Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 10 Next »

Version: 20.11

Release Date: 2020-12-07

Main new features

The Smart ID 20.11 release provides major updates in Identity Manager, Self-Service and Physical Access. The Digital Access and Messaging components are providing minor improvements and bugfixes only. All components also provide several bugfixes and library updates to ensure high quality and security.

New APDU encoding framework

The new APDU encoding framework in Identity Manager allows to encode smart cards now also with low-level APDU commands, besides the standard middleware encoding.

The feature is important for customers in the public sector, for eIDAS and LoA3 cases – in general where high security on the card encoding level are demanded. APDU scripts are easily configured in Identity Manager and executed via Smart ID Messaging and Smart ID Desktop. See also APDU script applications for PKI cards in Identity Manager.

Improved user forms in Identity Manager and Self-Service

It is now possible to configure URLs to external web resources in a user form and to configure individual file names for file downloads in a form. Also, the forms in processes to issue or lock virtual smart cards and mobile virtual smart cards have been simplified for the users. 

Several updates for Physical Access

The Physical Access component introduces several updates on the PACS connectors, such as the new RCO Admin API, the new connector to Siemens SiPass and a PACS Simulator for test and demo purposes.

Smart ID compatibility

Smart ID 20.11 is compatible with the following component versions: 

Detailed feature list

Features

Jira ticket noDescriptionDigital AccessIdentity Manager & Self-ServicePhysical AccessMessaging
CRED-9443

Database indices added

3 database indices have been added to the Identity Manager database to increase performance in large environments.


X

CRED-9675

groovy-dateutil library added

The groovy scripting library was updated to the latest version in the previous release. Due to some restructuring in groovy, some functionalities around date formatting got lost. Therefore the groovy-dateutil library was added now to the standard deployment to provide this functionalities again in Smart ID.


X

CRED-10226

Extended several field lengths in the database

Extended the max length for several core fields in the Identity Manager database (such as firstname, lastname, email, title etc.) in the tables "Person", "Card" and "Request".


X

CRED-10277

"Locale" added to service task

Added "Locale" as additional attribute to the service task "Process: Copy Values of LoggedIn User to Process Map". see Standard service tasks in Identity Manager.


X

HAG-2258

Updated help text

Updated text to "Smart ID Digital Access" in the Digital Access Admin interface and in the help pages.

X


IDC-1219

Added logging of RabitMq

Added logging of the Message Queue (RabitMq) to the standard logs of Physical Access.



X
IDC-1648

Improved connector status heartbeat

The connector status heartbeat in Physical Access has been improved. It now also updates the status after the connector was shut down.



X
PMOB-2442

Change in configuration setting

The hideSensitive configuration setting in the Smart ID Messaging component Hermod is set to 'true' as default.




X
PMOB-2456

Added validation in the 'to' list

Added validation to make sure that null isn't used in the 'to' list in the Smart ID Messaging component Hermod.




X
PMOB-2494

Added a testMode option

The Smart ID Messaging component Hermod now has a testMode option that automatically triggers a load test simulator for prov, auth and sign.




X
PMOB-2498

Added database indices

Database indeces have been added to foreign key source tables in the Smart ID Messaging component Hermod.




X
PMOB-2502

Added return status for database lock

The return http status 503 has been added to the Smart ID Messaging component Hermod. It will be sent if a database lock cant be acquired after retries.




X
PMOB-2510

Added retry to sql queries

Added retry to sql queries if a database lock cant be acquired in the Smart ID Messaging component Hermod.




X
CRED-7630

Extended list view for configuration items

To improve usability, the list views of several configuration items in Identity Manager Admin are extended. For example, Data Pools, all Core Templates and Search Configuration now show more columns with additional information in the corresponding list menus.


X

CRED-9045

Support for TLS in SMTP connector

Support for TLS has been added in Identity Manager in the SMTP implementation to ensure an encrypted email communication.


X

CRED-9114

Added date format configuration in mappings

In the "mappings" configuration of Identity Manager, it is now possible to define date formats for fields of type date or timestamp, if the mapped field is not exact match but of type string. This enables the possibility to implicitly convert date to string or vice versa via mapping. The typical and most important use case for this feature is BatchSync to, for example, import data from a string field (e.g. from CSV) into a date field in to Smart ID without any further, explicit conversion. See Set up mapping in Identity Manager.


X

CRED-9513

Extended remote printing capabilities

With this release of Smart ID it is possible to configure different locations of Card SDK printer stations in Identity Manager Admin. In the card production workflow it then can be decided (either automatically via certain attributes in the background or manually by an operator) on which location the card shall be printed. The Card SDK does not need to be installed in the Operations client but can be any Card SDK client that is connected to the Identity Manager Server. See Set up printers in Identity ManagerSet up form in Identity Manager and Set up process in Identity Manager.


X

CRED-9659

Mobile App OTP can be activated

The standard service task in Identity Manager for provisioning to Smart ID Digital Access has been extended. Now it is also possible to provision Smart ID Mobile App for OTP authentication. See "HAG: User provisioning" in Standard service tasks in Identity Manager


X

CRED-9699

Possibility to expand object relation view by default

So far, the object relation view in Identity Manager was by default shown collapsed. It can now be shown expanded by default via a setting in Identity Manager Admin.


