Release date: 2023-10-30
The Smart ID release 23.10.2 fully replaces the releases for Smart ID 23.10 and Smart ID 23.10.1.
The Smart ID 23.10.2 release provides updates, improvements, and bug fixes to ensure high quality and security.
Updates for the components Smart ID Identity Manager, Digital Access, and Smart ID Messaging are included in this release.
Main new features
Http clients
This new feature allows easy configuration of connections with third-party Http clients. It offers many configuration options as well as integration in the process. Part of the configuration can be controlled by process variables and there is a generic way to handle the response and use it in the process. Basic parameters for the connection are set up independent of the process and reused in different processes. For more information, see Set up Http Clients in Identity Manager.
The new HTTP client task replaces the Rest Call Service Task which is now deprecated, see Miscellaneous standard service tasks in Identity Manager.
Integrated BPMN editor
Identity Manager Admin now comes with a full visual BPMN editor. This way it is possible to design and edit the full range of linear and non-linear processes in Identity Manager Admin. To be independent of Identity Manager installations and network issues there is also a standalone version, the Nexus Process Modeler. The standalone version will replace the Activiti designer Eclipse plugin in the future.
Accessibility in Smart ID Self-Service
Accessibility in Smart ID Self-Service has been improved especially for visually impaired users by adding information for screen readers, improving structure and complete keyboard navigation, especially tab key navigation. These features have been released over time as minor versions of 23.04 as well.
Security improvements
A new state-of-the-art algorithm is now used to generate password hashes to keep up security demands. Another security related features is the new possibility to encrypt configuration-files when they are downloaded.
Included in Smart ID 23.10.2
Smart ID Identity Manager 23.10.2
Release date: 2023-10-30
Features
| |
|---|
| CRED-4320 | As a security enhancement, it is now possible to encrypt configuration files when downloading in Identity Manager Admin or Identity Manager Operator. See Encrypt configuration files in Identity Manager for more information.
|
| CRED-13627 | A BPMN process editor has been added in Identity Manager Admin->Process Import has an extra tab when editing processes.
Adhoc-processes created with Process Designer should not be edited on the BPMN editor tab of Process Import. Process Designer might not be able to open them again.
|
| CRED-14913 | Nexus Process Modeler, a derivation from Camundas BPMN.io, is now available with special features to be used with Identity Manager. It can be used as an offline editor for non-linear business processes. The same functionality is integrated in Identity Manager Admin. The standalone version will replace the Activiti designer Eclipse plugin in the future.
|
| CRED-15231 | A new feature allows easy connection with http-clients. Values from the process map can be used to configure the request and from the response values can be extracted to be written in the process map. See Set up Http Clients in Identity Manager for more information.
|
| CRED-15278 | For Card-operations, PIN pad readers are now automatically detected. If a PIN pad is identified all PIN entries are made on the PIN pad. See Card initialization and credentials in Identity Manager for more information. |
| CRED-15373 | Password hashes for newly created passwords are now created with the memory-hard Argon2 algorithm. See Configure user password hashing in Identity Manager for more information.
|
| CRED-15610 | When using certificates in connection authentication, you can configure the issuing CA certificate or root certificate instead of configuring the server certificate directly. One example is when different servers with different certificates from the same issuing CA are used, both will be accepted if the issuing CA certificate is configured.
|
| CRED-15664 | The accessibility for Smart ID Self-Service has been improved. Some of the improvements are listed below: - Correct language setting
- Avoiding multiple scrollbars
- Tab key navigation
- Aria-labels
- Relevant information for screen readers
- Accessible modal messages
|
| CRED-15708 | In Identity Manager Operator, when an expression entered in a form does not match the validation pattern, the expression is now kept and can be corrected. |
| CRED-15744 | In Smart ID Self-Service, numbers are now shown in the current locale. |
| CRED-16153 | The AriadNext connector has been improved. It is now possible to define the .json-format as needed. See Set up AriadNext connector for more information. |
| CRED-16337 | With 23.04 the behavior of role assignment was changed by having IDs instead of names to enable renamed roles in the "Assign Roles automatically" task. However, this lead to problems when the configuration was exported/imported so the change has been reverted. |
| DEVOPS-1590 | The history-type entries ROLES_ADDED and ROLES_REMOVED have been added to make it possible to show role changes in the history of user objects. |
| DEVOPS-1604 | A new Service Task called "Set Variables in Process Map" has been added that allows to set the value of several variables at once. See Process - Standard service tasks in Identity Manager for more information. |
Corrected bugs
| |
|---|
| CRED-11015 | In Identity Manager Admin, you can select the layout of a form with two areas arranged vertically or horizontally. This option had different results when the form was displayed in Smart ID Self-Service (as expected) or in Identity Manager Operator (wrong behavior). This has been fixed. See the upgrade instructions on how to update forms: Upgrade Smart ID Identity Manager from 23.04.x to 23.10.2.
