Skip to main content
Skip table of contents

Release note Digital Access component 6.4.0

Version: 6.4.0

Release Date: 2023-10-23


Upgrade docker

Upgrade docker to a version >= 20.10.10 before you upgrade Digital Access to this or higher versions, since docker <= 20.10.9 has compatibility issues with the OpenJDK version used.

Important!

SHA1 is no longer accepted by Digital Access for SAML signing

Digital Access as IDP will no longer accept SAML messages signed using SHA1 algorithm from DA version 6.4.0 onwards. All applications must use other safe and available algorithms.

If there are clarifications or concerns regarding the above, contact Nexus support for more information.

Features

Jira ticket no

Description

DA-1116

It is now possible to run Digital Access without databases that are not required. See Configure databases in Digital Access for more information.

DA-1324

Added capability for scanning QR code during self provisioning and authentication using the Smart ID Mobile App. The configuration to use QR code or username can be done in Digital Access Admin GUI under Personal mobile authentication method. 

There is a known issue where the QR scan will not work if there is a user ID named ‘tmp’ in the DA system. ‘tmp’ is a reserved name and should not be used in the user database to avoid this issue. 


DA-1117

After upgrading to Digital Access version 6.4.0 or higher, you set the Reporting database connection from Digital Access Admin. The existing configuration from customize.conf will be read and saved in RemoteConfiguration.xml after the upgrade. However, the admin service should be restarted after upgrade once. For a fresh setup, it is mandatory to set the Reporting database configuration in Digital Access Admin only.

See Configure databases in Digital Access for more information.

Before upgrading, make sure that the customize.conf file is present in the administration configuration files folder and that the Reporting database is configured.

DA-986

It is now possible to send additional custom attributes in the SAML assertion and OIDC token which can be transformed by the basic attributes added in the assertion. Note that this will only work for single valued attributes for now. Also, it needs the basic attributes to be added first for the transformed attributes consuming these to work.

Example 1: If the basic attributes include FirstName and LastName, a transformed attribute, for example GivenName, can be created which can be a concatenation of the above attributes = ${FirstName} ${LastName}

Example 2: A custom transformed attribute can also be created by concatenating the basic attribute with a static string = ${FirstName} .test.com

In case the transform attribute name and basic attribute name is same, the transformed attribute value will take precedence and will be sent in the SAML assertion even if the basic attribute has 'Include in SAML assertion' enabled.

DA-1255

Added Filter for SAML and OIDC attributes. This can be used to limit the number of attributes sent in the SAML assertion for multi-valued attributes. For example, 'memberOf' can be filtered to send the relevant groups the user is a member of and not exposing all the groups that the user belongs to.

DA-227

The Java Bouncy Castle cryptography API library has been updated to the latest version (bcprov-jdk18on v1.76). This resolves the vulnerabilities found in the the older library. It is now possible to upload RSA private keys to Digital Access without having to encode them to PKCS#8.

As part of this, support for the RADIUS protocol PEAP has been removed. However, it is still possible to use the Authentication Service as an external RADIUS server using protocols: PAP, CHAP, MSCHAP and EAP.

Minor improvements

Jira ticket no

Description

DA-1252

Upgraded Java JDK to version 17.

DA-1377

Implemented subject types 'Persistent' and 'Transient' in Open ID Connect.

DA-1414

Added a flag for the basic SAML and OIDC attributes - "Include in SAML assertion" and "Include in token" respectively. When enabled, the attributes will be included. This is useful when there are transformed attributes added and you do not want to send the basic attributes in the response.

DA-652

Added support for persistent cookie to enable app-to-app SSO (RFC-8252). If you intend to use this feature, contact Nexus support.

Corrected bugs

Jira ticket no

Description

DA-1299

There was an issue where saving Global user account settings with OATH enabled gave an error. This has been fixed.

DA-1348

There was an issue with storing the configuration while saving a OATH database. This has been fixed.

DA-1437

Edit Personal desktop and User Certificate authentication methods in Digital Access Admin hides the "Certificate Authority" field if the Personal mobile authentication method has "Enable Certificate Authority" disabled.

DA-1305

The 'Define Source' value was missing when copying attributes for SAML-federation. This has been fixed.

Contact information

For information regarding support, training, and other services in your area, visit www.nexusgroup.com/

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.