Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Added SHA1 note



titleUpgrade docker

Upgrade docker to a version >= 20.10.10 before you upgrade Digital Access to this or higher versions, since docker <= 20.10.9 has compatibility issues with the OpenJDK version used.


SHA1 is no longer supported from DA 6.4.0 and later for SAML.

Digital Access has now removed the support for SHA1 algorithm for signing SAML messages. All applications must use other safe and available algorithms.


Jira ticket noDescription

It is now possible to run Digital Access without databases that are not required. See Configure databases in Digital Access for more information.


Added capability for scanning QR code during self provisioning and authentication using the Smart ID Mobile App. The configuration to use QR code or username can be done in Digital Access Admin GUI under Personal mobile authentication method. 


After upgrading to Digital Access version 6.4.0 or higher, you set the Reporting database connection from Digital Access Admin. The existing configuration from customize.conf will be read and saved in RemoteConfiguration.xml after the upgrade. However, the admin service should be restarted after upgrade once. For a fresh setup, it is mandatory to set the Reporting database configuration in Digital Access Admin only.

See Configure databases in Digital Access for more information.


It is now possible to send additional custom attributes in the SAML assertion and OIDC token which can be transformed by the basic attributes added in the assertion. Note that this will only work for single valued attributes for now. Also, it needs the basic attributes to be added first for the transformed attributes consuming these to work.

Example 1: If the basic attributes include FirstName and LastName, a transformed attribute, for example GivenName, can be created which can be a concatenation of the above attributes = ${FirstName} ${LastName}

Example 2: A custom transformed attribute can also be created by concatenating the basic attribute with a static string = ${FirstName}

In case the transform attribute name and basic attribute name is same, the transformed attribute value will take precedence and will be sent in the SAML assertion even if the basic attribute has 'Include in SAML assertion' enabled.


Added Filter for SAML and OIDC attributes. This can be used to limit the number of attributes sent in the SAML assertion for multi-valued attributes. For example, 'memberOf' can be filtered to send the relevant groups the user is a member of and not exposing all the groups that the user belongs to.


The Java Bouncy Castle cryptography API library has been updated to the latest version (bcprov-jdk18on v1.76). This resolves the vulnerabilities found in the the older library. It is now possible to upload RSA private keys to Digital Access without having to encode them to PKCS#8.

As part of this, support for the RADIUS protocol PEAP has been removed. However, it is still possible to use the Authentication Service as an external RADIUS server using protocols: PAP, CHAP, MSCHAP and EAP.

Minor improvements

Jira ticket noDescription
DA-1252Upgraded Java JDK to version 17.
DA-1377Implemented subject types 'Persistent' and 'Transient' in Open ID Connect.
DA-1414Added a flag for the basic SAML and OIDC attributes - "Include in SAML assertion" and "Include in token" respectively. When enabled, the attributes will be included. This is useful when there are transformed attributes added and you do not want to send the basic attributes in the response.
DA-652Added support for persistent cookie to enable app-to-app SSO (RFC-8252). If you intend to use this feature, contract Nexus support.

Corrected bugs

Jira ticket noDescription

There was an issue where saving Global user account settings with OATH enabled gave an error. This has been fixed.


There was an issue with storing the configuration while saving a OATH database. This has been fixed.


Edit Personal desktop and User Certificate authentication methods in Digital Access Admin hides the "Certificate Authority" field if the Personal mobile authentication method has "Enable Certificate Authority" disabled.


The 'Define Source' value was missing when copying attributes for SAML-federation. This has been fixed.