|
Digital Access 6.4.0
Upgrade docker
Upgrade docker to a version >= 20.10.10 before you upgrade Digital Access to this or higher versions, since docker <= 20.10.9 has compatibility issues with the OpenJDK version used.
Important!
SHA1 is no longer accepted by Digital Access for SAML signing
Digital Access as IDP will no longer accept SAML messages signed using SHA1 algorithm from DA version 6.4.0 onwards. All applications must use other safe and available algorithms.
If there are clarifications or concerns regarding the above, contact Nexus support for more information.
Features
Jira ticket no | Description |
|---|
DA-1116 | It is now possible to run Digital Access without databases that are not required. See Configure databases in Digital Access for more information. |
DA-1324 | Added capability for scanning QR code during self provisioning and authentication using the Smart ID Mobile App. The configuration to use QR code or username can be done in Digital Access Admin GUI under Personal mobile authentication method.
There is a known issue where the QR scan will not work if there is a user ID named ‘tmp’ in the DA system. ‘tmp’ is a reserved name and should not be used in the user database to avoid this issue.
|
DA-1117 | After upgrading to Digital Access version 6.4.0 or higher, you set the Reporting database connection from Digital Access Admin. The existing configuration from customize.conf will be read and saved in RemoteConfiguration.xml after the upgrade. However, the admin service should be restarted after upgrade once. For a fresh setup, it is mandatory to set the Reporting database configuration in Digital Access Admin only. See Configure databases in Digital Access for more information.
Before upgrading, make sure that the customize.conf file is present in the administration configuration files folder and that the Reporting database is configured.
|
DA-986 | It is now possible to send additional custom attributes in the SAML assertion and OIDC token which can be transformed by the basic attributes added in the assertion. Note that this will only work for single valued attributes for now. Also, it needs the basic attributes to be added first for the transformed attributes consuming these to work. Example 1: If the basic attributes include FirstName and LastName, a transformed attribute, for example GivenName, can be created which can be a concatenation of the above attributes = ${FirstName} ${LastName} Example 2: A custom transformed attribute can also be created by concatenating the basic attribute with a static string = ${FirstName} .test.com In case the transform attribute name and basic attribute name is same, the transformed attribute value will take precedence and will be sent in the SAML assertion even if the basic attribute has 'Include in SAML assertion' enabled. |
DA-1255 | Added Filter for SAML and OIDC attributes. This can be used to limit the number of attributes sent in the SAML assertion for multi-valued attributes. For example, 'memberOf' can be filtered to send the relevant groups the user is a member of and not exposing all the groups that the user belongs to. |
DA-227 | The Java Bouncy Castle cryptography API library has been updated to the latest version (bcprov-jdk18on v1.76). This resolves the vulnerabilities found in the the older library. It is now possible to upload RSA private keys to Digital Access without having to encode them to PKCS#8. As part of this, support for the RADIUS protocol PEAP has been removed. However, it is still possible to use the Authentication Service as an external RADIUS server using protocols: PAP, CHAP, MSCHAP and EAP. |
Minor improvements
Jira ticket no | Description |
|---|
DA-1252 | Upgraded Java JDK to version 17. |
DA-1377 | Implemented subject types 'Persistent' and 'Transient' in Open ID Connect. |
DA-1414 | Added a flag for the basic SAML and OIDC attributes - "Include in SAML assertion" and "Include in token" respectively. When enabled, the attributes will be included. This is useful when there are transformed attributes added and you do not want to send the basic attributes in the response. |
DA-652 | Added support for persistent cookie to enable app-to-app SSO (RFC-8252). If you intend to use this feature, contact Nexus support. |
Corrected bugs
Jira ticket no | Description |
|---|
DA-1299 | There was an issue where saving Global user account settings with OATH enabled gave an error. This has been fixed. |
DA-1348 | There was an issue with storing the configuration while saving a OATH database. This has been fixed. |
DA-1437 | Edit Personal desktop and User Certificate authentication methods in Digital Access Admin hides the "Certificate Authority" field if the Personal mobile authentication method has "Enable Certificate Authority" disabled. |
DA-1305 | The 'Define Source' value was missing when copying attributes for SAML-federation. This has been fixed. |
Smart ID Messaging (Hermod) 3.7.0
Features
Jira ticket no | Description |
|---|
PMOB-3880 | This release comes with updated docker base java 17.0.8.1_1. |
PMOB-3883 | This release comes with upgraded Spring Boot 3.1.4 and Spring Cloud 2022.0.4. |
Other components in Smart ID
Physical Access
This release does not contain any specific updates for the Physical Access component.
