Release notes
Dependency updates
Underlying dependencies have been updated extensively. Local customizations may be affected.
FIDO2 support
Hazelcast upgrade
New version is 4.11. Upgrades will require manual handling in regards to hazelcast configuration.
Metadata loading improvement
SAML metadata loading has been improved. When consumed from a URL, data is cached. The cached data is used as fallback if url target is unreachable.
Freja e-ID organization id is now supported
Organization id is supported through new Freja e-ID authenticator and valves.
WCAG updates for all authenticator templates
Improved functionality in regards to the WCAG (Web Content Accessibility Guidelines).
WCAG updates PSS UI
Improved functionality in regards to the WCAG (Web Content Accessibility Guidelines).
PSS updates
- UI updates
- Option to show two password fields for onscreen exact comparison.
Updates may affect local customizations.
SAML IDP using multiple sign certificates
SAML certificate rollover is supported on the IDP sign certificate.
One Touch quick mode
Allows for user to confirm/reject a One Touch login using Apple Watch or equivalent.
More information here.
PDFSignatureStatusValve improved signature verification
Time stamp authority signatures now are validated.
OIDC OP guide updates
token_type=Bearer is now returned by default.
kid claim is now added by default to the header part of the jwt token.
Updated behavior SAMLAnonymousAssignmentAuthenticator
QR is showed instantly. Additional configuration is available.
Added missing traceid for authenticators
Affects authenticators:
- SAMLNias
- SAMLWindowsSSO
- DefaultInternalAuthenticator
For windows, added default custom options file - customer customizations
Used for customizations not being overwritten at upgrade.
Token imports are now done using a separate tool
Hardware tokens is now imported using the bundled Test Tool.
More information can be found here.
Internal database schema update
Token serial is now required to be unique, to avoid duplicates. For external databases this must be applied manually.
More information here.
New Freja e-ID valves
Allows for authentication or signing through API. Valves are:
- FrejaEIDAuthRequestValve
- FrejaEIDAuthStatusValve
- FrejaEIDSignRequestValve
- FrejaEIDSignStatusValve
New SITHS saml authenticator
Allows for authentication using SITHS mobile.
Authenticator name is SAML2SithsEID.
HYPR added as a method of authentication
SAML authentication now can be done using HYPR.
https://www.hypr.com/
New SITHS valves
Allows for authentication through API.
Valves are:
- SithsEidAuthenticateValve
- SithsEidCollectAuthenticationStatusValve
SAMLNias update
SAMLNias authenticator now includes user certificate in the pipe request issuing the SAML assertion.