Release notes

BankID Säker Start RP-API 6.0

Mid May, BankID announced that their new API version RP-API 6.0 was set in production. The PAS 4.7 release now includes support for all three items in BankIDs "Säker Start": earlier version already had support for Autostart and QR code, and 4.7 also includes support for RP-API v6.0 which are now in production

Please note: versions lower than 6.0 will not be supported after 1st May 2024


In March, Skolfederation together with Internetstiftelsen released an updated version of their"Technical profile for SAML WebSSO for Skolfederation". This new release of PAS has been updated to fully comply with the new requirements such as Clock Skew.


Overhaul of SAML requirements for EFOS including updated SAML functionality


MyApps has been updated tom comply with WCAG

New features and improvements

PHX-2991 Align error handling between authenticators (No more "Internal server error")

PHX-3013 Debug logging of the body content for HTTP valves

PHX-3025 Support BankID RP API v6

PHX-3041 Skolfederationen: Comply with supported algorithms on SP and IdP.

PHX-3042 Skolfederationen add support for Clock Skew on IdP

PHX-3043 Skolfederationen: Add support for validating Scoped attributes on SP.

PHX-3049 WCAG MyApps

PHX-3093 EFOS - Support ForceAuthn and isPassive

Bug fixes

PHX-2899 Internal SAML: Entity not found

PHX-3029 Dispatch based on query string in OIDCToSAMLBroker

PHX-3047 FrejaEID login on same device does not take you back to the original app after auth

PHX-3083 EFOS - SAMLResponse must be signed

PHX-3084 EFOS - Include information on what failed to validate

PHX-3086 EFOS - Error in SAMLAuthSigning documentation

PHX-3087 EFOS - SAMLAuthForSigning error when not logged in

PHX-3088 EFOS - PrincipalSelection value missing in SAMLAuthForSigning

PHX-3089 EFOS - signMessageDigest addtribute always added - not documented

PHX-3090 EFOS - Encrypted signMessage doesnt work

PHX-3091 EFOS - PAS crash when Assertion is encryted and signed

PHX-3092 EFOS - Config example for solution missing

PHX-3094 EFOS - Requestedauthncontext missing if no dispatcher

PHX-3095 EFOS - Multiple AuthnContextClassRef

PHX-3096 EFOS - AssertionConsumerServiceURL fail for LOA4/HOK

PHX-3097 EFOS - Holder-of-Key generates validation error