Release notes

Dependency updates

Underlying dependencies have been updated extensively.  Local customizations may be affected.

Traces ID for all authenticators

Every authenticator now log using the trace ID if configured.

Internal authenticator - Siths e-id

New authenticator for internal use. See separate documentation.

Signing service updates

  • Refactoring in regards to component placement and language updates to conform when using PhenixID signing workflow application.
  • UI updates in regards to conforming better with Web Content Accessibility Guidelines, WCAG.
  • Visual signatures now can contain custom font.
  • Visual signatures now can truncate the signer name.
  • Localisation of the PDF- preview

New GUIDE for creating API endpoints

A new guide is created to aid setting up and maintaining API endpoints.

Bundled FIDO icon

A default FIDO icon is bundled with the installation to be used in FIDO authentication scenarios.

Add support for overlay in FIDO activation

Fido activation now supports the "overlay" pattern.

FIDO token deactivation

MFA - admin now supports the deactivation of FIDO tokens.

Support "proceed on error" in RADIUS valves.

The RADIUS valves now supports proceed on error pattern.

Guide clarification

In FIDO enrollment set up GUIDE, selecting IDP has been clarified.

CertificateExtractorValve updates

Support extraction of names in string format (rfc822Name, dNSName, uniformResourceIdentifier, iPAddress) and ASN1 encoded otherName.

Support for additional SAML profile

Support for SAML Holder-of-Key Web Browser SSO Profile is now supported.

Improved event logging Siths e-id

Entry now includes the identified user.

Updated event logging, SAMLNias & NiasAuth

Entry event id has been changed using EVT_004811 on success   and  EVT_004810 on fail.

Improved event logging when using phenix-api-bankid

New event id's added. 

Information about requested action, calling tenant, source IP address(if possible). when applicable include the BankID order ref

Updated behavior when using bank-id on the same device

When using bankid on same device the user is required to manually trigger the  switch to bankid application.

JWKS response SHA-1 thumb print update

In previous version the value of the x5t was faulty.

Freja e-ID valve updates

Support for using the valves "on behalf of/relying party". Valves updated are:

  • FrejaEIDAuthRequestValve
  • FrejaEIDAuthStatusValve
  • FrejaEIDSignRequestValve
  • FrejaEIDSignStatusValve

See valve configuration for more information.

Updated behaviour in ACS selection

New behaviour  filters out unsupported binding and selected based in index. The SP can override by sending in a custom ACS URL and binding. Signed request is required. 

Conforming to new BankID backend

All communications to bankid backend now uses version 5.1. 

SAMLNias authenticator update

Configuration update that breaks previous configuration. Be sure to verify configuration in current release.

NiasAuth authenticator update

Configuration update that breaks previous configuration. Be sure to verify configuration in current release.

NIAS valves updated configuration

Breaking configuration change in Nias valve:

NiasCollectAuthenticationStatusValve

NIASSignValve

NiasAuthenticateValve

NIASCollectSignatureValve