Upgrade Smart ID
See Upgrade Smart ID with general information regarding upgrading Smart ID. Also see Upgrade Smart ID Identity Manager from 23.04.x to 23.10.2.
Smart ID compatibility
Compatibility table
Smart ID 23.10.2 is compatible with the following component versions:
Smart ID deployment configuration
For details on the updated Smart ID deployment configurations, see:
Smart ID deployment configuration release note
CODE
All notable changes to this project will be documented in this file. Be aware that the [Unreleased] features are not yet available in the official tagged builds.
## [Release 23.10.2-2023-10-27]
### Added
### Changed
- Modified permissions of the 'certs' directory in init-smartid.sh to 755 (to allow Hermod to read the directory). [CRED-16526]
- Updated Prime Connectors version. [CRED-16153]
## [Release 23.04.9-2023-10-31]
### Added
### Changed
- Modified permissions of the 'certs' directory in init-smartid.sh to 755 (to allow Hermod to read the directory). [CRED-16526]
## [Release 23.04.7-2023-08-28]
### Added
- Added missing attestation key config to signencrypt.xml (fixes VSC). [CRED-16128]
## [Release 23.04.5-2023-07-17]
### Added
- Added a readme-wsl-dev.txt how to setup SmartID Docker containers in a WSL environment. [CRED-15948]
- Added environment variable to docker-compose.yml of authentication service.
### Changed
- Restored environment references for Digital Access and Physical Access containers [CRED-15915]
## [Release 23.04.4-2023-06-30]
### Added
- Added restart-all.sh for easy stopping and starting of all containers or a subset of them. [CRED-15854]
### Changed
- The variable DOCKER_NETWORK_MTU has the default value 1500 now. You are not forced to choose between several options. [CRED-15854]
- When executing init-smartid.sh a message informs you about the current MTU value and when it is recommended to reduce it. [CRED-15854]
- The names of most of the docker containers start with "smartid-" by default. This prefix can be changed now via variable DOCKER_CONTAINER_BASE_NAME in file smartid.env. [CRED-15854]
- The hostname of the postgresql container now has the DOCKER_CONTAINER_BASE_NAME prefix as well.
