- Fixed typo. [DEVOPS-1090]
- Replaced Self-Service `IDM_URL`, `INSTANCE_ID`, `IDM_TENANT` by `APPLICATION_YAML` json. [DEVOPS-1127]
- Set logging driver to json-file (the default one) for all containers explicitly [DEVOPS-1136]
- Fixed YAML format. [DEVOPS-1085]
- IDM and SelfService now support custom translations and do not require mapping the whole translation files again. See doc for more info. [DEVOPS-1118]
- Change Import Logger to correct class [DEVOPS-1143]
- Switched to new image naming for IDM
- `nexus-prime/explorer` changed to `smartid/identitymanager/operator`
- `nexus-prime/designer` changed to `smartid/identitymanager/admin`
- `nexus-prime/tenant` changed to `smartid/identitymanager/tenant`
- `nexus-prime/updatedb` changed to `smartid/identitymanager/updatedb`
- `nexus-prime/ussp2` changed to `smartid/selfservice`
- Changed Smart ID version to 21.10.0
### Removed
- Removed Self-Service config.json file. [DEVOPS-945]
- Removed expired Let's Encrypt certificates. [DEVOPS-971]
- Removed translation files for IDM and SelfService. [DEVOPS-1118]
## [Release 21.04.0-2021-05-20]
### Added
- Default values for Selfservice tenant id and instance id. [DEVOPS-738]
- Added example format for MSSQL everywhere we build the DB URL (`${DBHOST}/${XX_DB_NAME}`) because MSSQL requires a different URL format. [DEVOPS-737]
- Include SANs from CSR in bootstrap TLS cert in `bootstrap/conf/ca.conf`.
- Generate tls certificate for non-treafik setup in `bootstrap/createca.sh`.
- Log4j2 config and template for json layout [DEVOPS-758]
- Datadog agent compose file, with some examples, see nexus and datadog documentation if you want to use it [DEVOPS-759]
- Added a check in `init-smartid.sh` that exits the script if user didn't fill the mandatory properties in `smartid.env` (thoose with <XX> value pattern). [DEVOPS-759]
- Added Physical Access Interflex PACS. [DEVOPS-752]
### Changed
- IDM DB will no longer be initialized through init-smartid.sh script. Initialisation has to be done manually by starting container in identitymanager/updatedb. [DEVOPS-739]
- Rename containers to use dash instead of underscore, so containerName can work for DNS lookup (underscore is not allowed in DNS names).
WARNING! This can cause issues if you use the new config with existing containers using the old names!
- Align idm update db naming to use the name "updatedb" everywhere
WARNING! This can cause issues if you use the new config with existing containers using the old names!
- Align digital access directory names with service names
- fix bootstrap cert folder permissions in init script
- Changed all HERMOD*\* properties to MESSAGING*\*. [DEVOPS-751]
- Moved each component's respective config into their own config folder. [DEVOPS-751]
- Made all volume mappings static in compose file, no more properties. [DEVOPS-751]
- Reorganized smartid.env to be split by component, making it easier to find component related properties. [DEVOPS-751]
- Internal ports (inside docker) are now static in the compose file. [DEVOPS-751]
- Moved postgres related properties outside smartid.env, because it is a separate tool not meant for production. [DEVOPS-751]
- Renamed service names in compose files to match their container name. [DEVOPS-751]
- Changed traefik version to 2.4.8. [DEVOPS-638]
- Changed file extension of generated certificates from `.base64` to `.cer`.
- Updated translation files for IDM. [DEVOPS-761]
- Updated Messaging config for 21.04 (Hermod version 3.1.1). [DEVOPS-802]
- Changed chmod command to give permission 700 instead of 600, because hermod needs execute permission.
- Updated SmartID version to 21.04
### Fixed
- Fixed typos in the strings that are echoed to the user during the initialisation. [DEVOPS-646]
### Removed
- Removed unused properties in smartid.env. [DEVOPS-751]
- Removed unused ports for Physical Access. [DEVOPS-752]
- Removed Physical Access config files. Configuration is now handled using environment variables. [DEVOPS-752]
- Removed TZ from all docker-compose files. Since it is set in `smartid.env` which is mapped using `env_file`, declaring the variable a second time in `env` was not necessary.