X

CRED-9708

Support for hiding the device encryption certificate

The device encryption certificate can be hidden (for internal communication purposes) for Smart ID Desktop and Mobile App.


X

CRED-9739

Introducing APDU encoding framework

It is now possible to encode smartcards directly via APDU scripts, as well as via Pkcs#11 middleware. APDU scripts can be configured (uploaded, modified) together with the Encoding Descriptions in Identity Manager Admin. For that purpose, the Editor, used for Encoding Descriptions has been extended to let the Administrator edit any additional file attached to the encoding (such as .cpf card profiles, APDU scripts and others). During runtime, the APDU scripts will be send to the client and executed via Smart ID Messaging and Desktop App. See APDU script applications for PKI cards in Identity Manager.

With this new feature it is possible to execute high sophisticated card encodings e.g. for eIDAS use cases, qualified signature cards etc. via standard functionalities.


X

CRED-9801

HTTP(s) links to 3rd party resources in user forms

It is now possible to configure a link to HTTP(S) 3rd party resources in the user forms, for example, to redirect to an intranet portal or to download a security policy document via Self-Service or Identity Manager Operator. the URLs to the resources can either be static configuration or dynamically created via runtime data. See Set up form in Identity Manager.


X

CRED-9930

New standard service task for logging

A new standard service has been implemented in Identity Manager to be able to write certain, custom specific entries into the logfile during the BPMN process execution. The service task allows to configure the loglevel that should be used and also write either static content or dynamic content, resolved from the process map, into the logfile.See " Process: Log something in the log file" in Standard service tasks in Identity Manager.


X

CRED-9937

Improved service task to set value in process map

The standard service task "Process: Set Value of Variable in Process Map" has been extended: now it is possible to not only set fixed values but also use a JUEL expression to resolve parameters from other data fields. See "Process: Set Value of Variable in Process Map" in Standard service tasks in Identity Manager.


X

CRED-9946

Customized file names for download buttons

It is now possible to customize the file names when downloading binary data (e.g. photos, pdf, certificates etc.) from Identity Manager or Self-Service. The format of the filename can be defined in the form design (via fixed values and dynamic values created out of data pool fields). See Set up form in Identity Manager.


X

CRED-9968

Support for Smart ID Certificate Manager 8.3

Updated Nexus Certificate Manager integration - supporting the latest version of Certificate Manager via Identity Manager.


X

CRED-10012

Extended the CSV upload service task
The standard service task to process CSV files uploaded on the client has been extended:

  • the handling of columns to be imported has been improved: a mapping of the fields (csv to import pool) can be defined and columns can be ignored
  • it is now possible to define the delimiter
  • it can be configured whether the CSV contains a header line or not
  • result lists are available in the BPMN process map for further processing of imported or updated records in the workflow

See "Miscellaneous: Import CSV file" in Standard service tasks in Identity Manager.


X

CRED-10086

Added use of PIN pad readers for card encoding

Encoding of smart cards in combination with a PIN pad reader was not implemented in combination with Desktop App so far. This has been added now, so that end users, encoding their smart card in Self-Service also can use a PIN pad reader.


X

CRED-10138

Added support for registration requests via the EST protocol

Similar to the already existing ACME and SCEP registration now also registration requests for the EST protocol is supported via a standard service task in Identity Manager. See "Cert: Create EST order request" in Standard service tasks in Identity Manager.

(This feature is only available in combination with Smart ID Certificate Manager.)


X

DEVOPS-400

Added options for Self-Service login

Added flexibility and configuration options of the Self-Service login screen:

  • it is now possible to decide if SAML login should always be forced directly or if the user ends up on the login screen and can decided login method (including SAML login via a new button)
  • all available login methods (SAML SSO, username/password and certificate) are now configurable, so that any of these method can be activated or deactivated for the end users

See Enable two-factor authentication to Identity Manager clients via SAML federation and Set up authentication profile in Identity Manager.


X

DEVOPS-85

Changed configuration of CA certificates for Identity Manager

Instead of creating a java keystore with CA certificates for Identity Manager to trust, the certificates can now be added to a folder and they will be loaded into Identity Manager at startup. Supported formats are .base64 and .cer


X

DEVOPS-95

Changed configuration of database properties for Identity Manager

The configuration file database.properties is no longer needed. Database settings are now set using environment variables. 


X

DEVOPS-382

Improvements in Docker configuration

Several improvements in the Docker configuration of Smart ID have been implemented in this release. Most requested feature was splitting up the compose files for the different services. The Identity Manager but also the Digital Access dockers have now separate configurations so that it is easier to deploy the solution distributed over multiple servers. 

See Deploy Smart ID and Smart ID deployment configuration release note.

XX

HAG-723

Added support for SMB v2.0 and v2.1

The Common Internet File System (CIFS) version used by Digital Access is now updated to a later version. Prerequisite for customers is to upgrade the SMB version to v2.0 or v2.1 as v1.0 won't be supported after this.

X


IDC-1067

Added support for PACS Connector Siemens SiPass

Support is added for a new Standard PACS connector in Physical Access. Now Siemens SiPass is supported for all standard use cases in Smart ID Physical Access.