## [Release 23.04.3-2023-06-23]
### Added
- Added AriadNext Connector Docker image. [CRED-14963]
- Added file .gitattributes to make \*.sh and \*.env files always containing only LF instead of any CRLF. Fixed file datadog.env accordingly. [CRED-15795]
### Changed
- Escaped the ESC character (0x1B) in echo statements of shell scripts to avoid problems with Azure file preview and git diff output. [CRED-15795]
## [Release 23.04.2-2023-06-02]
### Added
### Changed
## [Release 23.04.1-2023-05-11]
### Added
- Added init-smartid.env to configure the docker network MTU. [CRED-14088 via CRED-15316]
- Added helperFunctions.sh and helperCreateLink.sh to be used by init-smartid.sh. [CRED-14088 via CRED-15316]
### Changed
- Replace deprecated docker network syntax in docker-compose.yml files. [CRED-14088 via CRED-15316]
- init-smartid.sh / stop-smartid.sh detect if docker needs sudo. [CRED-14088 via CRED-15316]
- init-smartid.sh now optionally removes files created by previous runs (postgres db, bootstrapped certs, etc). [CRED-14088 via CRED-15316]
- No explicit setting of env_file in docker-compose.yml files. [CRED-14088 via CRED-15316]
- Messaging database is now configured via MESSAGING_DB_URL var. [CRED-14088 via CRED-15316]
- stop-smartid.sh now uses the compose command "down" instead of "stop", which also removes the containers after shutting them down. [CRED-14088 via CRED-15316]
## [Release 23.04.0-2023-04-28]
### Added
- Added Workspace One Connector Docker image. [CRED-14215]
### Changed
## [Release 22.10.8-2023-11-27]
### Added
### Changed
- Modified permissions of the 'certs' directory in init-smartid.sh to 755 (to allow Hermod to read the directory). [CRED-16526]
## [Release 22.10.0-2022-09-20]
### Added
- Added ContentProviderJWSSigner descriptor in signencrypt.xml. [CRED-12232]
- Added renewFromKeypairs.sh to renew end-entity certs.
WARNING:
- This only works if you (re-)bootstrap with the updated createca.sh, as the old version discarded data required for renewal.
- Re-bootstrapping will invalidate any encrypted secrets and history signatures in IDM due to chaning the keys.
- Re-bootstrapping will also overwrite the certificates and keys in the docker deployment folder, so make a backup first,
so you can use the respective tools for re-signing and re-encrypting existing history/secrets.
### Changed
- automatically (re-)start mailhog
- fixed naming of traefik rules for mobile-iron
- Changed createca.sh to retain keypairs and CA metadata, so we can enable renewal (see above).
- Removed cRLSign attribute from ca.conf to avoid issues with failing CRL checks.
NOTE: This only has an effect on newly bootstrapped CAs.
## [Release 22.04.0-2022-05-05]
### Added
- Added Mobile Iron Docker image. [CRED-11817]
- Added new properties for MI image in smartid.env. [CRED-11817]
### Changed
- Changed properties for Nexus GO Cards API V2. [CRED-12951]
## [Release 21.10.0-2021-11-09]
### Added
- Added Digicert Global Root CA certificate. [CRED-11688]
- Added some Let's Encrypt root certificates. [DEVOPS-971]
- Added documentation for maxProfiles option to hermod-conf.yml
- Added `.yamllint` file to set default YAML linting config. [DEVOPS-1085]
- Added volume mapping for logs folder in IDM and Self Service. [DEVOPS-403]
- Fixed cacerts folder permissions in init-smartid.sh script.
- Added support for docker compose v2 command in init-smartid.sh script.
### Changed
- New properties for CAAS credentials in smartid.env (placeholders must be replaced before using Nexus GO Cards). [CRED-11688]
- Fixed some copy issues in the init-smartid.sh script.
- Changed the default selfservice config to include auth methods params example.
- It is now possible to change IDM language settings via system properties. [DEVOPS-860]
- It is now possible to change Self-Service configuration via `CONFIG_JSON` environment variable. [DEVOPS-945]
- Fixed typo. [DEVOPS-1090]
- Replaced Self-Service `IDM_URL`, `INSTANCE_ID`, `IDM_TENANT` by `APPLICATION_YAML` json. [DEVOPS-1127]
- Set logging driver to json-file (the default one) for all containers explicitly [DEVOPS-1136]
- Fixed YAML format. [DEVOPS-1085]
- IDM and SelfService now support custom translations and do not require mapping the whole translation files again. See doc for more info. [DEVOPS-1118]
- Change Import Logger to correct class [DEVOPS-1143]
- Switched to new image naming for IDM
- `nexus-prime/explorer` changed to `smartid/identitymanager/operator`
- `nexus-prime/designer` changed to `smartid/identitymanager/admin`
- `nexus-prime/tenant` changed to `smartid/identitymanager/tenant`
- `nexus-prime/updatedb` changed to `smartid/identitymanager/updatedb`
- `nexus-prime/ussp2` changed to `smartid/selfservice`
- Changed Smart ID version to 21.10.0
### Removed
- Removed Self-Service config.json file. [DEVOPS-945]
- Removed expired Let's Encrypt certificates. [DEVOPS-971]
- Removed translation files for IDM and SelfService. [DEVOPS-1118]
## [Release 21.04.0-2021-05-20]
### Added
- Default values for Selfservice tenant id and instance id. [DEVOPS-738]
- Added example format for MSSQL everywhere we build the DB URL (`${DBHOST}/${XX_DB_NAME}`) because MSSQL requires a different URL format. [DEVOPS-737]
- Include SANs from CSR in bootstrap TLS cert in `bootstrap/conf/ca.conf`.
