CRED-13703

Extended keyboard navigation in Self-Service

It is now possible to switch between different sub areas in Smart ID Self-Service, for example "What do you want to do?" and "Open Tasks", by using the Tab key. See Smart ID Self-Service for more information.

CRED-13841

Support for cards with signature slot

Added support for cards with signature slot. See Use Signature slot in Identity Manager for more information. Also see section "Support for cards with signature slot" in Encoding using Gemalto/SafeNet/Thales middleware in Identity Manager and Encodings using Personal Desktop Client middleware in Identity Manager for more information. 

CRED-13989

Minidriver admin keys on TCOS cards

Management of Minidriver admin keys and corresponding challenge-response mechanisms for TCOS3 and TCOS4 cards, in combination with TCOS middleware, is now supported.

CRED-14069

Delete mobile ID profile

A new service task called "Mobile App: Delete Profile" is implemented in Identity Manager to be able to delete a Mobile ID profile. See section "Mobile App: Delete Profile" in Smart ID Messaging - Standard service tasks in Identity Manager for more information. 

CRED-14151

Batik libraries removed 

All Batik libraries are removed for Smart ID 22.10.2 to mitigate CVE-2022-40146, CVE-2022-38648 and CVE-2022-38398. 

CRED-14380

SignPIN instead of PIN2

In encoding encryptions both "signPIN" and "PIN2" were used to represent the signature PIN. Now only "SignPIN" should be used for consistency. However, PIN2 still works for backwards compatibility. 

CRED-14770

Smart ID version 22.10.2 comes with Tomcat v9.0.71

Addressing the vulnerability CVE-2022-45143: The latest available Tomcat version is always used in the Docker images for Smart ID.

DA-470

Added a third option (None) for the auto-linking accounts notifications section. Selecting None will not send any notifications when the user accounts are auto-linked by Digital Access.

DA-911

UX improvements while publishing the changes to services in Digital Access. It is now possible to see the status of each service while it is waiting to connect and the updates once it gets successfully published. The Publish button will change color to gray during the publish progress.

DA-1149

Added support to bridge network for Smart ID deployment in case of distributed or High Availability (HA) setup. For more information about configuring high availability or distributed architecture, see Set up high availability for Digital Access deployment (bridge network).  

DA-940

Ability to add LoA translation groups. LoA translation groups define the conditions when to convert the AuthNContextClassRef in the SAML response to a new value. For more information, see Set up SAML authentication context in Digital Access. 

DA-1156

Added a Listen on all Interfaces checkbox for administration service to support bridge network. This checkbox should be selected only while using the bridge network.

CRED-13224

There was an issue where search configurations over more than one level could not be filtered on the target datapool. This has been fixed.

CRED-13862

There was an issue when trying to load a Nexus GO Cards layout when the server had been running for a while, and a "401 unauthorized" error was shown. This has been fixed. 

CRED-13983

On a search added to a form you can optionally apply a mapping. There was an issue where the whole object was added to the map instead of only the mapped data. This has been fixed.

CRED-14086

There was an issue where initialization values for hidden fields were not written into the process map. This has been fixed.

CRED-14093

"Batch sync" was renamed to "Scheduled Jobs" in Smart ID 22.10. This change is now also reflected in the Smart ID Workforce modules overview.

CRED-14166

There was a typo in one of the parameters in the "Core Objects: Check Relation" service task (delegate expression "checkObjectRelationParametrizedTask") where "destionationDataPoolName" was changed to "destinationDataPoolName". 

CRED-14287

There is a new error type for BPMN for the service task Execute PKCS10 Request. See section "Cert: Execute Modified PKCS10 Request" in  Certificates - Standard service tasks in Identity Manager. 

CRED-14311

There was an issue where searches in data sources like Card History Entries, Identity History Entries, Certificate History Entries etc. did not work as expected. This has been fixed.

CRED-14347

There was an issue where jobs that were not enabled were not shown in the Admin page in Identity Manager Operator. This has been fixed.

CRED-14444

In Smart ID Self-Service, some error messages were not shown in the language selected by the user. This has been fixed.

CRED-14470

There was an issue in Identity Manager Admin with selecting an LDAP Object from a form search. After selecting the object and clicking Next, an error message occurred. This has been fixed. 

DA-716

Upgraded SMTP plugin to javax.mail 1.6.2 to support TLS 1.2.

DA-913

There was an issue where an unintentional authentication-loop occurred when Nexus Digital Access acted as IDP-proxy for two federations. This has been fixed.

DA-923

There was an issue where an incorrect content-type for JPG caused Internet Explorer (and Intune for Linux) to prevent loading Personal mobile authentication images. This has been fixed.

DA-930

Upgraded some libraries to fix a few detected vulnerabilities. 

DA-1027

There was an issue where the user accounts selection was not retained after saving roles in the delegate management. This has been fixed.

DA-1127

Added documentation around Personal desktop in the help section for the authentication method.

IDC-1860

Fixed critical vulnerabilities in the libpcre2-8-0, libssl1.1, and zlib1g libraries.

IDC-2182

Enhanced support to run multiple instances of maintenance service on the same RabbitMQ server for different deployments, for example, running maintenance service for QA and UAT on the same RabbitMQ server.

IDC-2210

Improved the overall performance of RabbitMQ and PACS connector services by refactoring the RabbitMQ library.

IDC-2249

Fixed issues in the data migration process for the KabaExos connector service.