X
IDC-1569

Added support for PostgreSQL

Added support for PostgreSQL (version 11+12) for Physical Access.



X
IDC-1573

Added support for new RCO Admin API

With the latest release of RCO R-Card M5 a new REST Admin API was introduced. Smart ID Physical Access supports this now as well (in addition to the old RCO API).



X
IDC-1604

Improved error handling in Web API

The error handling of the Physical Access SCIM interface - which is the main communication channel with Identity Manager - has been improved to avoid potential data loss during provisioning.



X
IDC-1665

Introduced PACS Simulator

With this release, a new PACS Simulator for Physical Access is introduced. The simulator comes as an ordinary PACS connector as part of Smart ID but does not communicate with a real PACS. it just simulates the communication and writes the results into files. The purpose of this connector is to run tests, demos etc. of the Smart ID Physical Access package also in an offline demo environment.



X

Corrected bugs

Jira ticket noDescriptionDigital AccessIdentity Manager & Self-ServicePhysical AccessMessaging
CRED-7317

Fixed an issue in the Procecss Task for creating custom entries in the Object History. The custom values was not visible completely in the Object History list.


X

CRED-9305

Fixed error handling during card encoding via Desktop App. When Messaging Server was not reachable, a cryptic message was displayed on the screen.


X

CRED-9376

Fixed an issue with with popup window, for mandatory fields that are missing in user forms of Identity Manager. It could happen that the popup did not show up after process got canceled and restarted a second time.


X

CRED-9390

Fixed a bug in the tenant application of Identity Manager. When deleting a tenant, the signature of the object history got broken when working with multiple tenants.


X

CRED-9580

Translation of headlines in user forms did not work properly when logging in via SAML in Identity Manager Operator. This is fixed now.


X

CRED-9627

The "resultCount" variable of the "AssertUniqueness" task was not filled up if there was no result. This has been fixed now, empty results the variable is set to "0".


X

CRED-9676

Fixed an issue when changing active/inactive state in the "HAG: User Provisioning" standard service task. Depending of on the state configuration it could happen that the state change failed.


X

CRED-9696Display of user roles in Object History was not updated correctly when changing selection of history entry. This is fixed now.
X

CRED-9759

Fixed a concurrency issue when executing standard service tasks for Personal Messaging.


X

CRED-9774

The List/Selection view for Batch Orders had an issue that the underlying search configuration was chosen randomly if multiple search configs for that purpose had been configured. Due to lack of a configuration element to explicitly select the search config, now always the first search config that is configured in the corresponding Order Template will be used.


X

CRED-9812

Setting a hidden or read-only date value as filter criterion in a search configuration was not possible. This is fixed now


X

CRED-9867

Fixed an "Internal Server Error" issue (related to certain authentication profile configuration) when downloading a configuration file from Identity Manager Admin.


X

CRED-9948

Fixed an issue with downloading P12 files in Smart ID Self-Service.


X

CRED-9989

Order CoreObjects where not capable of handling coreObjectDescriptors in all cases: the referenced objects (via the "CoreObjects" data field) only provided CoreObject IDs. This has been fixed now.


X

CRED-9992

"New process" in batch order details view are made invisible. it has no meaning there and could be executed accidentally.


X

CRED-10003

Added missing FK index on CertificateBinaryDataMap table for Oracle DB. Missing index did lead to locking the table when deleting certificates.


X

CRED-10006Using search filter with filter value "empty" did not work in BatchSync. This is fixed now.
X

CRED-10010

Fixed a permission issue when displaying templates (e.g. available card templates for requests) in Smart ID Self-Service. All templates used to be visible in the combobox instead of only the ones the user has permission for.


X

CRED-10018

The "line break" checkbox in the Form designer didn't have any effect in Smart ID Self-Service. This has been fixed.


X

CRED-10063

BatchSync now allows to configure a separate skip policy for read process and write operations. Before only write operations could be addressed.


X

CRED-10135

Fixed inconsistency in CSV export (via Export Definition). Empty fields have been exported with quotes (""). This has been removed now to align with non-empty fields.


X

CRED-10146

Configuration Export failed in Identity Manager Admin, after a CA Configuration was uploaded. This has been fixed now.


X

CRED-10147

Improved error handling in the "Core Objects: Drop Relation" service task: empty task parameters could result in a misleading error message.


X

CRED-10163

Fixed behavior of multiple search buttons in combination with ObjectList component in a user form. Results from the different search buttons have been mixed up in the result lists.


X

CRED-10165

Encrypted field value got corrupted when using a mapping task to transfer the value from plain text fields. This is fixed now.


X

CRED-10175

Fixed an issue when signing and encrypting an email in Identity Manager. The signature is now also visible for the receiver if the email is encrypted.


X

CRED-10190

Configuration of predefined sorting in Search Config did only work for one sorting criterion. This has been fixed, multiple sorting criteria can be defined again in Identity Manager Admin.


X

CRED-10198Fixed behavior when displaying of passwords as images in Identity Manager Operator and Smart ID Self-Service.
X

CRED-10201

Fixed error handling in Nexus GO Card Configuration. Now a human readable error message is shown when the connection to Nexus GO API fails.