- Generate tls certificate for non-treafik setup in `bootstrap/createca.sh`.
- Log4j2 config and template for json layout [DEVOPS-758]
- Datadog agent compose file, with some examples, see nexus and datadog documentation if you want to use it [DEVOPS-759]
- Added a check in `init-smartid.sh` that exits the script if user didn't fill the mandatory properties in `smartid.env` (thoose with <XX> value pattern). [DEVOPS-759]
- Added Physical Access Interflex PACS. [DEVOPS-752]
### Changed
- IDM DB will no longer be initialized through init-smartid.sh script. Initialisation has to be done manually by starting container in identitymanager/updatedb. [DEVOPS-739]
- Rename containers to use dash instead of underscore, so containerName can work for DNS lookup (underscore is not allowed in DNS names).
WARNING! This can cause issues if you use the new config with existing containers using the old names!
- Align idm update db naming to use the name "updatedb" everywhere
WARNING! This can cause issues if you use the new config with existing containers using the old names!
- Align digital access directory names with service names
- fix bootstrap cert folder permissions in init script
- Changed all HERMOD*\* properties to MESSAGING*\*. [DEVOPS-751]
- Moved each component's respective config into their own config folder. [DEVOPS-751]
- Made all volume mappings static in compose file, no more properties. [DEVOPS-751]
- Reorganized smartid.env to be split by component, making it easier to find component related properties. [DEVOPS-751]
- Internal ports (inside docker) are now static in the compose file. [DEVOPS-751]
- Moved postgres related properties outside smartid.env, because it is a separate tool not meant for production. [DEVOPS-751]
- Renamed service names in compose files to match their container name. [DEVOPS-751]
- Changed traefik version to 2.4.8. [DEVOPS-638]
- Changed file extension of generated certificates from `.base64` to `.cer`.
- Updated translation files for IDM. [DEVOPS-761]
- Updated Messaging config for 21.04 (Hermod version 3.1.1). [DEVOPS-802]
- Changed chmod command to give permission 700 instead of 600, because hermod needs execute permission.
- Updated SmartID version to 21.04
### Fixed
- Fixed typos in the strings that are echoed to the user during the initialisation. [DEVOPS-646]
### Removed
- Removed unused properties in smartid.env. [DEVOPS-751]
- Removed unused ports for Physical Access. [DEVOPS-752]
- Removed Physical Access config files. Configuration is now handled using environment variables. [DEVOPS-752]
- Removed TZ from all docker-compose files. Since it is set in `smartid.env` which is mapped using `env_file`, declaring the variable a second time in `env` was not necessary.
