Release note Digital Access component 6.0
Version: 6.0
Release Date: 2020-07-08
Introduction
Smart ID Digital Access component 6.0 has been released today.
Important notes on this release
- Hybrid Access Gateway is now called Smart ID Digital Access and is deployed with Docker containers.
- Before upgrading from 5.13.x to 6.0.0, you must extend the disk size to accommodate changes. Refer to the steps in this article: 6.0 - Release note Digital Access component 6.0
- All Java services uses OpenJDK 11. With OpenJDK 11, full certificate chain is needed for TLS connection.
- HSM will not work after upgrade to Docker appliance.
Main new features
Docker deployment
From now on, Digital Access component is deployed with Docker containers. See Deploy Digital Access component.
Extended OpenID Connect support
Digital Access component can now act as OpenID provider within an OpenID Connect federation. Read more here: OpenID Connect federation in Digital Access component.
New frontend design
The frontend design of the authentication methods and self-service features has been updated. The style sheets were simplified and reduced.
Detailed feature list
Features
Jira ticket no | Description |
---|---|
HAG-806 | Switch to Docker Deployment From now on, Digital Access component is deployed with Docker containers. For each service, a Docker image was created. The virtual appliance, that is shipped from now on works as Docker host, running all services inside it. The switch to the Docker deployment enables many new use cases and advantages for Digital Access component in the future. To learn more about what has changed, go here: Deploy Digital Access component. |
HAG-866 | Load balancing between Policy service and Authentication service When running in High Availability, Digital Access component now supports load balancing between the Policy service and the Authentication service. The RADIUS calls between the two services are now distributed. If one service doesn't answer the request, the next service will be called. Several calls related to challenge/response will be send to the same service. |
HAG-977 | OpenID Connect support for being OpenID provider Digital Access component can now act as OpenID provider within an OpenID Connect federation. Based on the already existing OAuth 2.0 technology, Digital Access component extended its functionality of OpenID Connect. Support for Authorization Code, Implicit and Hybrid flow are provided. Endpoints and Discovery Service are available through the Access Point. With one Digital Access component instance, several OpenID Connect clients can be configured. Each client can have its own set of scopes. Combined with other federated protocols, such as SAML, Digital Access component now offers a strong feature set to act as a Federation proxy for many services and authentication use cases. Read more here: OpenID Connect federation in Digital Access component. |
HAG-1238 | Improved Freja eID logging The logging around successful or failed Freja eID authentication has been improved. |
HAG-1317 | Custom self-service links It's now possible to customize the text of the self-service links. This includes the "Forgot PIN" and "New Device" links. The text of these links can be changed in the self-service section of the administration interface. |
HAG-1429 | Short URL service for SMS provisioning When provisioning new profiles of Smart ID Mobile App or OATH over an SMS message, in many cases the provisioning URL exceeds the maximum character count for SMS. Digital Access component is now able to replace the URLs with a short version that will be translated back to the original URL when it gets opened. Read more here: Set up email or sms notification channel in Digital Access under heading "Use short URL". |
HAG-1476 | Custom app scheme for OATH provisioning It is now possible to change the app scheme used for OATH provisioning over emails. This was already possible for SMS provisioning and was now added for emails as well. |
HAG-1493 | Improved handling of Smart ID Messaging The handling of the Smart ID Messaging service was improved inside Digital Access component. These improvements cover things like logging, provisioning and lifecycle management of Smart ID Mobile App profiles. |
HAG-1621 | Updated Base Image Appliance Base Image is updated to Ubuntu 20.04 with kernel version 5.4.0-40-generic |
HAG-1826 | Updated Ericom license The included Ericom license expired 1st of January 2020 and has now been updated. |
HAG-1853 | SameSite Cookie Directive change Major browser vendors announced improved cookie security and handling. Cookies without valid SameSite configuration will be blocked. From now on, Digital Access component produces cookies with a valid configuration. Older browsers could not be sent the new directive due to bugs and the fact that the unimplemented feature sometimes breaks current functionality. This has been resolved with a configuration file placed on the Access Point which will identify the problematic browsers and act accordingly in these cases. The fact that this is a configurable file makes it possible to adapt to future discoveries of the same sort without needing to replace the binaries again. |
HAG-1915 | Updated VM version VM version for ova is updated to 13 (ESXi 6.5) |
HAG-1991 | New frontend design for list of authentication methods and self-service The frontend design of the authentication methods and self-service features has been updated. The style sheets were simplified and reduced. Selectors within the style sheet has not been renamed. Some have been added. A few HTML pages had to be corrected. In some cases it could happen that customer branding look a bit different after the update than before. This can easily be solved by adapting to the new style sheets or overwriting the HTML pages. |
HAG-2096 | Updated VMware & Hyper-V integration tools VMware & Hyper-V integration tools are updated for Ubuntu 20.04 |
HAG-2130 | Extended disk space Appliance primary disk space is extended to 16 GB. |
Corrected bugs
Jira ticket no | Description |
---|---|
HAG-602 | Issue when using "Member of user group" access rule and moving the group in the Active Directory. |
HAG-788 | Restart all services from bash menu (v-apps) enables locally disabled services. |
HAG-1218 | Database does not get transferred if problems happen during upgrade. |
HAG-1281 | Multiple AuthnStatement in assertion break SAML compliance. |
HAG-1304 | Freja eID requires user attribute even if "Allow unknown user" is enabled. |
HAG-1486 | Access group rule for IBM Tivoli Directory Service doesn't handle multiple groups with the same name. |
HAG-1518 | NTP functionality incorrect. |
HAG-1547 | Signing description is not send with Personal Mobile. |
HAG-1558 | Encrypted SAML sign message cannot be extracted without correct namespace prefix. |
HAG-1589 | OCRA Configuration not getting updated. |
HAG-1590 | SAML resource (Unsolicited Response) is not working properly. |
HAG-1764 | In the last version of Digital Access component, several vulnerabilities have been removed. |
HAG-1810 | Multiple "Allow unknown users" rows in configuration for SAML federation. |
HAG-1850 | Certificate login with some Certificate Authorities gives errors. |
HAG-1975 | The NTP service has been replaced in recent Ubuntu versions. |
HAG-2006 | Swedish BankID app doesn't start automatically when using same device authentication on iOS. |
Release announcement
For upgrading, see heading "Additional steps for a specific version" in Upgrade Digital Access component from 6.0.2 to 6.0.3.
End of Sales statement
Refer to Supported versions of Digital Access component.
End of Life statement
Refer to Supported versions of Digital Access component.
Contact
Contact Information
For information regarding support, training and other services in your area, please visit our website at www.nexusgroup.com/.
Support
Nexus offers maintenance and support services for Digital Access component to customers and partners. For more information, please refer to the Nexus Technical Support at www.nexusgroup.com/support/, or contact your local sales representative.