Ubisecure SSO 8.x.x
Ubisecure SSO 8.3.3
New Features
- IDS-1146: One-time password format in OAuth SMS/SMTP grant can be freely formatted.
- Check the documentation from Configuration of unregistered SMTP - SSO and Installing SMS authentication method - SSO.
Ubisecure SSO 8.3.2
New Features
- IDS-1117: Support for HTML emails in OAuth SMTP-OTP Grant.
- You can set a new parameter in OAuth and our language files to set an explicit content type for emails and if omitted then plain text will be used for backward compatibility.
- Check the documentation from Configuration of unregistered SMTP - SSO and and Password Reset application internationalization - SSO.
- IDS-1119: One-time password format in OAuth SMS/SMTP grant can be set to have no spaces.
- Check the documentation from Installing SMS authentication method - SSO.
Corrections
- IDS-947: Corrected ForceAuthn authentications when user has already an existing authentication.
- IDS-1037: Made it possible to update Tomcat version.
- Check the RefreshServlet security chapter from Security considerations for production environments - SSO and and Configuring CORS with credentials - SSO.
- IDS-1106: Corrected JWK interoperability issue with Chrome browser.
Ubisecure SSO 8.3.0
New Features
- IDS-270: Password Reset - A new web application for resetting a forgotten password.
- More information in the documentation.
- IDS-639: Support for Swedish BankID via external Authentication Adapter using Ubisecure Backchannel Authentication Adapter (UBAA) Authentication Method.
- Technical information, installing and configuring Swedish BankID Authentication Adapter is described here
- Installing the Ubisecure Backchannel Authentication Adapter Authentication Method is described here
- SSO Management Console supports configuration by providing new method type Backchannel Authentication Adapter
...
Ubisecure SSO 8.1.1 (26.4.2017)
New Features
- IAM-2320: Tupas IDP: If A01Y_RETLINK contains query part, the query part is now included also in the tupas response.
...
Ubisecure SSO 8.1.0 (28.3.2017)
New Features
- IAM-1374: SSO support for wreply and wfresh paraneters in WS-Federation
- IAM-2019: SSO support for wauth and whr parameters in WS-Federation
- IAM-1352: SSO Management API - New functionality to add/remove/modify users
- IAM-1457: SSO Management API - New functionality to create mapping configuration (persistentId, refreshtokenPolicy)
- IAM-1735: Sms-mt-otp and smtp-otp grant, added error description to Error Response explaining the error situation
- IAM-1907: OTP Timout for Sms-mt-otp and smtp-otp grant,is now configurable in minutes. By default, there is no timeout.
- IAM-2073: TUPAS IDP A01Y_RETLINK parameter allows ignoring of query parameters from the URL(s)
- IAM-2110: Type and attribute names in SSO Management API calls for input are now case in-sensitive. Type and attribute names in responses are now in CamelCase.
- IAM-2204: Java updated to version jdk-8u121
- IAM-2197: Tomcat updated to version 8.0.42
...
Ubisecure SSO 8.0.0 (25.11.2016)
New Features
- IAM-1320: SSO Server acts as a TUPAS IDP
- IAM-1478: PCR generation - an option to use new kind of UUID format as specified in RFC 4112[9]
- IAM-1493: It is now possible to prevent SSO on server side by using agent setting (using either Forceauthn, oneTimeUse or both parameters)
- IAM-1736: New Ubisecure look and feel to SSO
- IAM-1770: New tomcat version 8.0.38
...
Ubisecure SSO 7.7.1 (3.10.2016)
New Features
- IAM-1506: SSO authorization policy can decrypt values
...
Ubisecure SSO 7.7.0 (26.08.2016)
New Features
- IAM-1032: OpenID Provider Metadata, tokeninfo_endpoint replaced with introspection_endpoint (RFC 7662)
- IAM-1384: Token Introspection updates for RFC 7662
- IAM-1066: MPKI login screen can be configured so that it does not ask a spam code and tries automatically to login if mobile connect crypted loginhint is provided.
- IAM-1451: OAuth2 and SAML2 metadata agent logo, based on locale, can be set visible in the login screen, with or without the default SSO logo
- IAM-1474: SSO openldap version upgrade to openldap-2.4.44 (OpenLDAP is now compiled without DDS overlay and with both BDB (default) and new MDB backends)
...
Ubisecure SSO 7.6.0 (29.05.2016)
New Features
- IAM-712: OAuth 2.0 Token Revocation (RFC 7009).
- IAM-1124: SAML Profile for OAuth 2.0 Authorization Grants (RFC 7522)
- IAM-1354: SSO Management API new functionality to allow Relying Party specified client_id and secret for OAuth2 metadata (RFC-7591 Dynamic client registration protocol)
- IAM-1364: OAuth2 and SAML2 metadata client name can be set visible in the login screen, id addition, or to replace to current hostname
- IAM-1365: SSO Login screen templates can contain also javascript resources
- IAM-1366: Username in login screen cannot be changed if mobile connect login_hint is encrypted (ENCR_MSISDN)
- IAM-1384: Oauth2 Token Introspection token_type supports refresh_token
- IAM-1448: OAuth2 OpenID Provider Metadata changes, tokeninfo_endpoint is replaced with introspection_endpoint. Note that tokeninfo_endpoint and /uas/oauth2/tokeninfo are deprecated (will be removed in the version after 7.6)
- IAM-1395: SSO can return grant type and refresh token create time to application using authorization policy
- IAM-1428: AuthnStatementSessionNotOnOrAfter interop flag to leave SessionNotOnOrAfter unassigned in SAML2 response
- IAM-1403: OpenID Connect idtoken contains azp attribute in Mobile Connect
- IAM-1404: OAuth2 idtoken attribute aud is now always array to fully support Mobile Connect
- IAM-1406: OAuth2 authorization endpoint error page now sets http status 400 to indicate error condition (Does not return user to relying party)
...
Ubisecure SSO 7.5.0 (26.02.2016)
New Features
- IAM-5: OAuth2-extension for confirming Email and Phone number
- IAM-823: SSO Management REST API Phase 1
- IAM-873: Compability flag SendAssertionConsumerServiceURL for sending AssertionConsumerServiceURL in SAML-AuthnRequest
- IAM-1170: New compabilityflag ExplicitUnspecifiedAuthnContextClassRef for sending authnContextClassRef in SAML-response
- IAM-941: OTP server support for external SQL user database
- IAM-1060: Unregistered SMS OTP Authentication method
- IAM-1208: Unregistered SMTP OTP Authentication method
- IAM-1147: Login_hint now works also with unregistered authentication methods (unregistered MPKI, SMS and SMTP)
- IAM-1253: SSO Management UI to GlobalSign branding
- IAM-1296: OAuth request scope now ignored as long as the correct scope in use is returned in Token Endpoint response
- IAM-1297: Only password, authorization_code and refresh_token are allowed OAuth grant_types By default.
- IAM-1295: Template property useloginhint for showing OAuth2 login_hint in SSO
- IAM-1294: Support for Mobile Connect encrypted login_hint with prefix ENCR_MSISDN
...
Ubisecure SSO 7.4.0 (27.11.2015)
New Features
- IAM-805: Upgrade SSO JVM to Java 8
- IAM-884: SSO Tomcat updated, version 8.0.27
- IAM-910: OpenID Connect/Mobile Connect Identity Provider
- IAM-966: Support multivalue SAML2 AuthnContextClassRef in methods
- IAM-995: updated OpenSSL version to 1.0.1p, used by OpenLDAP in linux installations
...