CRED-9952

Secret Fields comparator task

A new service task is introduced to validate secret fields. Two secret fields can be configured, the service task will check if the content is equal (e.g. to implement PIN/ password verification use cases). For more information, see: Standard service tasks in Identity Manager: under Process: Secret Fields comparator service task.

CRED-10342

Separate service task for certificate Windows Cert Store publication

Introduced a separate service task to publish certificates to Windows certificate Store via Smart ID Desktop App. Windows Cert Store feature was introduced already with the 20.11.0 release but needed to be configured via the virtual smart card (VSC) service task. Configuration via the new dedicated service task is more convenient.

For more information, see: Standard service tasks in Identity Manager: under Personal Messaging: Create Key on Windows Cert Store and Personal Messaging: Install Cert on Windows Cert Store.

CRED-10363

Extended EST and SCEP registration

the service tasks for EST and SCEP registration have been extended. Now any DN or SAN certificate attribute can be added to the registration request.

For more Information see: Standard service tasks in Identity Manager: under Certificates: Create SCEP order request and Certificates: Create EST order request.

CRED-10369

Possibility to write additional certificate on SITHS card

It is now possible to write an additional certificate on a SITHS card (Gemalto SIS EID IP1 profile) via the NetID v6.8.2.38_1992 middleware client. For more information, see: Encoding of SITHS cards with Identity Manager.

CRED-10387

Improved system performance for MS SQL environment 

The database field types in the tables ACL_CLASS and ACL_SID are changed from varchar to nvarchar. This improves the system performance on an MS SQL environment with a large database.

CRED-10419

Improved system performance for MS SQL environment

Added a computed column when using MS SQL Server in the CoreObject Table to improve performance on an environment with a large database.

PMOB-2701

Improved retry logic for SQL queries when lock exceptions occur.

DA-4

When Digital Access acts as Service Provider, it now accepts new lines in the SAML response from the Identity Provider.

DA-9

When the OATH DB config settings are changed, after publishing from admin there is no need to restart the Authentication service now. The service will apply the changes and connect to the new DB.

DA-15

Improved the user experience for callback (switching between browser and Smart ID Mobile App), in case of same device authentication for Smart ID Mobile App.

Added support for Android + Chrome and Firefox, iOS + Chrome, Safari and Firefox.

Known issues:

• Android + Firefox -> redirecting back to the browser not working but after switching manually, able to login.

• iOS + Firefox -> redirect works intermittently, sometimes it shows the auth method page and then clicking on PM same device authentication it logs in. 

DA-64

Fixed the issue of SAML session attributes getting lost when acting as SAML Proxy and entering different Policy services.

DA-65

Fixed the out-of-memory exceptions in the Administration service.

DA-85

Fixed an issue for restoring OATH database.

DA-135

Added ability to pass "tokenGroups" attribute in the SAML response when Digital Access acts as an Identity Provider.

DA-151

Removed the Contact link from the login page footer. In case it needs branding, the link can be added to the bottom.html page under includes/login folder.

CRED-10163

Fixed the behavior of multiple search buttons in combination with ObjectList component in a user form. Results from the different search buttons have been mixed up in the result lists. The ticket was reopened again after 20.11.0 and another error fixed in 20.11.1.

CRED-10321

Improved error handling in PGP publication task: the error is now caught and handled properly if the provided serial number does not exist.

CRED-10349

When encoding certificates on a smart card, that were issued by the D-Trust connector, the intermediate certificate could not be written. This has been fixed.

CRED-10393

Fixed a memory leak in handling of cached connection in the PKI connector to Certificate Manager.

CRED-10394

The CSV import service task (that is, client-side file upload) did not build the CoreObject DescriptorList correctly after import, which is needed for example for further processing in multi-instance tasks. This has been fixed.

CRED-10420

Corrected logging of errors in REST interfaces of Identity Manager. Previously, a number of HTTP 500 errors have not been reported correctly into the logfiles. This has been fixed.

CRED-10434

Fixed upload functionality for server-side Card SDK license in Identity Manager.

CRED-10462

Removed data type "long" on data pool configuration in Identity Manager Admin. This was accidentally added as a new type with 20.11.

CRED-10475

Improved error handling of change state task when an invalid state transition is done. The error can now be handled in the BPMN process.