Release note Smart ID 21.04.2
Version: 21.04.2
Release Date: 2021-09-14
The Smart ID 21.04.2 release provides updates in Identity Manager, Self-Service, Digital Access and Physical Access. Messaging provides minor improvements and bugfixes only. All components also provide several bugfixes and library updates to ensure high quality and security.
Smart ID compatibility
Detailed feature list
Features
Jira ticket no | Description | Digital Access | Identity Manager & Self-Service | Physical Access | Messaging |
---|---|---|---|---|---|
CRED-10812 | Improved ActivitiCleaner performance By adding additional DB indices, the performance of the ActivitiCleaner is improved. Especially when running on large databases. | X | |||
CRED-10835 | Allow override of predefined filters in search task When using a search config that contains predefined filter values in the "Execute Search" service task, it is now possible to override the predefined values with new values in the service task. | X | |||
CRED-11249 | Support for certificates with multi-value SAN attributes for login Improved certificate-based login implementation. It is now possible to log in with certificates that have a multi-value SAN attribute, for example, multiple email addresses or multiple User Principal Names (UPNs), in the certificate. The login process will iterate through the values until one has a unique match to a user. | X | |||
DA-573 | Ansible way of deployment for Digital Access It is now possible to deploy a fresh instance of Digital Access using Ansible in RHEL 8 with Podman as the containerization tool. See here for more information:Â Deploy Digital Access on RHEL 8 using Ansible and Podman. | X | |||
IDC-1825 | Flag added to log SCIM API requests A flag (PA_DEBUGLOG) has been added to log SCIM API requests to help debugging if an Identity Manager request is not correct. By default this flag is set to False so that it doesn’t log all the request data when not necessary. The flag is defined in the smartid.env file. Set the flag to True if required. | X |
Corrected bugs
Jira ticket no | Description | Digital Access | Identity Manager & Self-Service | Physical Access | Messaging |
---|---|---|---|---|---|
DA-21 | In case of SAML, if the users logged after a certain time period, they where redirected to the access point portal instead of to the SP resource. This has now been fixed. | X | |||
DA-163 | Added connection timeout and read timeout for BankID and Freja eID. The default values can be modified by setting the java properties:
| X | |||
DA-193 | Fixed Null pointer exception when doing SAML authentication with forceAuthn enabled. | X | |||
DA-522 | Fixed Null pointer exception when user session does not exist. | X | |||
DA-532 | Due to a thread crash, session cleanup activity gets interrupted in the policy service and eventually all the limit of concurrent session got exhausted. Fixed the null pointer exception in timer manager thread. | X | |||
DA-535 | Sign message for SAML request is now getting passed to IDP when Digital Access acts as a proxy. | X | |||
DA-598 | Fixed the null pointer exception when Hermod gives a callback to Digital Access for expired profile. | X | |||
DA-466 | Added missing security headers in access point, admin, policy and distribution services. Added CSP header to be configurable. | X | |||
DA-418 | Updated online help for SAML "Use latest used authentication method". | X | |||
IDC-1843 | EntitlementAssignment gets deleted when the same entitlement assignment is deleted and added again. This has been fixed. | X | |||
IDC-1856 | Filters on groups were not working as expected. This has been fixed. | X | |||
CRED-10280 | Improved error handling in BPMN History cleanup. When an error occurs, the cleanup job will no longer be interrupted. Instead it will continue with the rest of the cleanup. | X | |||
CRED-10535 | When creating new records via the (client-side) CSV import task, the object history entries were not always updated. This has been fixed. | X | |||
CRED-10693 | Fixed an issue when adding Expressions, (for example OR or RegEx), dynamically via a data map into an unequal filter in the search config. | X | |||
CRED-10798 | When uploading CSV files on the client-side via the upload button, empty lines in the CSV files were misinterpreted and this could lead to wrong results in the system. This has now been fixed by ignoring empty lines. | X | |||
CRED-10833 | When running the ActivitiHistoryCleaner background job, open "CallActiviti" instances was missed. This has now been fixed by including the CallActiviti instances in the clean-up. | X | |||
CRED-10932 | Fixed an issue when executing multi-level searches in batch orders. | X | |||
CRED-10977 | Fixed an issue when enrolling certificates on mobile app or Virtual Smart Card (VSC) in combination with Microsoft ADCS (missing key size parameter). | X | |||
CRED-11001 | When doing concurrent Smart card production in multiple Identity Manager Operator clients, the system could run into an error due to concurrency. This has been fixed. | X | |||
CRED-11022 | Fixed an issue when validating date fields with "not before" condition in user forms. | X | |||
CRED-11053 | Fixed an issue about authentication profiles in the Identity Manager (IDM) migration tool. | X | |||
CRED-11058 | When logging in with SAML, the IP address of the client was not added to the user context, as it is done for other authentication profiles. This has been fixed. Now the client IP address is also available with SAML. | X | |||
CRED-11071 | Fixed logging in Microsoft ADCS PKI connector when getting concurrent requests. | X | |||
CRED-11087 | The searches behind search buttons got executed immediately in Smart ID Self-Service. This could cause issues when getting large search results. This has been fixed. Now the search needs to be executed manually by the user, to enable filter criteria to be entered and thereby limit the search results. | X | |||
CRED-11243 | Smart ID Self-Service always showed binary objects as if they had content, even if an object was empty. This made it impossible to differentiate between binary fields with and without content in the Smart ID Self-Service UI. This has now been fixed. | X | |||
PMOB-3177 | Keep-a-live is set in seconds in the configuration, but must be returned in milliseconds in the code. This was not working correctly and is now fixed. | X | |||
PMOB-3178 | Configuration refresh using the actuator/refresh endpoint and remote HermodCfgServer polling at the same time was not working. This is now fixed. | X | |||
PMOB-3183 | Handling job distribution when scaling down number of instances from 2 to 1 was not working in a correct way. This is now fixed. | X |
Release announcement
Only Docker deployment is supported for the Smart ID components Identity Manager, Physical Access, Digital Access and Messaging. For full instructions, see Deploy Smart ID.
From Smart ID 20.11 and on, components now only have the Smart ID version number and not the different component version numbers. For information on previous releases, see Nexus Documentation Archive.
For details on the updated Smart ID configurations and deployment configurations, see here:Â
Known issues
Jira ticket no | Description | Digital Access | Identity Manager & Self-Service | Physical Access | Messaging |
---|---|---|---|---|---|
DEVOPS-1230 | copy_files script is broken in 21.04.2 When restarting Identity Manager Admin or Identity Manager Operator, the container won't be able to restart and log an error "java.nio.file.FileAlreadyExistsException". The workaround in this case is to recreate the container instead of just restarting it. This can be achieved by running the command " | X |
Contact
Contact Information
For information regarding support, training and other services in your area, please visit our website at www.nexusgroup.com/.Â
Support
Nexus offers maintenance and support services for Smart ID components to customers and partners. For more information, please refer to the Nexus Technical Support at www.nexusgroup.com/support/, or contact your local sales representative.
Copyright 2024 Technology Nexus Secured Business Solutions AB. All rights reserved.
Contact Nexus | https://www.nexusgroup.com | Disclaimer | Terms & Conditions