CRED-9564

Modify attributes in uploaded Pkcs#10 requests

A new service task is added that allows to modify attributes of an uploaded Pkcs#10 certificate request when using Nexus Certificate Manager as PKI. Read more here: Standard service tasks in Identity Manager: "Cert: Execute Modified PKCS10 Request"

CRED-9697

More attributes can be extracted from X.509 certificates

Extended standard service task for X.509 certificate attribute extraction. Now also keyType, keyUsage, extKeyUsage, hashAlgorithm, cdpUrls and ocspUrls can be extracted from the certificates. Read more here: Standard service tasks in Identity Manager: "Cert: Extract Certificate Attributes".

CRED-9802

Change the secret fields encryption keypair with command line tool

Certificate rollover/re-encryption of encrypted fields in the Identity Manager database can now be done with a corresponding command line tool. Read more here: Change Encryption key of secret field store.

CRED-9829

Improved authentication in Smart ID Agent

The Smart ID Agent now also supports authentication via client certificate. Read more here: Smart ID Agent (DataSyncProxy) in Identity Manager and here: Access local services from Identity Manager in the cloud.

CRED-9865

Logging for SAML has been extended

Extended logging for SAML authentication process on log level INFO.

CRED-9886

Loading latest encryption certificate from LDAP

A new standard service task is added that allows to retrieve the latest encryption certificate for a certain user from an LDAP directory. Read more here: Standard service tasks in Identity Manager: "Process: Search the newest Encryption Certificate".

CRED-9961

Extended logging

Extended logging for Certificate REST API (aka Autoenrollment).

CRED-9988

Introduced the Hybrid Profile concept

A new "hybrid profile" option was added to the VSC use cases, supporting both TPM (and as fallback) Windows certificate store provisioning. Read more here: Read more here: Standard service tasks in Identity Manager: "Personal Messaging: Create key on VSC and Install cert on VSC".

CRED-10106

Improved language selection in Smart ID Self-Service

A language selection is added to the Smart ID Self-Service screen, which is available after login as well. So, users can now select the language before authentication but also at any time when they are working in the Smart ID Self-Service.

CRED-10118

Improved user experience for smart card encoding

In Smart ID Self-Service, when encoding smart cards via Smart ID Desktop App, the user experience and error handling has been improved. No need to do an additional "Next" click after encoding, and the self-service screen is locked so that you can't accidentally switch the page.

HAG-856

Core dump files are enabled by default

Previously, core dump files for the Access Point where not enabled by default. This had the disadvantage that a crash was not recorded at the first occurrence. This setting is now enabled by default.

HAG-1827

Support for Freja Organisation eID

With Digital Access you can now use Freja Organisation eID for authentication. This was integrated in the existing Freja authentication method. Furthermore, it is now possible to request user attributes from Freja together with the authentication. For more information, refer to the help pages of the Freja authentication method in Digital Access Admin. See also Freja eID in Digital Access and Set up Freja eID authentication in Digital Access.

HAG-2210

Digital Access complies with changes of Swedish eID framework specifications

Digital Access will no longer require a -sigmessage in the authentication context in order to display the signing message to the user. 

Furthermore, a new attribute signMessageDigest was introduced in the response sent by Digital Access to prove that the signing message has been displayed to the user. Read more here: Use authentication methods in Digital Access for signing over SAML.

PMOB-1866

Added support for UVID command for allowing a collaborating service to update visual data for an existing mobile virtual smartcard (profile) on the device.

PMOB-2234

Added support for HTTP 308 (MOVE) per client, in order to simplify migration of users from one system to another.

PMOB-2272

Added support for Prometheus scrape in order to get metrics.

PMOB-2332

Added support for the option deletereader in the delete command, that can be true or false and controls if the virtual smart card shall be deleted or not when the profile is deleted.

PMOB-2385

Adding metrics for each client call to the command api, to be able to measure how much different clientIds use the system.

CRED-8776

Fixed an issue around state selection in the search filters when using a multi-level search in the Extended Search view. Wrong states were displayed in that case.

CRED-9379

Fixed a security flaw when concurrent SAML authentication is done on a multi-tenant system.

CRED-9528

Fixed the error handling in SAML configuration: if password for the uploaded certificate key store is wrong, now a correct error message is shown.

CRED-9537

Fix for disabling REST APIs which were still active while Identity Manager was in maintenance mode.

CRED-9578

Fixed rendering of line breaks in translated labels for Self-Service.

CRED-9686

Fixed an issue in Batch Order: when opening an existing order, removing one item of the objects in the order list didn't work.

CRED-9724

Security fix for JUEL expression language.

CRED-9761

Avoids an unwrapping private key error with PKCS#12 files by repackaging.

CRED-9763

Updated "jetty" library to a newer version to fix known vulnerabilities.

CRED-9775

Fixed handling of empty serial number value in standard service task for SCEP registration. Now the empty value is send to Certificate Manager instead of "null".

CRED-9792

Fix for ActionExceptions, showing resource tags instead of translations in the UI.

CRED-9839

Fixed an issue in the cookie handling of Self-Service (failed authentication) when having a lot of data (e.g. via additional fields) in the user record.

CRED-9854

Fixed display of username and IP address in in object history (was not shown anymore).

CRED-9874

Fixed a displaying issue with text fields in Identity Manager, Admin and Tenant.

CRED-9876

Fixed field validation for read-only fields in user forms for Self-Service.

CRED-9898

Fixed starting BPMN process in BatchSync when no target core template is selected.

CRED-9905

Solves an issue with the DB Updater failing on Oracle DBs with multiple Identity Manager schemes.

CRED-9947

Solves a NullpointerException with BatchSync.

CRED-9959

When reloading a form that contains validation rules on a date field, a second time in Smart ID Self-Service it was not displayed correctly. This has been fixed now.

CRED-10084

Fixed error handling for smart card encoding in Smart ID Self-Service when canceling the PIN dialog. The error is now thrown correctly in the extended error mode and can be handled via a corresponding boundary event in the BPMN process.

HAG-1787

No user details are available in Freja over XPI.

HAG-2160

If Distribution Service is down, Administration Service does not come up.

HAG-2184

Template Not Found warning appears in admin system log for Freja authentication method.

HAG-2187

Display Name attribute is not loading correctly when using Freja or OpenID Connect authentication method.

HAG-2206

Upgrade to Digital Access version 6.0 failed caused by Distribution Service.