X

CRED-10216

Improved error handling for "extended error mode" in PKI card encoding. Certain exceptions (e.g. CAServiceException) where not handled correctly in the past.


X

CRED-10259

Fixed connection test to Messaging Server in Identity Manager Admin. Test button reported 'success' even if AuthenticationToken was wrong.


X

CRED-10278Fixed an issue in XML parsing of CardJob. PKI card encoding response with Smart ID Desktop App could result in an error.
X

CRED-10313

Fixed display of "hidden" secret fields in Smart ID Self-Service. The actual value was shown instead of "dots".


X

CRED-10323

Smart ID 20.11 now supports PostgreSQL databases version 11 and 12 in all components.

XXX
DA-6Corrected the MariaDB configuration string.X


DA-63

Added the extended attribute "Radius Status server supported" to the general Radius authentication method.

If the value is set to false, it means that the configured Radius server does not support "Status message packet", so that the policy service will not send any Server-Status check to the Radius server.

X


HAG-1304

Allow the user to login even if the 'Allow user not listed in any User Storage' is set to true and the user attribute property is set. This is resolved for Swedish Bank ID, Nexus GO, Open ID and Freja ID authentication methods.

X


HAG-1308

Fixed an issue where Smart ID Mobile App profile was not activated for a user after Self provisioning flow.
The profile shall be created in the self service even if the Personal authentication method is not enabled for a user, and the user should not be able to login using that authentication method.

X


HAG-1396

Fixed the display of message on the forgot password page to show Swedish characters.

X


HAG-2249

Removed the duplicate entries appearing in the Database dropdown after saving the Database Service settings.

X


HAG-2253

Fixed the output of well known config API to work with Google where Digital Access acts as the Identity Provider.

X


IDC-1437

Fixed error handling for duplicate entitlement assignments in Physical Access. Now the error is reported back if a duplicate assignment happens instead of just writing the result into the log.



X
IDC-1583

Fixed an issue when deleting a large number of entitlement assignments at the same time on MS SQL Server. The error was detected in SiPort Environment.



X
IDC-1626

Fixed an issue in the SiPort connector causing new profiles to be created (and not deleted anymore) in the Physical Access database before save has been triggered.



X
IDC-1692

Fixed a bug in RCO Connector when creating/ deleting users in RCO.



X
PMOB-2421Added validation to prevent empty userid in provisioning.


X
PRSM-69

Fixed changing card state of visitor cards if non-personal card is being assigned (visitor card remained active).


X

PRSM-82

Improved uniqueness check when doing card activation to enforce only one active card per employee. Not all cases where covered by the check previously.


X

PRSM-974

Fixed process for deactivating Contractor record in Smart ID Base package.


X

PRSM-1041

Added validation for duplicate entitlement assignment in Physical Access and improved user experience/error message during validation. 


XX
PRSM-1043

Fixed default permissions for creating company in Smart ID Base module.


X

PRSM-1044

Locking of temporary employee card when deactivating employee didn't work. This has been fixed now.


X

PRSM-1065

Fixed object relation handling when withdrawing non-personal card for Visitor.


X

PRSM-1077

Fixed provisioning of status to Physical Access component and corresponding PACS system when a Contractor gets reactivated in the Physical Access module.


XX
PRSM-1083

Fixed batch job for triggering renewal of Virtual Smart Cards in Digital ID.


X
X
PRSM-1088

Fixed an issue when activating an temporary employee card in Digital ID package.


X

PRSM-1093

Fixed wrong relation between employee and employee card when withdrawing non-personal card in Physical Access module.


X

PRSM-1095

Fixed activation of cards (that are in state 'issued') via Batch Order.


X

PRSM-1097

Fixed some labels/translations in Smart ID Self-Service (e.g. VSC provisioning).


X

PRSM-1103

BPMN fixes: changed several processes from "CoreObjectID" to "CoreObjectDescriptor" collections. the CoreObjectID is deprecated and didn't work anymore in several places (e.g. the Self-Service).


X

Release announcement

From this release, only Docker deployment is supported for the Smart ID components Identity Manager, Physical Access, Digital Access and Messaging. For full instructions, see Deploy Smart ID.

From Smart ID 20.11 and on, components now only have the Smart ID version number and not the different component version numbers. For information on previous releases, see Nexus Documentation Archive.

For details on the updated Smart ID configurations and deployment configurations, see here: 

 Smart ID configuration release note

Features

KeyDescription

DEVOPS-378

Simplified issuing of virtual smart cards and mobile virtual smart cards 

In the processes Provisioning certificate to virtual smartcard and Install certificates on mobile ID, the selection of certificates is now predefined with hidden fields in the form. The form to recover encryption certificates will appear, only if a service task found valid or active encryption certificates.

For more information, see: 

DEVOPS-416

Improved locking process for virtual smart cards and mobile virtual smart cards

In the processes Lock virtual smartcard and Lock mobile ID, the user must first enter a valid reason to revoke a mobile ID or a virtual smart card. If the object has a related encryption certificate, a check box is shown and can be checked to revoke the encryption certificate. 

For more information, see: 

PRSM-1085

New lookup table for countries

The data pool Country has been changed from an external data source to an internal data source, of the type lookup table.

