Page tree
Skip to end of metadata
Go to start of metadata

These are the news for Nexus Hybrid Access Gateway.

2019-09-05

Nexus Hybrid Access Gateway 5.13.3 has been released today. Read more in the release note.

Main new feature in this release:

  • Configure Hybrid Access Gateway via Administration Web Service

Hybrid Access Gateway now offers REST-based web services that allow the configuration of certain object types without using the administration interface.

2019-04-23

Nexus is proud to announce the availability of Nexus Hybrid Access Gateway 5.13.2. Click here for release note.

Main new features in this release:

  • Support for signing during SAML authentication

If the SAML request contains a SignMessage element, Hybrid Access Gateway forwards the contained message to the signing interface of Swedish BankID as well as Nexus Personal Mobile and Nexus Personal Desktop. The same message can also be shown in the browser by changing the authentication method template.

Hybrid Access Gateway displays all authentication methods that are configured for the corresponding AuthContext.

  • Prevent username change during step-up authentication

When a user authenticates with an additional method, username change can be prevented. This property is set to 'true' by default. During authentication, the user id of the linked user is compared to the one in the existing session. If they are not the same, the authentication is declined.

2019-02-01

Nexus is proud to announce the availability of Nexus Hybrid Access Gateway 5.13.1. Click here for release note.

Main new features in this release:

  • It is now possible to login to Swedish BankID using a QR code. This featured function is optional. 
  • The Ubuntu base image of the virtual appliance was updated from version 14.04 to version 18.04. This update includes many fixes of vulnerabilities related to the previous operating system version. See also Hardening of the Hybrid Access Gateway appliance. Since the virtualization tools are no longer included in the Ubuntu base image then the appliance now requires internet access to install them.


For customers who use Personal Mobile

Customers who use Nexus Personal Mobile need to do the following before upgrading to Hybrid Access Gateway 5.13 from a version before 5.12, to continue with Personal Mobile registration, authentication, and signing:

  • Deploy Hermod in their own environment and migrate existing Personal Mobile profiles from Hybrid Access Gateway to Hermod Messaging Server.

OR

  • Use the cloud service of Nexus, Nexus GO Messaging. In this case it is also possible to migrate existing Personal Mobile profiles from Hybrid Access Gateway.

For instructions, see Migrate Personal Mobile Profiles from Hybrid Access Gateway to Personal Messaging.pdf

Contact Nexus for support.

2018-11-16

Nexus is proud to announce the availability of Nexus Hybrid Access Gateway 5.13. Click here for release note.

Main new features in this release:

  • OpenID Connect is now supported by Hybrid Access Gateway
    The federation technology OpenID Connect can now be used as an authentication method in Nexus Hybrid Access Gateway. This means that Hybrid Access Gateway can be connected to external Identity Providers (IdPs) that support OpenID Connect, for example Google, Norwegian BankID and Verimi.
  • Added support for Oracle database
    The new version of Hybrid Access Gateway has support for Oracle database to be used as external database.

    Due to required changes on a database level a dialect must be added if using an external report database before upgrading to the new version. Without the dialect entry, the connection to the reporting database will fail unless the entry was entered and the administration service was restarted. For further information, see Change report database for Hybrid Access Gateway.

  • Direct integration of Nexus Personal Desktop
    Secure login is now even more convenient in Hybrid Access Gateway, with added smart card support via Nexus Personal Desktop, which is useful, for example, to make digital signatures in Nexus GO Signing.

  • Improved hardening of appliance
    With Hybrid Access Gateway 5.13 the hardening index of the appliance was improved to be even more secure. The overall hardening score (based on Lynis) was increased to 74.

    To improve the hardening index of Hybrid Access Gateway, an SSH configuration parameter (MaxAuthTries) was introduced with Hybrid Access Gateway version 5.13.0. This configuration parameter limits the maximal authentication attempts to the amount of two. This change can affect the SSH authentication, if the client has more than one private key configured that is not configured for the corresponding user in Hybrid Access Gateway. In this case, an authentication with username and password will fail. If this setting affects you, you can increase the amount of authentication attempts.

    To increase the amount of authentication attempts:

    1. Change the parameter 
      MaxAuthTries within the file /etc/ssh/sshd_config to a suitable number.

    In case of Hybrid Access Gateway upgrades, this change has to be done after the appliance has been upgraded successfully.

2018-05-07

Nexus is proud to announce the availability of Nexus Hybrid Access Gateway 5.12. Click here for release note.