## [Release 20.11.2-2021-03-23]
### Added
- If you say Yes to the question if Digital Access shall be deployed in the host, it will make it possible for the containers to listen on 80 and 443. [DEVOPS-540]
### Changed
- Bump SmartID version to 20.11.2
- Updated IDM translation files with newer ones. [DEVOPS-561]
- Adjust volumes for hermod certificates. [DEVOPS-651]
- Removed Selfservice hotfixes introduced in previous release. [DEVOPS-626]
### Fixed
- Fixed tenant startup by removing mapped sign encrypt configuration, so it uses the default one from inside the container. Since IDM Tenant uses less certificates, the same config as IDM operator or admin cannot be used.[DEVOPS-640]
- Fixed the copy_files.sh script used in IDM operator, admin and tenant [DEVOPS-692] + [DEVOPS-656]
## [Release 20.11.1-2021-02-18]
### Added
- Added issuing and root CA certificates to IDM containers for config signing (These certs should NEVER be used for production). [DEVOPS-549]
- Added hotfix for SelfService -> IDM connection [DEVOPS-626] Has to be removed with 20.11.2+
### Changed
- Update sign-encrypt engine to the newest state. [DEVOPS-549]
- Update version number to 20.11.1
## [Release 20.11.0-2021-02-01]
### Added
- Added mailhog as tool in /tools/mailhog. The tool can be used to test to send emails in Digital Access and Identity Manager. [DEVOPS-482]
### Changed
- Set false on traefik network in the traefik, adminer and mailhog to be enabled in traefik by default. [DEVOPS-486]
- Changed file extension of generated certificates from `.crt` to `.base64`
- Changed so that identity manager Admin and Operator do not require signed configurations/modules for uploading and downloading them by default. [DEVOPS-515]
### Fixed
- Fix environment variable usage inside traefik config file. [DEVOPS-514]
## [Release 20.11.0-2020-12-22]
### Added
- Added support for selfservice branding. [DEVOPS-471]
- Added log4j volume mapping for idm containers. [DEVOPS-470]
### Changed
- Updated traefik version to 2.3.4 [DEVOPS-464]
- Renamed selfservice container from "idm_selfservice" to "selfservice".
- Renamed all environment variables starting with "IDM_SELFSERVICE_x" to "SELFSERVICE_x".
- Changed Hermod config to disable by default some end-points and to hide sensitive data in logs. [DEVOPS-484]
- Improved the `stop-smartid.sh` script to handle dynamically all docker-compose stop commands and to work regardless of where the script is called from.
- Improved the `init-smartid.sh` script to work regardless of where the script is called from.
- Improved the `createca.sh` script to work regardless of where the script is called from.
- Renamed `idm-selfservice-language.json` to `idm-selfservice-config.json`.
### Fixed
- Fixed volume mapping for selfservice tomcat server.xml by using a separate variable than identitymanager.
- Fixed French translations for IDM and Selfservice.
## [Release 20.11.0-2020-12-07]
### Added
- Added `postgres/init/init-smartid-databases.sql` so that Physical Access database is created when starting up postgres. The "pauser" is created, and a default password is set.
- Added LE CA Certificate to cacerts. [DEVOPS-455]
- Added AJP port variables in smartid.env and use them in identitymanager docker-compose files. Also added AJP Connector in `config/idm-tomcat-server.xml`, which has to be enabled manually (and port set accordingly). [DEVOPS-348]
- Add following new features to the identitymanager docker-compose files: [DEVOPS-406]
- Support for new CA store volume mapping
- Support for new system properties environment variable
- Support for new DB properties environment variables
- Support for new spring bean volume mapping. See `IDM_VOLUME_PATH_SPRING` in `smartid.env`.
- Support for new jars volume mapping. See `IDM_VOLUME_PATH_LIBS` in `smartid.env`.
- Support for new class files volume mapping. See `IDM_VOLUME_PATH_CLASSES` in `smartid.env`.
- Add following new features to the selfservice docker-compose file: [DEVOPS-406]
- Support for new CA store volume mapping
- Support for new IDM url environment variable
- Added adminer as tool [DEVOPS-407]
- Added maxVersion for TLS to be 1.2 due to compatibility issues with some mobile devices. [DEVOPS-413]
### Changed
- Changed smartid version to 20.11.0.
- Moved "/certs/boostrap" to "/boostrap".
- Changed postgres version in smartid.env from 9.6.18 to 12.5. [DEVOPS-431]
- Split identity manager containers into their own docker-compose files: [DEVOPS-382]
- Added `identitymanager/admin/docker-compose.yml`
- Added `identitymanager/tenant/docker-compose.yml`
- Added `identitymanager/init-db/docker-compose.yml`
- Added `identitymanager/operator/docker-compose.yml`
- Adapted `init-/stop-smartid.sh`, and paths inside `smartid.env` and some docker-compose files to fit new docker-compose yaml files. [DEVOPS-382]
- Change the ini-smartid.sh script to ask if traefik is going to be used as Ingress/proxy. [DEVOPS-408]
- Changed in `config/hermod-conf.yml` some values to <IDM-HOST-HERE> and <DA-HOST-HERE> on client samples.
