Release notes
BankID Säker Start RP-API 6.0
Mid May, BankID announced that their new API version RP-API 6.0 was set in production. The PAS 4.7 release now includes support for all three items in BankIDs "Säker Start": earlier version already had support for Autostart and QR code, and 4.7 also includes support for RP-API v6.0 which are now in production
Please note: versions lower than 6.0 will not be supported after 1st May 2024
Skolfederation
In March, Skolfederation together with Internetstiftelsen released an updated version of their"Technical profile for SAML WebSSO for Skolfederation". This new release of PAS has been updated to fully comply with the new requirements such as Clock Skew.
EFOS
Overhaul of SAML requirements for EFOS including updated SAML functionality
MyApps
MyApps has been updated tom comply with WCAG
New features and improvements
PHX-2991 Align error handling between authenticators (No more "Internal server error")
PHX-3013 Debug logging of the body content for HTTP valves
PHX-3025 Support BankID RP API v6
PHX-3041 Skolfederationen: Comply with supported algorithms on SP and IdP.
PHX-3042 Skolfederationen add support for Clock Skew on IdP
PHX-3043 Skolfederationen: Add support for validating Scoped attributes on SP.
PHX-3049 WCAG MyApps
PHX-3093 EFOS - Support ForceAuthn and isPassive
Bug fixes
PHX-2899 Internal SAML: Entity not found
PHX-3029 Dispatch based on query string in OIDCToSAMLBroker
PHX-3047 FrejaEID login on same device does not take you back to the original app after auth
PHX-3083 EFOS - SAMLResponse must be signed
PHX-3084 EFOS - Include information on what failed to validate
PHX-3086 EFOS - Error in SAMLAuthSigning documentation
PHX-3087 EFOS - SAMLAuthForSigning error when not logged in
PHX-3088 EFOS - PrincipalSelection value missing in SAMLAuthForSigning
PHX-3089 EFOS - signMessageDigest addtribute always added - not documented
PHX-3090 EFOS - Encrypted signMessage doesnt work
PHX-3091 EFOS - PAS crash when Assertion is encryted and signed
PHX-3092 EFOS - Config example for solution missing
PHX-3094 EFOS - Requestedauthncontext missing if no dispatcher
PHX-3095 EFOS - Multiple AuthnContextClassRef
PHX-3096 EFOS - AssertionConsumerServiceURL fail for LOA4/HOK
PHX-3097 EFOS - Holder-of-Key generates validation error