PRSM-464

New process to create non-personal visitor card

A production method has been added, to produce a card directly after the definition of card requests.

 Smart ID deployment configuration release note

# RELEASE NOTES FOR SMARTID DEPLOYMENT CONFIG

All notable changes to this project will be documented in this file. Be aware that the [Unreleased] features are not yet available in the official tagged builds.

## [Release 23.10.7-24-10-10]

### Changed
- upgrade to Postgres 16 [CRED-17704]
- restart-all.sh detects whether sudo is needed for docker commands [CRED-18249]
- Updated prime-connectors to 2305.1.0 (based on Ubuntu 22.04) [CRED-13886]
- Corrected Hermod and Selfservice setup in WSL dev readme and the configuration. [CRED-17952]
- Changed Postgresql version to 14.12. [CRED-17538]
- Changed traefik version to 3.0.2. [CRED-17538]

## [Release 23.04.22-24-10-02]

### Changed
- upgrade to Postgres 16 [CRED-17704]
- restart-all.sh detects whether sudo is needed for docker commands [CRED-18249]
- Updated prime-connectors to 2305.1.0 (based on Ubuntu 22.04) [CRED-13886]

## [Release 23.10.6-2024-07-15]

### Added

### Changed
- upgrade to Postgres 16 [CRED-17704]
- restart-all.sh detects whether sudo is needed for docker commands [CRED-18249]
- Updated prime-connectors to 2311.1.0 (based on Ubuntu 22.04) [CRED-13886]
- Corrected Hermod and Selfservice setup in WSL dev readme and the configuration. [CRED-17952]
- Changed Postgresql version to 14.12. [CRED-17538]
- Changed traefik version to 3.0.2. [CRED-17538]

## [Release 23.04.19-2024-07-2]

### Added

### Changed

- Changed Postgresql version to 14.12. [CRED-17538]
- Changed traefik version to 3.0.2. [CRED-17538]


## [Release 23.10.2-2023-10-30]

### Added

### Changed
- Modified permissions of the 'certs' directory in init-smartid.sh to 755 (to allow Hermod to read the directory). [CRED-16526]
- Updated Prime Connectors version. [CRED-16153]


## [Release 23.04.7-2023-08-28]

### Added
- Added missing attestation key config to signencrypt.xml (fixes VSC). [CRED-16128]

### Changed

## [Release 23.04.5-2023-07-17]

### Added
- Added a readme-wsl-dev.txt how to setup SmartID Docker containers in a WSL environment. [CRED-15948]
- Added environment variable to docker-compose.yml of authentication service.

### Changed
- Restored environment references for Digital Access and Physical Access containers [CRED-15915]

## [Release 23.04.4-2023-06-30]

### Added
- Added restart-all.sh for easy stopping and starting of all containers or a subset of them. [CRED-15854]

### Changed
- The variable DOCKER_NETWORK_MTU has the default value 1500 now. You are not forced to choose between several options. [CRED-15854]
- When executing init-smartid.sh a message informs you about the current MTU value and when it is recommended to reduce it. [CRED-15854]
- The names of most of the docker containers start with "smartid-" by default. This prefix can be changed now via variable DOCKER_CONTAINER_BASE_NAME in file smartid.env. [CRED-15854]
- The hostname of the postgresql container now has the DOCKER_CONTAINER_BASE_NAME prefix as well.

## [Release 23.04.3-2023-06-23]

### Added

- Added AriadNext Connector Docker image. [CRED-14963] 
- Added file .gitattributes to make \*.sh and \*.env files always containing only LF instead of any CRLF. Fixed file datadog.env accordingly. [CRED-15795]

### Changed

- Escaped the ESC character (0x1B) in echo statements of shell scripts to avoid problems with Azure file preview and git diff output. [CRED-15795]


## [Release 23.04.2-2023-06-02]

### Added

### Changed

## [Release 23.04.1-2023-05-11]

### Added

- Added init-smartid.env to configure the docker network MTU. [CRED-14088 via CRED-15316]
- Added helperFunctions.sh and helperCreateLink.sh to be used by init-smartid.sh. [CRED-14088 via CRED-15316]

### Changed

- Replace deprecated docker network syntax in docker-compose.yml files. [CRED-14088 via CRED-15316]
- init-smartid.sh / stop-smartid.sh detect if docker needs sudo. [CRED-14088 via CRED-15316]
- init-smartid.sh now optionally removes files created by previous runs (postgres db, bootstrapped certs, etc). [CRED-14088 via CRED-15316]
- No explicit setting of env_file in docker-compose.yml files. [CRED-14088 via CRED-15316]
- Messaging database is now configured via MESSAGING_DB_URL var. [CRED-14088 via CRED-15316]
- stop-smartid.sh now uses the compose command "down" instead of "stop", which also removes the containers after shutting them down. [CRED-14088 via CRED-15316]

## [Release 23.04.0-2023-04-28]

### Added

- Added Workspace One Connector Docker image. [CRED-14215] 

### Changed

## [Release 22.10.0-2022-09-20]

### Added

- Added ContentProviderJWSSigner descriptor in signencrypt.xml. [CRED-12232]
- Added renewFromKeypairs.sh to renew end-entity certs.