## [Release 20.11.2-2021-03-23]
### Added
- If you say Yes to the question if Digital Access shall be deployed in the host, it will make it possible for the containers to listen on 80 and 443. [DEVOPS-540]
### Changed
- Bump SmartID version to 20.11.2
- Updated IDM translation files with newer ones. [DEVOPS-561]
- Adjust volumes for hermod certificates. [DEVOPS-651]
- Removed Selfservice hotfixes introduced in previous release. [DEVOPS-626]
### Fixed
- Fixed tenant startup by removing mapped sign encrypt configuration, so it uses the default one from inside the container. Since IDM Tenant uses less certificates, the same config as IDM operator or admin cannot be used.[DEVOPS-640]
- Fixed the copy_files.sh script used in IDM operator, admin and tenant [DEVOPS-692] + [DEVOPS-656]
## [Release 20.11.1-2021-02-18]
### Added
- Added issuing and root CA certificates to IDM containers for config signing (These certs should NEVER be used for production). [DEVOPS-549]
- Added hotfix for SelfService -> IDM connection [DEVOPS-626] Has to be removed with 20.11.2+
### Changed
- Update sign-encrypt engine to the newest state. [DEVOPS-549]
- Update version number to 20.11.1
## [Release 20.11.0-2021-02-01]
### Added
- Added mailhog as tool in /tools/mailhog. The tool can be used to test to send emails in Digital Access and Identity Manager. [DEVOPS-482]
### Changed
- Set false on traefik network in the traefik, adminer and mailhog to be enabled in traefik by default. [DEVOPS-486]
- Changed file extension of generated certificates from `.crt` to `.base64`
- Changed so that identity manager Admin and Operator do not require signed configurations/modules for uploading and downloading them by default. [DEVOPS-515]
### Fixed
- Fix environment variable usage inside traefik config file. [DEVOPS-514]
## [Release 20.11.0-2020-12-22]
### Added
- Added support for selfservice branding. [DEVOPS-471]
- Added log4j volume mapping for idm containers. [DEVOPS-470]
### Changed
- Updated traefik version to 2.3.4 [DEVOPS-464]
- Renamed selfservice container from "idm_selfservice" to "selfservice".
- Renamed all environment variables starting with "IDM_SELFSERVICE_x" to "SELFSERVICE_x".
- Changed Hermod config to disable by default some end-points and to hide sensitive data in logs. [DEVOPS-484]
- Improved the `stop-smartid.sh` script to handle dynamically all docker-compose stop commands and to work regardless of where the script is called from.
- Improved the `init-smartid.sh` script to work regardless of where the script is called from.
- Improved the `createca.sh` script to work regardless of where the script is called from.
- Renamed `idm-selfservice-language.json` to `idm-selfservice-config.json`.
### Fixed
- Fixed volume mapping for selfservice tomcat server.xml by using a separate variable than identitymanager.
- Fixed French translations for IDM and Selfservice.
## [Release 20.11.0-2020-12-07]
### Added
- Added `postgres/init/init-smartid-databases.sql` so that Physical Access database is created when starting up postgres. The "pauser" is created, and a default password is set.
- Added LE CA Certificate to cacerts. [DEVOPS-455]
- Added AJP port variables in smartid.env and use them in identitymanager docker-compose files. Also added AJP Connector in `config/idm-tomcat-server.xml`, which has to be enabled manually (and port set accordingly). [DEVOPS-348]
- Add following new features to the identitymanager docker-compose files: [DEVOPS-406]
- Support for new CA store volume mapping
- Support for new system properties environment variable
- Support for new DB properties environment variables
- Support for new spring bean volume mapping. See `IDM_VOLUME_PATH_SPRING` in `smartid.env`.
- Support for new jars volume mapping. See `IDM_VOLUME_PATH_LIBS` in `smartid.env`.
- Support for new class files volume mapping. See `IDM_VOLUME_PATH_CLASSES` in `smartid.env`.
- Add following new features to the selfservice docker-compose file: [DEVOPS-406]
- Support for new CA store volume mapping
- Support for new IDM url environment variable
- Added adminer as tool [DEVOPS-407]
- Added maxVersion for TLS to be 1.2 due to compatibility issues with some mobile devices. [DEVOPS-413]
### Changed
- Changed smartid version to 20.11.0.
- Moved "/certs/boostrap" to "/boostrap".