Main new features in this release:

  • OATH authentication with Google Authenticator et al
    The OATH authentication method in Hybrid Access Gateway now supports software token like Google Authenticator or Microsoft Authenticator. With Personal Mobile 3.7 or higher Nexus provides its own implementation of OATH as a software token.
  • Authentication with Freja eID
    With the introduction of Freja eID, Hybrid Access Gateway now supports three different Swedish eIDs. It supports (Mobilt) BankID and Freja eID over a native interface and AB Svenska Pass over SAML.
  • Authentication with Personal Mobile certificate
    Besides raw keys Personal Mobile also supports profiles with certificates. In this case the certificates were issued by a CA such as Nexus Certificate Manager. Hybrid Access Gateway now supports authentication with these certificates without the need to know about the user and its user name.

For customers who use Personal Mobile

Customers who use Nexus Personal Mobile need to do the following before upgrading to Hybrid Access Gateway 5.12, to continue with Personal Mobile registration, authentication, and signing:

  1. Deploy Hermod in their own environment.
  2. Migrate existing Personal Mobile profiles from Hybrid Access Gateway to Hermod Messaging Server.

For instructions, see Migrate Personal Mobile Profiles from Hybrid Access Gateway to Personal Messaging.pdf.

Contact Nexus for support.

Configure TLS-enabled notification server

2018-05-03

For customers who use Hybrid Access Gateway together with Nexus Personal Mobile, it is recommended to start preparing for Hybrid Access Gateway 5.12, that is soon to be released.

For customers who use Personal Mobile

Customers who use Nexus Personal Mobile need to do the following before upgrading to Hybrid Access Gateway 5.12, to continue with Personal Mobile registration, authentication, and signing:

  1. Deploy Hermod in their own environment.
  2. Migrate existing Personal Mobile profiles from Hybrid Access Gateway to Hermod Messaging Server.

For instructions, see Migrate Personal Mobile Profiles from Hybrid Access Gateway to Personal Messaging.pdf.

Contact Nexus for support.

2018-03-21

When performing an online upgrade of Nexus Hybrid Access Gateway, certificates and signatures are used to establish a trust between Hybrid Access Gateway and the online upgrade servers. The communication is secured using https and downloaded versions are also signed and verified before the upgrade starts.

The previously used certificates expired the 7th of March 2018. If you run Hybrid Access Gateway version 5.10.x or older you must first update the certificates for trusting the upgrade server before you can perform an online upgrade of Hybrid Access Gateway. More information is found on Nexus Support Portal.

  1. Go to https://support.nexusgroup.com.
  2. Select Nexus Downloads, Nexus Hybrid Access Gateway and Updates.
  3. Instructions are found in the pdf.

2018-01-25

Nexus is proud to announce the availability of Nexus Hybrid Access Gateway 5.11.4. Click here for release notes.

Customers who are running Hybrid Access Gateway 5.11.2 need to run the following command from appliance bash and then restart administration service in order to download newer releases:
sudo chmod 755 /trust

2018-01-08

Nexus is proud to announce the availability of Nexus Hybrid Access Gateway 5.11.3. Click here for release notes.

Due to an issue, the upgrade server could not be reached with Nexus Hybrid Access Gateway 5.11.2. This has been fixed with Nexus Hybrid Access Gateway 5.11.3.

2017-12-21

Nexus is proud to announce the availability of Nexus Hybrid Access Gateway 5.11.2. Click here for release notes.

Important issues fixed in this release:

  • Nexus GO Authentication with Swedish BankID
    With the first version of the NexusGO authentication method it was not possible to map the login credential of BankID (personnel number) to an attribute of the Hybrid Access Gateway user. The user id was used by default. Therefore, the user in Hybrid Access Gateway needed to have the BankID as user id. 
    A new Extended Property "User Attribute" has been added to allow mapping to, for example, an AD attribute.

2017-10-10

Nexus is proud to announce the availability of Nexus Hybrid Access Gateway 5.11. Click here for release notes.

Main new features in this release:

  • Access Client for Mac OS
    If the portal contains a resource that requires the Access Client, a link will be displayed that leads the user to the Apple AppStore, where the Access Client for Mac OS can be downloaded.
  • Nexus GO Authentication with Swedish BankID
    With this method customers can use their Nexus GO service as a SAML Identity Provider to authenticate using Swedish (Mobile) BankID, without having to set up a contract with BankID.

Other new features are described in these articles:

2017-09-13

Nexus announce End-of-Life for legacy product PortWise Access Manager and Authentication Server (AMAS).