  WARNING:

  - This only works if you (re-)bootstrap with the updated createca.sh, as the old version discarded data required for renewal.
  - Re-bootstrapping will invalidate any encrypted secrets and history signatures in IDM due to chaning the keys.
  - Re-bootstrapping will also overwrite the certificates and keys in the docker deployment folder, so make a backup first,
    so you can use the respective tools for re-signing and re-encrypting existing history/secrets.

### Changed

- automatically (re-)start mailhog
- fixed naming of traefik rules for mobile-iron
- Changed createca.sh to retain keypairs and CA metadata, so we can enable renewal (see above).
- Removed cRLSign attribute from ca.conf to avoid issues with failing CRL checks.
  NOTE: This only has an effect on newly bootstrapped CAs.

## [Release 22.04.0-2022-05-05]

### Added

- Added Mobile Iron Docker image. [CRED-11817]
- Added new properties for MI image in smartid.env. [CRED-11817]

### Changed

- Changed properties for Nexus GO Cards API V2. [CRED-12951]

## [Release 21.10.0-2021-11-09]

### Added

- Added Digicert Global Root CA certificate. [CRED-11688]
- Added some Let's Encrypt root certificates. [DEVOPS-971]
- Added documentation for maxProfiles option to hermod-conf.yml
- Added `.yamllint` file to set default YAML linting config. [DEVOPS-1085]
- Added volume mapping for logs folder in IDM and Self Service. [DEVOPS-403]
- Fixed cacerts folder permissions in init-smartid.sh script.
- Added support for docker compose v2 command in init-smartid.sh script.

### Changed

- New properties for CAAS credentials in smartid.env (placeholders must be replaced before using Nexus GO Cards). [CRED-11688]
- Fixed some copy issues in the init-smartid.sh script.
- Changed the default selfservice config to include auth methods params example.
- It is now possible to change IDM language settings via system properties. [DEVOPS-860]
- It is now possible to change Self-Service configuration via `CONFIG_JSON` environment variable. [DEVOPS-945]
- Fixed typo. [DEVOPS-1090]
- Replaced Self-Service `IDM_URL`, `INSTANCE_ID`, `IDM_TENANT` by `APPLICATION_YAML` json. [DEVOPS-1127]
- Set logging driver to json-file (the default one) for all containers explicitly [DEVOPS-1136]
- Fixed YAML format. [DEVOPS-1085]
- IDM and SelfService now support custom translations and do not require mapping the whole translation files again. See doc for more info. [DEVOPS-1118]
- Change Import Logger to correct class [DEVOPS-1143]
- Switched to new image naming for IDM
  - `nexus-prime/explorer` changed to `smartid/identitymanager/operator`
  - `nexus-prime/designer` changed to `smartid/identitymanager/admin`
  - `nexus-prime/tenant` changed to `smartid/identitymanager/tenant`
  - `nexus-prime/updatedb` changed to `smartid/identitymanager/updatedb`
  - `nexus-prime/ussp2` changed to `smartid/selfservice`
- Changed Smart ID version to 21.10.0

### Removed

- Removed Self-Service config.json file. [DEVOPS-945]
- Removed expired Let's Encrypt certificates. [DEVOPS-971]
- Removed translation files for IDM and SelfService. [DEVOPS-1118]

## [Release 21.04.0-2021-05-20]

### Added

- Default values for Selfservice tenant id and instance id. [DEVOPS-738]
- Added example format for MSSQL everywhere we build the DB URL (`${DBHOST}/${XX_DB_NAME}`) because MSSQL requires a different URL format. [DEVOPS-737]
- Include SANs from CSR in bootstrap TLS cert in `bootstrap/conf/ca.conf`.
- Generate tls certificate for non-treafik setup in `bootstrap/createca.sh`.
- Log4j2 config and template for json layout [DEVOPS-758]
- Datadog agent compose file, with some examples, see nexus and datadog documentation if you want to use it [DEVOPS-759]
- Added a check in `init-smartid.sh` that exits the script if user didn't fill the mandatory properties in `smartid.env` (thoose with <XX> value pattern). [DEVOPS-759]
- Added Physical Access Interflex PACS. [DEVOPS-752]

### Changed

- IDM DB will no longer be initialized through init-smartid.sh script. Initialisation has to be done manually by starting container in identitymanager/updatedb. [DEVOPS-739]
- Rename containers to use dash instead of underscore, so containerName can work for DNS lookup (underscore is not allowed in DNS names).
  WARNING! This can cause issues if you use the new config with existing containers using the old names!
- Align idm update db naming to use the name "updatedb" everywhere
  WARNING! This can cause issues if you use the new config with existing containers using the old names!
- Align digital access directory names with service names
- fix bootstrap cert folder permissions in init script
- Changed all HERMOD*\* properties to MESSAGING*\*. [DEVOPS-751]
- Moved each component's respective config into their own config folder. [DEVOPS-751]
- Made all volume mappings static in compose file, no more properties. [DEVOPS-751]
- Reorganized smartid.env to be split by component, making it easier to find component related properties. [DEVOPS-751]
- Internal ports (inside docker) are now static in the compose file. [DEVOPS-751]
- Moved postgres related properties outside smartid.env, because it is a separate tool not meant for production. [DEVOPS-751]
- Renamed service names in compose files to match their container name. [DEVOPS-751]
- Changed traefik version to 2.4.8. [DEVOPS-638]
- Changed file extension of generated certificates from `.base64` to `.cer`.
- Updated translation files for IDM. [DEVOPS-761]
- Updated Messaging config for 21.04 (Hermod version 3.1.1). [DEVOPS-802]
- Changed chmod command to give permission 700 instead of 600, because hermod needs execute permission.
- Updated SmartID version to 21.04

