Release notes Digital Access component 6.6.0
Version: 6.6.0
Release date: 2024-02-29
Important information regarding support for ECC keys
Support for ECC keys (DA-22) was introduced in Digital Access 6.5.1, which caused a new defect in Digital Access that may prevent a successful upgrade. This defect is resolved in DA-1816 and will be included in Digital Access 6.7.0 and higher versions.
The defect can be identified in the logs, see the example log lines below:
2024-04-19 10:46:09 FATAL 1021478 "Could not create server certificate for 0.0.0.0:443"
2024-04-19 10:46:09 INFO 1330301 "Reverting to last saved configuration"
Workaround
If an upgrade needs to be done to a version >= 6.5.1 before 6.7.0, the workaround is to re-upload the encrypted private keys in PEM/Base64 format, for all Server Certificates. Make sure to have this prepared before starting the upgrade.
This release focuses mainly on supporting BankID version 6.0.
With this release, only BankID version 6.0 and higher versions will be supported.
Feature improvements
Jira ticket number | Description |
---|---|
DA-1753 | Secure Start is now mandatory with BankID version 6.0. Read more here: https://www.bankid.com/foretag/saker-start Also see https://nexusdoc.atlassian.net/wiki/spaces/PUB/pages/65354564 for more information. In order to cater to the requirements, the web UI field for entering personal number has been removed and will only have the authentication possible through animated QR code for Mobile BankID app. Same device will continue to work with auto-launch as before. If you have done customized branding, it is recommended to verify that the login flows work as expected before proceeding with the upgrade in production environments. The XPI over phone service however continues to support personal number flow. |
Corrected Bugs
Jira ticket number | Description |
---|---|
DA-1768 | There was an issue when trying to access the advanced tab of a tunnel set where the admin GUI threw an exception. This has been fixed. |
DA-1180
| Only attributes/claims from the last modified scope were visible in the well known configuration. This has been fixed to now show all the claims from the supported scopes. |
DA-1625 | Added a checkbox in Policy service global settings to enable/disable to block the GET requests on wsdl file. By default the wsdl is not blocked. |
DA-936 | Multi-valued variables like ‘memberOf’ were getting trimmed (upon receiving a semi-colon) in the request header in case of URL mapping. This is now fixed so all parameters in the variable can be sent across in the header. |
DA-1551 | Added a system property “com.portwise.mvpnms.identity.saml.engine.idp.skip_destination_check” to be set to 'true' in policy service customize.conf to ignore and log if the destination URL in the request does not match in the SAML response when Digital Access acts as IDP. |
DA-1665 | Added two system properties to configure the Referrer policy header for admin, policy and distribution service:
|
Copyright 2024 Technology Nexus Secured Business Solutions AB. All rights reserved.
Contact Nexus | https://www.nexusgroup.com | Disclaimer | Terms & Conditions