Skip to main content
Skip table of contents

Release notes Digital Access component 6.5.1

Version: 6.5.1

Release date: 2023-12-22

Important information regarding support for ECC keys

Support for ECC keys (DA-22) was introduced in Digital Access 6.5.1, which caused a new defect in Digital Access that may prevent a successful upgrade. This defect is resolved in DA-1816 and will be included in Digital Access 6.7.0 and higher versions.

The defect can be identified in the logs, see the example log lines below:

2024-04-19 10:46:09 FATAL 1021478 "Could not create server certificate for 0.0.0.0:443"

2024-04-19 10:46:09 INFO 1330301 "Reverting to last saved configuration"

Workaround

If an upgrade needs to be done to a version >= 6.5.1 before 6.7.0, the workaround is to re-upload the encrypted private keys in PEM/Base64 format, for all Server Certificates. Make sure to have this prepared before starting the upgrade.

Important!

SHA1 is no longer accepted by Digital Access for SAML signing

Digital Access as IDP will no longer accept SAML messages signed using SHA1 algorithm from DA version 6.4.0 onwards. All applications must use other safe and available algorithms.

If there are clarifications or concerns regarding the above, contact Nexus support for more information.

Features

Jira ticket no

Description

DA-22

Added support for Elliptic Curve Cryptography (ECC) certificates for the mTLS authentication in Digital Access. 

Currently ECC is supported only in Access point and the below algorithms are supported:

  • TLS_ECDHE_ECDSA_WITH_AES_128_CCM

  • TLS_ECDHE_ECDSA_WITH_AES_256_CCM

  • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 

  • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

  • TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256

  • TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384

  • TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256

DA-1524

When Digital Access acts as Identity Provider, added the capability to assign SAMLAuthncontext value to the IDPs added in the SAML federation so that the IDPs also get listed along with the basic authentication methods when the SP application passes a certain SAMLAuthncontext value.

You can modify the settings under Add/Edit Identity Provider > Attribute settings.

DA-1626

Added logging, in case of SAML SP sign authentication request by extracting digest from SAML request. There is also a check if SHA1 has been used and if so, a warning message is added to the audit log. The warning message includes information about the SP entityID and federation name. 

General recommendation: Use more secure algorithms for SP applications. Do not use SHA1.

Minor improvements

Jira ticket no

Description

DA-1485

There was an issue in case of OAuth2, when access rules were added in the clients that the order in which they were added was not saved and sorted correctly. This has been fixed.

DA-1193

There was an issue where a user belonging to a nested group in delegated management took a longer time due to recursion for login. This has been fixed.

Contact information

For information regarding support, training, and other services in your area, visit www.nexusgroup.com/

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close