### Fixed

- Fixed typos in the strings that are echoed to the user during the initialisation. [DEVOPS-646]

### Removed

- Removed unused properties in smartid.env. [DEVOPS-751]
- Removed unused ports for Physical Access. [DEVOPS-752]
- Removed Physical Access config files. Configuration is now handled using environment variables. [DEVOPS-752]
- Removed TZ from all docker-compose files. Since it is set in `smartid.env` which is mapped using `env_file`, declaring the variable a second time in `env` was not necessary.

## [Release 20.11.2-2021-03-23]

### Added

- If you say Yes to the question if Digital Access shall be deployed in the host, it will make it possible for the containers to listen on 80 and 443. [DEVOPS-540]

### Changed

- Bump SmartID version to 20.11.2
- Updated IDM translation files with newer ones. [DEVOPS-561]
- Adjust volumes for hermod certificates. [DEVOPS-651]
- Removed Selfservice hotfixes introduced in previous release. [DEVOPS-626]

### Fixed

- Fixed tenant startup by removing mapped sign encrypt configuration, so it uses the default one from inside the container. Since IDM Tenant uses less certificates, the same config as IDM operator or admin cannot be used.[DEVOPS-640]
- Fixed the copy_files.sh script used in IDM operator, admin and tenant [DEVOPS-692] + [DEVOPS-656]

## [Release 20.11.1-2021-02-18]

### Added

- Added issuing and root CA certificates to IDM containers for config signing (These certs should NEVER be used for production). [DEVOPS-549]
- Added hotfix for SelfService -> IDM connection [DEVOPS-626] Has to be removed with 20.11.2+

### Changed

- Update sign-encrypt engine to the newest state. [DEVOPS-549]
- Update version number to 20.11.1

## [Release 20.11.0-2021-02-01]

### Added

- Added mailhog as tool in /tools/mailhog. The tool can be used to test to send emails in Digital Access and Identity Manager. [DEVOPS-482]

### Changed

- Set false on traefik network in the traefik, adminer and mailhog to be enabled in traefik by default. [DEVOPS-486]
- Changed file extension of generated certificates from `.crt` to `.base64`
- Changed so that identity manager Admin and Operator do not require signed configurations/modules for uploading and downloading them by default. [DEVOPS-515]

### Fixed

- Fix environment variable usage inside traefik config file. [DEVOPS-514]

## [Release 20.11.0-2020-12-22]

### Added

- Added support for selfservice branding. [DEVOPS-471]
- Added log4j volume mapping for idm containers. [DEVOPS-470]

### Changed

- Updated traefik version to 2.3.4 [DEVOPS-464]
- Renamed selfservice container from "idm_selfservice" to "selfservice".
- Renamed all environment variables starting with "IDM_SELFSERVICE_x" to "SELFSERVICE_x".
- Changed Hermod config to disable by default some end-points and to hide sensitive data in logs. [DEVOPS-484]
- Improved the `stop-smartid.sh` script to handle dynamically all docker-compose stop commands and to work regardless of where the script is called from.
- Improved the `init-smartid.sh` script to work regardless of where the script is called from.
- Improved the `createca.sh` script to work regardless of where the script is called from.
- Renamed `idm-selfservice-language.json` to `idm-selfservice-config.json`.

### Fixed

- Fixed volume mapping for selfservice tomcat server.xml by using a separate variable than identitymanager.
- Fixed French translations for IDM and Selfservice.

## [Release 20.11.0-2020-12-07]

### Added

- Added `postgres/init/init-smartid-databases.sql` so that Physical Access database is created when starting up postgres. The "pauser" is created, and a default password is set.
- Added LE CA Certificate to cacerts. [DEVOPS-455]
- Added AJP port variables in smartid.env and use them in identitymanager docker-compose files. Also added AJP Connector in `config/idm-tomcat-server.xml`, which has to be enabled manually (and port set accordingly). [DEVOPS-348]
- Add following new features to the identitymanager docker-compose files: [DEVOPS-406]
  - Support for new CA store volume mapping
  - Support for new system properties environment variable
  - Support for new DB properties environment variables
  - Support for new spring bean volume mapping. See `IDM_VOLUME_PATH_SPRING` in `smartid.env`.
  - Support for new jars volume mapping. See `IDM_VOLUME_PATH_LIBS` in `smartid.env`.
  - Support for new class files volume mapping. See `IDM_VOLUME_PATH_CLASSES` in `smartid.env`.
- Add following new features to the selfservice docker-compose file: [DEVOPS-406]
  - Support for new CA store volume mapping
  - Support for new IDM url environment variable
- Added adminer as tool [DEVOPS-407]
- Added maxVersion for TLS to be 1.2 due to compatibility issues with some mobile devices. [DEVOPS-413]

