Release note Smart ID 20.06.1
Version: 20.06.1
Release Date: 2020-10-16
Component versions
Smart ID 20.06.1 is compatible with the following component versions:
Smart ID components | Legacy version | Smart ID version |
---|---|---|
PRIME 3.12.8 | 20.06.1 | |
6.0.2 | ||
2.5.0 | ||
Other Nexus components | Version | |
5.6 or 5.7 | ||
8.1 | ||
1.3.6 | ||
5.0 | ||
2.0 | ||
4.30.2 or 5.1 |
Detailed feature list
Features
Jira ticket no | Description | Digital Access | Identity Manager & Self-Service | Physical Access | Messaging |
---|---|---|---|---|---|
CRED-9564 | Modify attributes in uploaded Pkcs#10 requests A new service task is added that allows to modify attributes of an uploaded Pkcs#10 certificate request when using Nexus Certificate Manager as PKI. Read more here: Standard service tasks in Identity Manager: "Cert: Execute Modified PKCS10 Request" | X | |||
CRED-9697 | More attributes can be extracted from X.509 certificates Extended standard service task for X.509 certificate attribute extraction. Now also keyType, keyUsage, extKeyUsage, hashAlgorithm, cdpUrls and ocspUrls can be extracted from the certificates. Read more here: Standard service tasks in Identity Manager: "Cert: Extract Certificate Attributes". | X | |||
CRED-9802 | Change the secret fields encryption keypair with command line tool Certificate rollover/re-encryption of encrypted fields in the Identity Manager database can now be done with a corresponding command line tool. Read more here: Change Encryption key of secret field store. | X | |||
CRED-9829 | Improved authentication in Smart ID Agent The Smart ID Agent now also supports authentication via client certificate. Read more here: Smart ID Agent (DataSyncProxy) in Identity Manager and here: Access local services from Identity Manager in the cloud. | X | |||
CRED-9865 | Logging for SAML has been extended Extended logging for SAML authentication process on log level INFO. | X | |||
CRED-9886 | Loading latest encryption certificate from LDAP A new standard service task is added that allows to retrieve the latest encryption certificate for a certain user from an LDAP directory. Read more here: Standard service tasks in Identity Manager: "Process: Search the newest Encryption Certificate". | X | |||
CRED-9961 | Extended logging Extended logging for Certificate REST API (aka Autoenrollment). | X | |||
CRED-9988 | Introduced the Hybrid Profile concept A new "hybrid profile" option was added to the VSC use cases, supporting both TPM (and as fallback) Windows certificate store provisioning. Read more here: Read more here: Standard service tasks in Identity Manager: "Personal Messaging: Create key on VSC and Install cert on VSC". | X | |||
CRED-10106 | Improved language selection in Smart ID Self-Service A language selection is added to the Smart ID Self-Service screen, which is available after login as well. So, users can now select the language before authentication but also at any time when they are working in the Smart ID Self-Service. | X | |||
CRED-10118 | Improved user experience for smart card encoding In Smart ID Self-Service, when encoding smart cards via Smart ID Desktop App, the user experience and error handling has been improved. No need to do an additional "Next" click after encoding, and the self-service screen is locked so that you can't accidentally switch the page. | X | |||
HAG-856 | Core dump files are enabled by default Previously, core dump files for the Access Point where not enabled by default. This had the disadvantage that a crash was not recorded at the first occurrence. This setting is now enabled by default. | X | |||
HAG-1827 | Support for Freja Organisation eID With Digital Access you can now use Freja Organisation eID for authentication. This was integrated in the existing Freja authentication method. Furthermore, it is now possible to request user attributes from Freja together with the authentication. For more information, refer to the help pages of the Freja authentication method in Digital Access Admin. See also Freja eID in Digital Access and Set up Freja eID authentication in Digital Access. | X | |||
