Release notes

Support for DIGG "Deployement profile for Swedish eID framework

Now supporting DIGGs "Deployment profile for the Swedish eID Framework" specification. Updates include the option for the administrator to decide on more strict validation of incoming SAML requests as well as supporting more attributes.

Animated QR code for Bank-ID

Static QR code for BankID authentication is replaced with an animated version for increased security

WCAG updates to Password Selfservice and MyApps

Password Selfservice and MyApps UI updated to comply with WCAG (Web Content Accessibility Guidelines) 2.1. This makes content more accessible to a wider range of people with disabilities, including accommodations for blindness and low vision.

LDAPSearchValve multiple search bases

LDAPSearchValve allows for configuration of more than one search base.

FrejaID authenticator

No selection of authentication method necessary if only one option is available.

NIASSignValve item property expansion

Added support for property expansion to pnr and user_visible_data parameters.

BankID authentication "avsiktstext"

Possible to configure userVisibleData for BankID identification just as with signing.

PDF/XML signing key size

Using certs with key size > 4096 when signing PDF/XML files.

Bug fixes

- Unable to replace SAML-metadata on file

- Can't choose last line in MyApps on iOS 

- Cookie for phenixidlangauge rejected 

- Values for "ot_push_title" and "ot_push_message" set in GUI, is not written to configuration 

- Invalid pdf/a-1a font in dss signing 

- Log level set to Debug as default

- Aborting eidas-authn returns to white page  

Handling OIDC redirect_uri allowance

Improved admin guidance.

GenerateJWTTokenValve target property

It is now possible to configure the target property name to something else than the default value id_token.

eIDAS cancel authentication

PAS - acting as a service provider - can now be configured to redirect a user to a predefined cancelUrl when a user aborts, for example, an eIDAS login. Applies to SAMLSPBroker, SAMLServiceProviderAuthN and OIDCToSAMLBroker.

AttributeConsumingServices support for SAMLSPBroker

SAMLSPBroker now supports configuration of AttributeConsumingServices, allowing you to list different services that use the broker and which attributes they are interested in receiving in a SAML Assertion. SAML requests made by the broker towards an IdP will then forward the AttributeConsumingServiceIndex used by the requesting SP such that each service receives the correct attributes.