CRED-10409

Improved caching in Self-Service and Operator

The caching mechanism of configuration data (such as BPMN process lists and template config) has been extended in order to improve response times, especially in scenarios with complex configuration and high load on the system.

CRED-10773

Evaluate SAML authentication context

For SAML, an extra layer of security has been added by limiting the role assignment based on authentication method. By mapping authentication methods to roles, you will restrict a user of certain roles depending on the authentication method used to log in. This is done by evaluating the information in the extension "Authentication Context Reference" in Identity Manager. For example, a strong authentication can be enforced for certificate issuing or renewal processes. See Set up authentication profile in Identity Manager for more information.

CRED-11550

Improved user experience when opening objects in Self-Service

When you open Cards, Certificates, Identities etc. in Self-Service, there is often just one item available in the sub-menus and result lists (for example, "my cards" filter, or just one person or card object in the list). To improve the user experience, the Self-Service now automatically opens the respective sub-item, if there is just one item available, to reduce the necessary clicks.

CRED-11570

Reduced configuration upload time

The waiting time while uploading a new configuration in Identity Manager has been reduced by changing a logging parameter in the docker-compose configuration.

CRED-11622

Keep aspect ratio in Self-Service photo edit

When you upload and edit a photo in Self-Service, you can keep the aspect ratio of the photo when you crop or resize the photo. See Edit photo in Smart ID Self-Service

CRED-11754

Log4j configuration improved

The configuration of Log4j now also allows to configure the process-tracker logging without restarting the application.

CRED-11823

Integrated new Nexus GO Cards platform

The Nexus GO Cards service has been updated with a lot of improvements. One significant change is that Nexus GO Cards now uses Nexus Card SDK for printing and encoding cards. This means that from now on, you can use the same encodings and the same card layouts for both local card production and the Nexus GO Cards service. See Set up Nexus GO cards layout template for Identity Manager.

CRED-11844

Improved search configuration response time in Identity Manager Admin

Earlier, when you had many search configurations set up in Identity Manager Admin, it could take some time to load the list of search configurations. This has been improved to ensure that even a long list of search configurations can be displayed and edited quickly.

CRED-11864

Decoupled verification and deletion of history entries

The verification and deletion of history entries are now separated into two independent jobs. This means, that you do not have to verify history entries before you delete them. This helps, especially if you have large object histories, to significantly reduce the execution time of the delete job. Read more here: Upgrade Smart ID Identity Manager from 21.10 to 22.04 and here: Chained signature for object history in Identity Manager.

CRED-11946

Legacy Kaba Exos integration removed

An updated standard integration of Kaba Exos has been released in Physical Access. Therefore, the old native Identity Manager integration of Exos is obsolete and has been removed. All Physical Access use cases will now be handled in the standard Physical Access way. If you use DormaKaba Exos integration, switch to the updated DomaKaba Exos connector in the Physical Access component. Read more here: Set up integration with Dorma Kaba Exos.

CRED-11947

Switch to new SQL dialect

The SQL dialect implementation has been updated to improve the performance on the MS SQL Server.

CRED-11988

Revised database indices

Some database indices in the Identity Manager database schema have been added and modified to improved the overall system performance. This is based on experiences in customer case.

CRED-12107

Improved translation cache

The cashing mechanism for translation of configuration items has been improved, to shorten response time when pages are loaded in the Identity Manager applications.

CRED-12199

Obsolete Log4j v1 library removed

Obsolete Log4j v1 library has been removed. 

CRED-12219

Revised web.xml configs

To improve the standard hardening of the Identity Manager applications, the default servlet configuration, http filtering, etc. have been reviewed and cleaned up in the respective web.xml files in the standard container images.

CRED-12354

Introduced "create GUID" service task

There is a new service task in Identity Manager that can create random GUIDs, which can be used for any purpose in the customer projects. See "Generate Random GUID into Data Map Field" in Miscellaneous standard service tasks in Identity Manager.

CRED-12562

Support for Certificate Manager 8.5

Identity Manager now supports the latest version of Certificate Manager: 8.5.

CRED-12770

Enhanced drop-down lists in search service task config

When configuring a search service task in a process, the available search configurations in the drop-down list were displayed only with the translated name, which is not necessarily unique in the system. Therefore it might be difficult to differentiate the search configurations. For that reason, the (unique) symbolic name was added as well to the drop-down list.

CRED-12792

Updated logos

The Identity Manager Operator, Identity Manager Admin and Self-Service components in Smart ID 22.04 now show the new Nexus IN Groupe logo.

DEVOPS-1328

Extended "Load Entity" service task

The (already existing) standard service task "Process: Load Entity" has been updated. The task can now also refer to data of the authenticated user (via the ${user.*} attributes). Also, the data pool files that will be loaded can be limited, target name in the process map can be influenced, and assigned roles can be loaded as well. Read more in "Process: Load Entity" in Process - Standard service tasks in Identity Manager.

DEVOPS-1352

"Drop Relations" task improved

The (already existing) standard service task "Core Objects: Drop Relations" got an additional parameter to easily drop all existing relations to a certain data pool. See "Core Objects: Drop Relations" in Core Objects - Standard service tasks in Identity Manager.