HAG-2210 | Digital Access complies with changes of Swedish eID framework specifications Digital Access will no longer require a -sigmessage in the authentication context in order to display the signing message to the user. Furthermore, a new attribute signMessageDigest was introduced in the response sent by Digital Access to prove that the signing message has been displayed to the user. Read more here: Use authentication methods in Digital Access for signing over SAML. | X | |||
PMOB-1866 | Added support for UVID command for allowing a collaborating service to update visual data for an existing mobile virtual smartcard (profile) on the device. | X | |||
PMOB-2234 | Added support for HTTP 308 (MOVE) per client, in order to simplify migration of users from one system to another. | X | |||
PMOB-2272 | Added support for Prometheus scrape in order to get metrics. | X | |||
PMOB-2332 | Added support for the option deletereader in the delete command, that can be true or false and controls if the virtual smart card shall be deleted or not when the profile is deleted. | X | |||
PMOB-2385 | Adding metrics for each client call to the command api, to be able to measure how much different clientIds use the system. | X |
Corrected bugs
Jira ticket no | Description | Digital Access | Identity Manager & Self-Service | Physical Access | Messaging |
---|---|---|---|---|---|
CRED-8776 | Fixed an issue around state selection in the search filters when using a multi-level search in the Extended Search view. Wrong states were displayed in that case. | X | |||
CRED-9379 | Fixed a security flaw when concurrent SAML authentication is done on a multi-tenant system. | X | |||
CRED-9528 | Fixed the error handling in SAML configuration: if password for the uploaded certificate key store is wrong, now a correct error message is shown. | X | |||
CRED-9537 | Fix for disabling REST APIs which were still active while Identity Manager was in maintenance mode. | X | |||
CRED-9578 | Fixed rendering of line breaks in translated labels for Self-Service. | X | |||
CRED-9686 | Fixed an issue in Batch Order: when opening an existing order, removing one item of the objects in the order list didn't work. | X | |||
CRED-9724 | Security fix for JUEL expression language. | X | |||
CRED-9761 | Avoids an unwrapping private key error with PKCS#12 files by repackaging. | X | |||
CRED-9763 | Updated "jetty" library to a newer version to fix known vulnerabilities. | X | |||
CRED-9775 | Fixed handling of empty serial number value in standard service task for SCEP registration. Now the empty value is send to Certificate Manager instead of "null". | X | |||
CRED-9792 | Fix for ActionExceptions, showing resource tags instead of translations in the UI. | X | |||
CRED-9839 | Fixed an issue in the cookie handling of Self-Service (failed authentication) when having a lot of data (e.g. via additional fields) in the user record. | X | |||
CRED-9854 | Fixed display of username and IP address in in object history (was not shown anymore). | X | |||
CRED-9874 | Fixed a displaying issue with text fields in Identity Manager, Admin and Tenant. | X | |||
CRED-9876 | Fixed field validation for read-only fields in user forms for Self-Service. | X | |||
CRED-9898 | Fixed starting BPMN process in BatchSync when no target core template is selected. | X | |||
CRED-9905 | Solves an issue with the DB Updater failing on Oracle DBs with multiple Identity Manager schemes. | X | |||
CRED-9947 | Solves a NullpointerException with BatchSync. | X | |||
CRED-9959 | When reloading a form that contains validation rules on a date field, a second time in Smart ID Self-Service it was not displayed correctly. This has been fixed now. | X | |||
CRED-10084 | Fixed error handling for smart card encoding in Smart ID Self-Service when canceling the PIN dialog. The error is now thrown correctly in the extended error mode and can be handled via a corresponding boundary event in the BPMN process. | X | |||
HAG-1787 | No user details are available in Freja over XPI. | X | |||
HAG-2160 | If Distribution Service is down, Administration Service does not come up. | X | |||
HAG-2184 | Template Not Found warning appears in admin system log for Freja authentication method. | X | |||
HAG-2187 | Display Name attribute is not loading correctly when using Freja or OpenID Connect authentication method. | X | |||
HAG-2206 | Upgrade to Digital Access version 6.0 failed caused by Distribution Service. | X |