### Removed
- Removed MSSQL from deployment package, since Physical Access now support postgres. [DEVOPS-448]
- Removed unnecessary variables in `smartid.env`.
- Removed identitymanager compose docker-compose file. [DEVOPS-382]
- Removed entrypoint definition from identitymanager docker-compose files. [DEVOPS-406]
- Removed pgAdmin and portainer and its variables from smartid.env. [DEVOPS-407]
- Removed modern and old options for tls in `config/traefik/traefik-tls.yml`. [DEVOPS-413]
- Removed TRAEFIK_TLS_OPTION from smartid.env. [DEVOPS-413]
- Removed identitymanager spring beans because we changed how handle them.
- Removed samples.
## [Release 20.06.1-2020-10-27]
### Added
- Added port forwarding to hermod container in the messaging docker-compose file.
- Added spring bean files for identitymanager in `config/idm/spring_operation` and spring_admin.
- Added translation files for identitymanager in `config/idm/translation_id`m and for selfservice in `config/idm/translation_selfservice`.
- It is now possible to enable Strict SNI using TRAEFIK_TLS_STRICTSNI=true
### Changed
- changed smartid version to 20.06.1.
- Changed HERMOD_DOMAIN_PREFIX from "mb" to "messaging".
- Changed the DB init/update script behavior, can be controlled with `IDM_DBUPDATE_SCRIPT` in smartid.env.
- Changed `traefik-tls.toml` file to YAML and used variables from .env file. Possibility to change TLS certificate file names TRAEFIK_TLS_DEFAULT_CERTIFICATE and TRAEFIK_TLS_DEFAULT_CERTIFICATEKEY.
- Improved the `init-smartid.sh` script.
- Moved seflservice to a separate docker-compose file.
### Fixed
- Fixed the jdbc url for `config/da-admin-customize.conf`.
### Removed
- Dropped `restart: always` for identittymanager init-db.
- Removed explicit DBHOST naming in `smartid.env` to force user to set its own value.
## [Release 20.06.0-2020-09-28]
### Added
- Added possibility to add custom-beans for IDM Operator and Admin, in `config/idm`.
- Added possibility to change translation for IDM Operator, Admin, Selfservice and Tenant.
- Added IDM_DB_QUARTZ example for MSSQL, Oracle and DB2.
- Added `container_name` for all containers in:
- identitymanager/docker-compose.yml
- traefik/docker-compose.yml
- Added docker hostname for postgresdb DB_HOST in `postgres/docker-compose.yml`, this will make test deployment work from start.
- Added docker hostname for mssqldb PA_DB_HOST in `mssql/docker-compose.yml`.
- Added `restart: always` to all containers. All containers will the start up after re-boot, if they have been started once before.
- Included SAML example files for IDM in `/samples/idm_saml`.
### Changed
- Changed smartid version to 20.06.0.
- Changed explorer/operator url in `idm-selfservice-application.yml`.
- Changed location of Identity Manager SAML samples files from `/docker/compose/examples` to `/samples/idm_saml`.
- Updated `init-smartid.sh`:
- Now check if docker and docker-compose are installed, if not the script will exit.
- Now asks if the deployment is a production deployment, if "Yes", the script will complete and deployment configuration can be done. If "No":
- Ask if postgres and/or mssql shall be deployed and started.
### Fixed
- Moved comments in `smartid.env` file to be on a separate line instead of behind the value. This was breaking the applications since comments would be evaluated as part of the value.
- Fixed `init-smartid.sh` so that it works properly on CentOS.
- Fixed a typo for variable `IDM_DB_QUARTZ`.
- Fixed typo in idm-operator container in `identitymanager/docker-compose.yml`, in the path to the castore.jks.
## Removed
- Removed `init-smartid-test.sh`, it is included in init-smartid.sh.
For information regarding support, training, and other services in your area, visit www.nexusgroup.com/. Nexus offers maintenance and support services for Smart ID components to customers and partners.
For more information, go to Nexus Technical Support or contact your local sales representative.