DA-682

Change and reset password functionality added for OpenLDAP

Added feature to be able to change and reset the OpenLDAP password for a user. This will work if the 'Active Directory Change password' is enabled in the license along with the 'Password Reset' feature. The user can now change or reset their OpenLDAP password if the feature is enabled.

The system property 'com.portwise.authentication.openldap.dn' is added in customize.conf with a default value of 'dc'. Change the value if required, based on your domain component.

DA-750

Support of animated QR codes for Bank ID v5.1

Added support of animated QR codes for Bank ID v5.1. Digital Access 6.2.0 or above implements Bank ID API v5.1 and will not support Bank ID v5.0 APIs after upgrading to any version above 6.2.0. See Swedish national eID - BankID and Mobile BankID for more information.

IDC-1910

Migration of PACS connectors to .net 6 framework

Migrated all PACS connectors to .net 6 framework.

CRED-5981

There was a multi-user issue when downloading the Identity Manager configuration on two clients at the same time. This has been fixed.

CRED-8072

Fixed handling of static multi-line texts in user forms.

CRED-8657

Previously it was necessary to set two parameters in system.properties to deactivate the quartz scheduler. This has been changed. Now it is enough to set "quartzScheduler.enable=false". See List of Identity Manager system properties.

CRED-9567

The service task to fetch Nexus GO order status did not handle BPMN error boundary events. This has been fixed so that the boundary events are working as well.

CRED-10052

The assignee of an open task was not shown for some authentication types (for example LDAP), in the process list of the core object details view. This has been fixed. The user is now visible for all authentication types.

CRED-10053

There was an issue where the process start date was not displayed in the open task list of the core object details view. This has been fixed.

CRED-10119

When running Self-Service on small screens (for example a mobile phone), it was not possible to minimize the menu when having long texts in the menu. The user experience has now been improved and corrected for small devices as well. 

CRED-10344

There was an issue where an exception was thrown when an "Action" was selected before selecting a Search Config, in the BatchSync configuration. This has been fixed.

CRED-10492

There was an issue when using the "delete" button in the core object details view, where the corresponding process behind the button did not load the core object data into the process list. This has been fixed.

CRED-10577

Fixed usage of "*" wildcards in search filters.

CRED-10669

There was an issue where the "Extended Search" in Identity Manager Operator did not fill up the whole result grid in some cases and left some rows empty. This has been fixed. Now all available rows are used for the search results.

CRED-11013

There was an issue where the "execute search" task did not return a correct CoreObjectDescriptorList to the process map in some cases. This has been fixed.

CRED-11319

There was an issue where the BPMN-history cleaner missed some records, such as orphan sub-processes. This has been fixed.

CRED-11417

There was an issue when closing a user form with an expired timer-boundary event, where an unclear error message was thrown. The error handling has been improved so that the user gets a clear message that the task has been closed in the background.

CRED-11810

Fixed multi-level search with filter values for batch orders.

CRED-11927

There was an issue in Self-Service, when using filters in form-based searches, where the "OR" command in the filter was ignored. This has been fixed.

CRED-11961

Fixed icon display of "help" links in Identity Manager Operator.

CRED-11995

When pushing certificates from Certificate Manager to Identity Manager via distribution rule, while Maintenance mode was activated, an unexpected error was thrown. The error handling has been extended and a correct (HTTP 403) error code is returned.

CRED-12072

Fixed setting initialization values from number ranges in Self-Service user forms.

CRED-12197

The behavior of searches on Boolean values in "additional data pool fields" was not consistent when fields were empty. This has been fixed.

CRED-12223

When using predefined read-only filter values in search forms in Self-Service, the filter values were editable. This has been fixed so that the corresponding values appear read-only.

CRED-12253

There was an issue where forcing block PIN after smart card encoding only worked for card profiles that allow 4-digit PINs. This has been fixed so that cards with any PIN length can be blocked right after the encoding.

CRED-12254

Fixed translation of symbolic names, (for example template names), in search result lists. Now translated texts are shown.

CRED-12367

There was an issue where Self-Service user forms did not respect the mandatory flag when a field had a drop-down list. This has been fixed so that user entry is also enforced for fields with drop-down lists.

CRED-12423

When using a pre-configured search filter on "meta-fields" (such as status or core template), the search execution could throw an exception. This has been fixed.

CRED-12485

There was an issue where loading data of the authenticated user in a post-login process, returned data of the technical pre-authentication user instead of the real user. This has been fixed. The correct user data is now returned.

CRED-12514

Improved response time when opening Core Template Dialogs (Cards, Identities, Certificates etc.) in Identity Manager Admin. 

CRED-12797

Fixed an issue in the object history signing and verification job.

DA-816

Removed the "Download as pdf" option in Reports to remove iText vulnerable version dependency.

IDC-2010

There was an issue in RCO M5 Admin API PACS system where some optional user fields from RCOM5 were not mapped in userfieldmappings. This has been fixed.

IDC-2011

There was an issue in Sipass PACS system where the user validity was not mapped to Physical Access database fields when the user was exported. It was using default values instead. This has been fixed so that the user validity is mapped if present. If not present, the system will use the default validity.

IDC-2013

In RCO M5 PACS system, the ssn field is made optional. The user can now decide to only map the ssn if required using userfieldmappings.

PMOB-3462 

Updated Spring Boot to ensure that it is not affected by the Spring4Shell vulnerability. See also Spring4Shell Vulnerability.