Document toolboxDocument toolbox

Release notes Digital Access component 6.6.0

Version: 6.6.0

Release date: 2024-02-29

Important information regarding support for ECC keys

Support for ECC keys (DA-22) was introduced in Digital Access 6.5.1, which caused a new defect in Digital Access that may prevent a successful upgrade. This defect is resolved in DA-1816 and will be included in Digital Access 6.7.0 and higher versions.

The defect can be identified in the logs, see the example log lines below:

2024-04-19 10:46:09 FATAL 1021478 "Could not create server certificate for 0.0.0.0:443"

2024-04-19 10:46:09 INFO 1330301 "Reverting to last saved configuration"

Workaround

If an upgrade needs to be done to a version >= 6.5.1 before 6.7.0, the workaround is to re-upload the encrypted private keys in PEM/Base64 format, for all Server Certificates. Make sure to have this prepared before starting the upgrade.

This release focuses mainly on supporting BankID version 6.0.

With this release, only BankID version 6.0 and higher versions will be supported.

Feature improvements

Jira ticket number

Description

DA-1753

Secure Start is now mandatory with BankID version 6.0. Read more here: https://www.bankid.com/foretag/saker-start

Also see https://nexusdoc.atlassian.net/wiki/spaces/PUB/pages/65354564 for more information.

In order to cater to the requirements, the web UI field for entering personal number has been removed and will only have the authentication possible through animated QR code for Mobile BankID app. Same device will continue to work with auto-launch as before.

If you have done customized branding, it is recommended to verify that the login flows work as expected before proceeding with the upgrade in production environments.

The XPI over phone service however continues to support personal number flow.

Corrected Bugs

Jira ticket number

Description

DA-1768

There was an issue when trying to access the advanced tab of a tunnel set where the admin GUI threw an exception. This has been fixed.

DA-1180

 

Only attributes/claims from the last modified scope were visible in the well known configuration. This has been fixed to now show all the claims from the supported scopes.

DA-1625

Added a checkbox in Policy service global settings to enable/disable to block the GET requests on wsdl file. By default the wsdl is not blocked.

DA-936

Multi-valued variables like ‘memberOf’ were getting trimmed (upon receiving a semi-colon) in the request header in case of URL mapping. This is now fixed so all parameters in the variable can be sent across in the header.

DA-1551

Added a system property “com.portwise.mvpnms.identity.saml.engine.idp.skip_destination_check” to be set to 'true' in policy service customize.conf to ignore and log if the destination URL in the request does not match in the SAML response when Digital Access acts as IDP.

DA-1665

Added two system properties to configure the Referrer policy header for admin, policy and distribution service:

  • ”com.portwise.core.tomcat5.config.referrerPolicyEnable” (set to true by default)

  • “com.portwise.core.tomcat5.config.referrerPolicyValue” (set to no-referrer by default)

 

Copyright 2024 Technology Nexus Secured Business Solutions AB. All rights reserved.
Contact Nexus | https://www.nexusgroup.com | Disclaimer | Terms & Conditions