Skip to main content
Skip table of contents

Release note Digital Access component 6.0

Version: 6.0

Release Date: 2020-07-08

Introduction

Smart ID Digital Access component 6.0 has been released today.

Important notes on this release

  • Hybrid Access Gateway is now called Smart ID Digital Access and is deployed with Docker containers.
  • Before upgrading from 5.13.x to 6.0.0, you must extend the disk size to accommodate changes. Refer to the steps in this article: 6.0 - Release note Digital Access component 6.0
  • All Java services uses OpenJDK 11. With OpenJDK 11, full certificate chain is needed for TLS connection.
  • HSM will not work after upgrade to Docker appliance.

Main new features

Docker deployment

From now on, Digital Access component is deployed with Docker containers. See Deploy Digital Access component.

Extended OpenID Connect support

Digital Access component can now act as OpenID provider within an OpenID Connect federation. Read more here: OpenID Connect federation in Digital Access component.

New frontend design

The frontend design of the authentication methods and self-service features has been updated. The style sheets were simplified and reduced.

Detailed feature list

Features

Jira ticket noDescription
HAG-806

Switch to Docker Deployment

From now on, Digital Access component is deployed with Docker containers. For each service, a Docker image was created.

The virtual appliance, that is shipped from now on works as Docker host, running all services inside it. The switch to the Docker deployment enables many new use cases and advantages for Digital Access component in the future.

To learn more about what has changed, go here: Deploy Digital Access component.

HAG-866

Load balancing between Policy service and Authentication service

When running in High Availability, Digital Access component now supports load balancing between the Policy service and the Authentication service. 

The RADIUS calls between the two services are now distributed. If one service doesn't answer the request, the next service will be called. Several calls related to challenge/response will be send to the same service.

HAG-977

OpenID Connect support for being OpenID provider

Digital Access component can now act as OpenID provider within an OpenID Connect federation. 

Based on the already existing OAuth 2.0 technology, Digital Access component extended its functionality of OpenID Connect. Support for Authorization Code, Implicit and Hybrid flow are provided. Endpoints and Discovery Service are available through the Access Point.

With one Digital Access component instance, several OpenID Connect clients can be configured. Each client can have its own set of scopes. 

Combined with other federated protocols, such as SAML, Digital Access component now offers a strong feature set to act as a Federation proxy for many services and authentication use cases. Read more here: OpenID Connect federation in Digital Access component.

HAG-1238

Improved Freja eID logging

The logging around successful or failed Freja eID authentication has been improved. 

HAG-1317

Custom self-service links

It's now possible to customize the text of the self-service links. This includes the "Forgot PIN" and "New Device" links. The text of these links can be changed in the self-service section of the administration interface.

HAG-1429

Short URL service for SMS provisioning

When provisioning new profiles of Smart ID Mobile App or OATH over an SMS message, in many cases the provisioning URL exceeds the maximum character count for SMS. Digital Access component is now able to replace the URLs with a short version that will be translated back to the original URL when it gets opened. Read more here: Set up email or sms notification channel in Digital Access under heading "Use short URL".

HAG-1476

Custom app scheme for OATH provisioning

It is now possible to change the app scheme used for OATH provisioning over emails. 

This was already possible for SMS provisioning and was now added for emails as well. 

HAG-1493

Improved handling of Smart ID Messaging

The handling of the Smart ID Messaging service was improved inside Digital Access component. 

These improvements cover things like logging, provisioning and lifecycle management of Smart ID Mobile App profiles. 

HAG-1621

Updated Base Image

Appliance Base Image is updated to Ubuntu 20.04 with kernel version 5.4.0-40-generic

HAG-1826

Updated Ericom license

The included Ericom license expired 1st of January 2020 and has now been updated.

HAG-1853

SameSite Cookie Directive change

Major browser vendors announced improved cookie security and handling. Cookies without valid SameSite configuration will be blocked. From now on, Digital Access component produces cookies with a valid configuration. 

Older browsers could not be sent the new directive due to bugs and the fact that the unimplemented feature sometimes breaks current functionality. This has been resolved with a configuration file placed on the Access Point which will identify the problematic browsers and act accordingly in these cases. The fact that this is a configurable file makes it possible to adapt to future discoveries of the same sort without needing to replace the binaries again.

HAG-1915

Updated VM version

VM version for ova is updated to 13 (ESXi 6.5)

HAG-1991

New frontend design for list of authentication methods and self-service

The frontend design of the authentication methods and self-service features has been updated. The style sheets were simplified and reduced. 

Selectors within the style sheet has not been renamed. Some have been added. A few HTML pages had to be corrected. In some cases it could happen that customer branding look a bit different after the update than before. This can easily be solved by adapting to the new style sheets or overwriting the HTML pages. 

HAG-2096

Updated VMware & Hyper-V integration tools

VMware & Hyper-V integration tools are updated for Ubuntu 20.04

HAG-2130

Extended disk space

Appliance primary disk space is extended to 16 GB.

Corrected bugs

Jira ticket noDescription
HAG-602

Issue when using "Member of user group" access rule and moving the group in the Active Directory.

HAG-788

Restart all services from bash menu (v-apps) enables locally disabled services.

HAG-1218

Database does not get transferred if problems happen during upgrade.

HAG-1281

Multiple AuthnStatement in assertion break SAML compliance.

HAG-1304

Freja eID requires user attribute even if "Allow unknown user" is enabled.

HAG-1486

Access group rule for IBM Tivoli Directory Service doesn't handle multiple groups with the same name.

HAG-1518

NTP functionality incorrect.

HAG-1547

Signing description is not send with Personal Mobile.

HAG-1558

Encrypted SAML sign message cannot be extracted without correct namespace prefix.

HAG-1589

OCRA Configuration not getting updated.

HAG-1590

SAML resource (Unsolicited Response) is not working properly. 

HAG-1764

In the last version of Digital Access component, several vulnerabilities have been removed. 

HAG-1810

Multiple "Allow unknown users" rows in configuration for SAML federation. 

HAG-1850

Certificate login with some Certificate Authorities gives errors. 

HAG-1975

The NTP service has been replaced in recent Ubuntu versions.

HAG-2006

Swedish BankID app doesn't start automatically when using same device authentication on iOS.

Release announcement

For upgrading, see heading "Additional steps for a specific version" in Upgrade Digital Access component from 6.0.2 to 6.0.3.

End of Sales statement

Refer to Supported versions of Digital Access component.

End of Life statement

Refer to Supported versions of Digital Access component.

Contact

Contact Information

For information regarding support, training and other services in your area, please visit our website at www.nexusgroup.com/

Support

Nexus offers maintenance and support services for Digital Access component to customers and partners. For more information, please refer to the Nexus Technical Support at www.nexusgroup.com/support/, or contact your local sales representative.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.