- Changed postgres version in smartid.env from 9.6.18 to 12.5. [DEVOPS-431]
- Split identity manager containers into their own docker-compose files: [DEVOPS-382]
- Added `identitymanager/admin/docker-compose.yml`
- Added `identitymanager/tenant/docker-compose.yml`
- Added `identitymanager/init-db/docker-compose.yml`
- Added `identitymanager/operator/docker-compose.yml`
- Adapted `init-/stop-smartid.sh`, and paths inside `smartid.env` and some docker-compose files to fit new docker-compose yaml files. [DEVOPS-382]
- Change the ini-smartid.sh script to ask if traefik is going to be used as Ingress/proxy. [DEVOPS-408]
- Changed in `config/hermod-conf.yml` some values to <IDM-HOST-HERE> and <DA-HOST-HERE> on client samples.
### Removed
- Removed MSSQL from deployment package, since Physical Access now support postgres. [DEVOPS-448]
- Removed unnecessary variables in `smartid.env`.
- Removed identitymanager compose docker-compose file. [DEVOPS-382]
- Removed entrypoint definition from identitymanager docker-compose files. [DEVOPS-406]
- Removed pgAdmin and portainer and its variables from smartid.env. [DEVOPS-407]
- Removed modern and old options for tls in `config/traefik/traefik-tls.yml`. [DEVOPS-413]
- Removed TRAEFIK_TLS_OPTION from smartid.env. [DEVOPS-413]
- Removed identitymanager spring beans because we changed how handle them.
- Removed samples.
## [Release 20.06.1-2020-10-27]
### Added
- Added port forwarding to hermod container in the messaging docker-compose file.
- Added spring bean files for identitymanager in `config/idm/spring_operation` and spring_admin.
- Added translation files for identitymanager in `config/idm/translation_id`m and for selfservice in `config/idm/translation_selfservice`.
- It is now possible to enable Strict SNI using TRAEFIK_TLS_STRICTSNI=true
### Changed
- changed smartid version to 20.06.1.
- Changed HERMOD_DOMAIN_PREFIX from "mb" to "messaging".
- Changed the DB init/update script behavior, can be controlled with `IDM_DBUPDATE_SCRIPT` in smartid.env.
- Changed `traefik-tls.toml` file to YAML and used variables from .env file. Possibility to change TLS certificate file names TRAEFIK_TLS_DEFAULT_CERTIFICATE and TRAEFIK_TLS_DEFAULT_CERTIFICATEKEY.
- Improved the `init-smartid.sh` script.
- Moved seflservice to a separate docker-compose file.
### Fixed
- Fixed the jdbc url for `config/da-admin-customize.conf`.
### Removed
- Dropped `restart: always` for identittymanager init-db.
- Removed explicit DBHOST naming in `smartid.env` to force user to set its own value.
## [Release 20.06.0-2020-09-28]
### Added
- Added possibility to add custom-beans for IDM Operator and Admin, in `config/idm`.
- Added possibility to change translation for IDM Operator, Admin, Selfservice and Tenant.
- Added IDM_DB_QUARTZ example for MSSQL, Oracle and DB2.
- Added `container_name` for all containers in:
- identitymanager/docker-compose.yml
- traefik/docker-compose.yml
- Added docker hostname for postgresdb DB_HOST in `postgres/docker-compose.yml`, this will make test deployment work from start.
- Added docker hostname for mssqldb PA_DB_HOST in `mssql/docker-compose.yml`.
- Added `restart: always` to all containers. All containers will the start up after re-boot, if they have been started once before.
- Included SAML example files for IDM in `/samples/idm_saml`.
### Changed
- Changed smartid version to 20.06.0.
- Changed explorer/operator url in `idm-selfservice-application.yml`.
- Changed location of Identity Manager SAML samples files from `/docker/compose/examples` to `/samples/idm_saml`.
- Updated `init-smartid.sh`:
- Now check if docker and docker-compose are installed, if not the script will exit.
- Now asks if the deployment is a production deployment, if "Yes", the script will complete and deployment configuration can be done. If "No":
- Ask if postgres and/or mssql shall be deployed and started.
### Fixed
- Moved comments in `smartid.env` file to be on a separate line instead of behind the value. This was breaking the applications since comments would be evaluated as part of the value.
- Fixed `init-smartid.sh` so that it works properly on CentOS.
- Fixed a typo for variable `IDM_DB_QUARTZ`.
- Fixed typo in idm-operator container in `identitymanager/docker-compose.yml`, in the path to the castore.jks.
## Removed
- Removed `init-smartid-test.sh`, it is included in init-smartid.sh.
For information regarding support, training and other services in your area, please visit our website at www.nexusgroup.com/.
Support
Nexus offers maintenance and support services for Smart ID components to customers and partners. For more information, please refer to the Nexus Technical Support at www.nexusgroup.com/support/, or contact your local sales representative.