### Changed

- Changed smartid version to 20.11.0.
- Moved "/certs/boostrap" to "/boostrap".
- Changed postgres version in smartid.env from 9.6.18 to 12.5. [DEVOPS-431]
- Split identity manager containers into their own docker-compose files: [DEVOPS-382]
  - Added `identitymanager/admin/docker-compose.yml`
  - Added `identitymanager/tenant/docker-compose.yml`
  - Added `identitymanager/init-db/docker-compose.yml`
  - Added `identitymanager/operator/docker-compose.yml`
- Adapted `init-/stop-smartid.sh`, and paths inside `smartid.env` and some docker-compose files to fit new docker-compose yaml files. [DEVOPS-382]
- Change the ini-smartid.sh script to ask if traefik is going to be used as Ingress/proxy. [DEVOPS-408]
- Changed in `config/hermod-conf.yml` some values to <IDM-HOST-HERE> and <DA-HOST-HERE> on client samples.

### Removed

- Removed MSSQL from deployment package, since Physical Access now support postgres. [DEVOPS-448]
- Removed unnecessary variables in `smartid.env`.
- Removed identitymanager compose docker-compose file. [DEVOPS-382]
- Removed entrypoint definition from identitymanager docker-compose files. [DEVOPS-406]
- Removed pgAdmin and portainer and its variables from smartid.env. [DEVOPS-407]
- Removed modern and old options for tls in `config/traefik/traefik-tls.yml`. [DEVOPS-413]
- Removed TRAEFIK_TLS_OPTION from smartid.env. [DEVOPS-413]
- Removed identitymanager spring beans because we changed how handle them.
- Removed samples.

## [Release 20.06.1-2020-10-27]

### Added

- Added port forwarding to hermod container in the messaging docker-compose file.
- Added spring bean files for identitymanager in `config/idm/spring_operation` and spring_admin.
- Added translation files for identitymanager in `config/idm/translation_id`m and for selfservice in `config/idm/translation_selfservice`.
- It is now possible to enable Strict SNI using TRAEFIK_TLS_STRICTSNI=true

### Changed

- changed smartid version to 20.06.1.
- Changed HERMOD_DOMAIN_PREFIX from "mb" to "messaging".
- Changed the DB init/update script behavior, can be controlled with `IDM_DBUPDATE_SCRIPT` in smartid.env.
- Changed `traefik-tls.toml` file to YAML and used variables from .env file. Possibility to change TLS certificate file names TRAEFIK_TLS_DEFAULT_CERTIFICATE and TRAEFIK_TLS_DEFAULT_CERTIFICATEKEY.
- Improved the `init-smartid.sh` script.
- Moved seflservice to a separate docker-compose file.

### Fixed

- Fixed the jdbc url for `config/da-admin-customize.conf`.

### Removed

- Dropped `restart: always` for identittymanager init-db.
- Removed explicit DBHOST naming in `smartid.env` to force user to set its own value.

## [Release 20.06.0-2020-09-28]

### Added

- Added possibility to add custom-beans for IDM Operator and Admin, in `config/idm`.
- Added possibility to change translation for IDM Operator, Admin, Selfservice and Tenant.
- Added IDM_DB_QUARTZ example for MSSQL, Oracle and DB2.
- Added `container_name` for all containers in:
  - identitymanager/docker-compose.yml
  - traefik/docker-compose.yml
- Added docker hostname for postgresdb DB_HOST in `postgres/docker-compose.yml`, this will make test deployment work from start.
- Added docker hostname for mssqldb PA_DB_HOST in `mssql/docker-compose.yml`.
- Added `restart: always` to all containers. All containers will the start up after re-boot, if they have been started once before.
- Included SAML example files for IDM in `/samples/idm_saml`.

### Changed

- Changed smartid version to 20.06.0.
- Changed explorer/operator url in `idm-selfservice-application.yml`.
- Changed location of Identity Manager SAML samples files from `/docker/compose/examples` to `/samples/idm_saml`.
- Updated `init-smartid.sh`:
  - Now check if docker and docker-compose are installed, if not the script will exit.
  - Now asks if the deployment is a production deployment, if "Yes", the script will complete and deployment configuration can be done. If "No":
    - Ask if postgres and/or mssql shall be deployed and started.

### Fixed

- Moved comments in `smartid.env` file to be on a separate line instead of behind the value. This was breaking the applications since comments would be evaluated as part of the value.
- Fixed `init-smartid.sh` so that it works properly on CentOS.
- Fixed a typo for variable `IDM_DB_QUARTZ`.
- Fixed typo in idm-operator container in `identitymanager/docker-compose.yml`, in the path to the castore.jks.

## Removed

- Removed `init-smartid-test.sh`, it is included in init-smartid.sh.

Contact

Contact Information

For information regarding support, training and other services in your area, please visit our website at www.nexusgroup.com/

Support

Nexus offers maintenance and support services for Smart ID components to customers and partners. For more information, please refer to the Nexus Technical Support at www.nexusgroup.com/support/, or contact your local sales representative.

  • No labels