Ubisecure SSO 8.x.x

Ubisecure SSO 8.3.3

New Features

• IDS-1146: One-time password format in OAuth SMS/SMTP grant can be freely formatted.
  • Check the documentation from Configuration of unregistered SMTP - SSO and Installing SMS authentication method - SSO.

Ubisecure SSO 8.3.2

New Features

• IDS-1117: Support for HTML emails in OAuth SMTP-OTP Grant.
  • You can set a new parameter in OAuth and our language files to set an explicit content type for emails and if omitted then plain text will be used for backward compatibility.
  • Check the documentation from Configuration of unregistered SMTP - SSO and  and Password Reset application internationalization - SSO.
• IDS-1119: One-time password format in OAuth SMS/SMTP grant can be set to have no spaces.
  • Check the documentation from Installing SMS authentication method - SSO.

Corrections

• IDS-947: Corrected ForceAuthn authentications when user has already an existing authentication.
• IDS-1037: Made it possible to update Tomcat version.
  
  • Check the RefreshServlet security chapter from Security considerations for production environments - SSO and  and Configuring CORS with credentials - SSO.
• IDS-1106: Corrected JWK interoperability issue with Chrome browser.

Ubisecure SSO 8.3.0

New Features

• IDS-270: Password Reset - A new web application for resetting a forgotten password.
  • More information in the documentation.
• IDS-639: Support for Swedish BankID via external Authentication Adapter using Ubisecure Backchannel Authentication Adapter (UBAA) Authentication Method.
  • Technical information, installing and configuring Swedish BankID Authentication Adapter is described here
  • Installing the Ubisecure Backchannel Authentication Adapter Authentication Method is described here
    
    • SSO Management Console supports configuration by providing new method type Backchannel Authentication Adapter

...

Ubisecure SSO 8.1.1 (26.4.2017)

New Features

• IAM-2320: Tupas IDP: If A01Y_RETLINK contains query part, the query part is now included also in the tupas response.

...

Ubisecure SSO 8.1.0 (28.3.2017)

New Features

• IAM-1374: SSO support for wreply and wfresh paraneters in WS-Federation
• IAM-2019: SSO support for wauth and whr parameters in WS-Federation 
• IAM-1352: SSO Management API - New functionality to add/remove/modify users 
• IAM-1457: SSO Management API - New functionality to create mapping configuration (persistentId, refreshtokenPolicy)
• IAM-1735: Sms-mt-otp and smtp-otp grant, added error description to Error Response explaining the error situation
• IAM-1907: OTP Timout for Sms-mt-otp and smtp-otp grant,is now configurable in minutes. By default, there is no timeout.
• IAM-2073: TUPAS IDP A01Y_RETLINK parameter allows ignoring of query parameters from the URL(s)
• IAM-2110: Type and attribute names in SSO Management API calls for input are now case in-sensitive. Type and attribute names in responses are now in CamelCase.
• IAM-2204: Java updated to version jdk-8u121
• IAM-2197: Tomcat updated to version 8.0.42

...

Ubisecure SSO 8.0.0 (25.11.2016)

New Features

• IAM-1320: SSO Server acts as a TUPAS IDP
• IAM-1478: PCR generation - an option to use new kind of UUID format as specified in RFC 4112[9]
• IAM-1493: It is now possible to prevent SSO on server side by using agent setting (using either Forceauthn, oneTimeUse or both parameters)
• IAM-1736: New Ubisecure look and feel to SSO
• IAM-1770: New tomcat version 8.0.38

...

Ubisecure SSO 7.7.1 (3.10.2016)

New Features

• IAM-1506: SSO authorization policy can decrypt values

...

Ubisecure SSO 7.7.0 (26.08.2016)

New Features

• IAM-1032: OpenID Provider Metadata, tokeninfo_endpoint replaced with introspection_endpoint (RFC 7662) 
• IAM-1384: Token Introspection updates for RFC 7662 
• IAM-1066: MPKI login screen can be configured so that it does not ask a spam code and tries automatically to login if mobile connect crypted loginhint is provided.
• IAM-1451: OAuth2 and SAML2 metadata agent logo, based on locale, can be set visible in the login screen, with or without the default SSO logo
• IAM-1474: SSO openldap version upgrade to openldap-2.4.44 (OpenLDAP is now compiled without DDS overlay and with both BDB (default) and new MDB backends)

...

Ubisecure SSO 7.6.0 (29.05.2016)

New Features

• IAM-712: OAuth 2.0 Token Revocation (RFC 7009). 
• IAM-1124: SAML Profile for OAuth 2.0 Authorization Grants (RFC 7522)
• IAM-1354: SSO Management API new functionality to allow Relying Party specified client_id and secret for OAuth2 metadata (RFC-7591 Dynamic client registration protocol)
• IAM-1364: OAuth2 and SAML2 metadata client name can be set visible in the login screen, id addition, or to replace to current hostname
• IAM-1365: SSO Login screen templates can contain also javascript resources
• IAM-1366: Username in login screen cannot be changed if mobile connect login_hint is encrypted (ENCR_MSISDN)
• IAM-1384: Oauth2 Token Introspection token_type supports refresh_token 
• IAM-1448: OAuth2 OpenID Provider Metadata changes, tokeninfo_endpoint is replaced with introspection_endpoint. Note that tokeninfo_endpoint and /uas/oauth2/tokeninfo are deprecated (will be removed in the version after 7.6)
• IAM-1395: SSO can return grant type and refresh token create time to application using authorization policy
• IAM-1428: AuthnStatementSessionNotOnOrAfter interop flag to leave SessionNotOnOrAfter unassigned in SAML2 response
• IAM-1403: OpenID Connect idtoken contains azp attribute in Mobile Connect
• IAM-1404: OAuth2 idtoken attribute aud is now always array to fully support Mobile Connect
• IAM-1406: OAuth2 authorization endpoint error page now sets http status 400 to indicate error condition (Does not return user to relying party)

...

Ubisecure SSO 7.5.0 (26.02.2016)

New Features

• IAM-5: OAuth2-extension for confirming Email and Phone number
• IAM-823: SSO Management REST API Phase 1
• IAM-873: Compability flag SendAssertionConsumerServiceURL for sending AssertionConsumerServiceURL in SAML-AuthnRequest 
• IAM-1170: New compabilityflag ExplicitUnspecifiedAuthnContextClassRef for sending authnContextClassRef in SAML-response
• IAM-941: OTP server support for external SQL user database
• IAM-1060: Unregistered SMS OTP Authentication method 
• IAM-1208: Unregistered SMTP OTP Authentication method
• IAM-1147: Login_hint now works also with unregistered authentication methods (unregistered MPKI, SMS and SMTP)
• IAM-1253: SSO Management UI to GlobalSign branding
• IAM-1296: OAuth request scope now ignored as long as the correct scope in use is returned in Token Endpoint response
• IAM-1297: Only password, authorization_code and refresh_token are allowed OAuth grant_types By default.
• IAM-1295: Template property useloginhint for showing OAuth2 login_hint in SSO
• IAM-1294: Support for Mobile Connect encrypted login_hint with prefix ENCR_MSISDN

...

Ubisecure SSO 7.4.0 (27.11.2015)

New Features

• IAM-805: Upgrade SSO JVM to Java 8
• IAM-884: SSO Tomcat updated, version 8.0.27
• IAM-910: OpenID Connect/Mobile Connect Identity Provider
• IAM-966: Support multivalue SAML2 AuthnContextClassRef in methods 
• IAM-995: updated OpenSSL version to 1.0.1p, used by OpenLDAP in linux installations

...