CRED-10812

Improved ActivitiCleaner performance

By adding additional DB indices, the performance of the ActivitiCleaner is improved. Especially when running on large databases.

CRED-10835

Allow override of predefined filters in search task

When using a search config that contains predefined filter values in the "Execute Search" service task, it is now possible to override the predefined values with new values in the service task. 

CRED-11249

Support for certificates with multi-value SAN attributes for login

Improved certificate-based login implementation. It is now possible to log in with certificates that have a multi-value SAN attribute, for example, multiple email addresses or multiple User Principal Names (UPNs), in the certificate. The login process will iterate through the values until one has a unique match to a user.

DA-573

Ansible way of deployment for Digital Access

It is now possible to deploy a fresh instance of Digital Access using Ansible in RHEL 8 with Podman as the containerization tool. See here for more information: Deploy Digital Access on RHEL 8 using Ansible and Podman.

IDC-1825

Flag added to log SCIM API requests

A flag (PA_DEBUGLOG) has been added to log SCIM API requests to help debugging if an Identity Manager request is not correct. By default this flag is set to False so that it doesn’t log all the request data when not necessary. The flag is defined in the smartid.env file. Set the flag to True if required.

DA-21

In case of SAML, if the users logged after a certain time period, they where redirected to the access point portal instead of to the SP resource. This has now been fixed.

DA-163

Added connection timeout and read timeout for BankID and Freja eID. 

The default values can be modified by setting the java properties:

• Dcom.httpclient.connection.timeout=2000

• Dcom.httpclient.readwrite.timeout=5000

DA-193

Fixed Null pointer exception when doing SAML authentication with forceAuthn enabled.

DA-522

Fixed Null pointer exception when user session does not exist.

DA-532

Due to a thread crash, session cleanup activity gets interrupted in the policy service and eventually all the limit of concurrent session got exhausted. Fixed the null pointer exception in timer manager thread.

DA-535

Sign message for SAML request is now getting passed to IDP when Digital Access acts as a proxy.

DA-598

Fixed the null pointer exception when Hermod gives a callback to Digital Access for expired profile.

DA-466

Added missing security headers in access point, admin, policy and distribution services. Added CSP header to be configurable.

DA-418

Updated online help for SAML "Use latest used authentication method".

IDC-1843

EntitlementAssignment gets deleted when the same entitlement assignment is deleted and added again. This has been fixed.

IDC-1856

Filters on groups were not working as expected. This has been fixed.

CRED-10280

Improved error handling in BPMN History cleanup. When an error occurs, the cleanup job will no longer be interrupted. Instead it will continue with the rest of the cleanup.

CRED-10535

When creating new records via the (client-side) CSV import task, the object history entries were not always updated. This has been fixed.

CRED-10693

Fixed an issue when adding Expressions, (for example OR or RegEx), dynamically via a data map into an unequal filter in the search config.

CRED-10798

When uploading CSV files on the client-side via the upload button, empty lines in the CSV files were misinterpreted and this could lead to wrong results in the system. This has now been fixed by ignoring empty lines.

CRED-10833

When running the ActivitiHistoryCleaner background job, open "CallActiviti" instances was missed. This has now been fixed by including the CallActiviti instances in the clean-up.

CRED-10932

Fixed an issue when executing multi-level searches in batch orders.

CRED-10977

Fixed an issue when enrolling certificates on mobile app or Virtual Smart Card (VSC) in combination with Microsoft ADCS (missing key size parameter). 

CRED-11001

When doing concurrent Smart card production in multiple Identity Manager Operator clients, the system could run into an error due to concurrency. This has been fixed.

CRED-11022

Fixed an issue when validating date fields with "not before" condition in user forms.

CRED-11053

Fixed an issue about authentication profiles in the Identity Manager (IDM) migration tool.

CRED-11058

When logging in with SAML, the IP address of the client was not added to the user context, as it is done for other authentication profiles. This has been fixed. Now the client IP address is also available with SAML.

CRED-11071

Fixed logging in Microsoft ADCS PKI connector when getting concurrent requests.

CRED-11087

The searches behind search buttons got executed immediately in Smart ID Self-Service. This could cause issues when getting large search results. This has been fixed. Now the search needs to be executed manually by the user, to enable filter criteria to be entered and thereby limit the search results.

CRED-11243

Smart ID Self-Service always showed binary objects as if they had content, even if an object was empty. This made it impossible to differentiate between binary fields with and without content in the Smart ID Self-Service UI. This has now been fixed.

PMOB-3177

Keep-a-live is set in seconds in the configuration, but must be returned in milliseconds in the code. This was not working correctly and is now fixed.

PMOB-3178

Configuration refresh using the actuator/refresh endpoint and remote HermodCfgServer polling at the same time was not working. This is now fixed.

PMOB-3183

Handling job distribution when scaling down number of instances from 2 to 1 was not working in a correct way. This is now fixed.

DEVOPS-1230

copy_files script is broken in 21.04.2

When restarting Identity Manager Admin or Identity Manager Operator, the container won't be able to restart and log an error "java.nio.file.FileAlreadyExistsException". The workaround in this case is to recreate the container instead of just restarting it. This can be achieved by running the command "docker-compose up -d --force-recreate".