Secret Fields comparator task

A new service task is introduced to validate secret fields. Two secret fields can be configured, the service task will check if the content is equal (e.g. to implement PIN/ password verification use cases). For more information, see: Standard service tasks in Identity Manager: under Process: Secret Fields comparator service task.

Separate service task for certificate Windows Cert Store publication

Introduced a separate service task to publish certificates to Windows certificate Store via Smart ID Desktop App. Windows Cert Store feature was introduced already with the 20.11.0 release but needed to be configured via the virtual smart card (VSC) service task. Configuration via the new dedicated service task is more convenient.

For more information, see: Standard service tasks in Identity Manager: under Personal Messaging: Create Key on Windows Cert Store and Personal Messaging: Install Cert on Windows Cert Store.

Extended EST and SCEP registration

the service tasks for EST and SCEP registration have been extended. Now any DN or SAN certificate attribute can be added to the registration request.

For more Information see: Standard service tasks in Identity Manager: under Certificates: Create SCEP order request and Certificates: Create EST order request.

Possibility to write additional certificate on SITHS card

It is now possible to write an additional certificate on a SITHS card (Gemalto SIS EID IP1 profile) via the NetID v6.8.2.38_1992 middleware client. For more information, see: Encoding of SITHS cards with Identity Manager.

Improved system performance for MS SQL environment 

The database field types in the tables ACL_CLASS and ACL_SID are changed from varchar to nvarchar. This improves the system performance on an MS SQL environment with a large database.

Improved system performance for MS SQL environment

Added a computed column when using MS SQL Server in the CoreObject Table to improve performance on an environment with a large database.

PMOB-2701

Improved retry logic for SQL queries when lock exceptions occur.

When Digital Access acts as Service Provider, it now accepts new lines in the SAML response from the Identity Provider.

When the OATH DB config settings are changed, after publishing from admin there is no need to restart the Authentication service now. The service will apply the changes and connect to the new DB.

Improved the user experience for callback (switching between browser and Smart ID Mobile App), in case of same device authentication for Smart ID Mobile App.

Added support for Android + Chrome and Firefox, iOS + Chrome, Safari and Firefox.

Known issues:

• Android + Firefox -> redirecting back to the browser not working but after switching manually, able to login.
• iOS + Firefox -> redirect works intermittently, sometimes it shows the auth method page and then clicking on PM same device authentication it logs in. 

Fixed the issue of SAML session attributes getting lost when acting as SAML Proxy and entering different Policy services.

Added ability to pass "tokenGroups" attribute in the SAML response when Digital Access acts as an Identity Provider.

Removed the Contact link from the login page footer. In case it needs branding, the link can be added to the bottom.html page under includes/login folder.

Fixed the behavior of multiple search buttons in combination with ObjectList component in a user form. Results from the different search buttons have been mixed up in the result lists. The ticket was reopened again after 20.11.0 and another error fixed in 20.11.1.

Improved error handling in PGP publication task: the error is now caught and handled properly if the provided serial number does not exist.

When encoding certificates on a smart card, that were issued by the D-Trust connector, the intermediate certificate could not be written. This has been fixed.

Fixed a memory leak in handling of cached connection in the PKI connector to Certificate Manager.

The CSV import service task (that is, client-side file upload) did not build the CoreObject DescriptorList correctly after import, which is needed for example for further processing in multi-instance tasks. This has been fixed.

Corrected logging of errors in REST interfaces of Identity Manager. Previously, a number of HTTP 500 errors have not been reported correctly into the logfiles. This has been fixed.

Fixed upload functionality for server-side Card SDK license in Identity Manager.

Removed data type "long" on data pool configuration in Identity Manager Admin. This was accidentally added as a new type with 20.11.

Improved error handling of change state task when an invalid state transition is done. The error can now be handled in the BPMN process.