Please see the current Release Notes (here - scroll down to change log) for the active release change log

Ubisecure CustomerID 5.x.x

Ubisecure CustomerID 5.3.5

Corrections

• IDS-1471: Corrected MOD026 Create Pending User logic to use the defined password for user, if user doesn't define password during registration flow.

Ubisecure CustomerID 5.3.4

Corrections

• IDS-1488: Corrected registration behaviour when multiple users performed registration at the same time. This defect caused backend responses with CustomerID XML schema field Modify type=current-user to modify wrong user when multiple users completed registration at the same time.

Ubisecure CustomerID 5.3.3

Corrections

• IDS-1466: Corrected backend call with disabled fields. This defect prevented having a step in registration which did not contain user editable fields.

Ubisecure CustomerID 5.3.2 (14/03/2019)

Corrections

• IDS-1276: Corrected backend call error status handling for responses following the Ubisecure CustomerID XML schema.
• IDS-1277: Corrected backend call error message handling for responses following the Ubisecure CustomerID XML schema.
• IDS-1330: Corrected parametrized role assignment in registrations when a temporary attribute is used in the role definition.
• IDS-1335: Corrected some performance problems with the organization's role tab when roles from sub organizations are also included.

Ubisecure CustomerID 5.3.1 (29/01/2019)

Corrections

• IDS-1275: Corrected unintentional decryption of user attributes.
  • See notification from Known issues - CustomerID.

Ubisecure CustomerID 5.3.0 (03/10/2018)

...

• IDS-593: Various minor improvements in the error reporting of command line scripts in the tools folder.
• IDS-698: Added security related flags (secure and http-only) to session cookies.
• IDS-111: Security update of 3rd party libraries.
  • See documentation from 3rd party licenses - CustomerID.
• IDS-184: CustomerID now supports internationalized email addresses.
• IDS-804: Roles in mandates are listed more clearly in the user interface.

Corrections

• IDS-972: Corrected enabling pending user via REST call MOD004 Update User.
  • See documentation from  REST API 2.0 - CustomerID.
• IDS-1064: Corrected information updating concerning the OTP authentication method in Self-Service user interface.
• IDS-759: Corrected response of REST API call REQ015 Query Registration when no result could not be found. Now we return 404 Not Found instead of 500 Internal Server Error. 
  • See documentation from REST API 1.2 - CustomerID.
• IDS-1060: Corrected Lost Password wizard.
• IDS-742: Corrected validation error message when trying to input an already existing email address.
• IDS-421: Corrected role handling in REST API call MOD022 Update Mandate Template.
• IDS-803: Corrected values of resource keys when using the "show resource keys" language in mandate related user interface screens.
• IDS-805: Corrected sending person originated mandate invite to new organization.
• IDS-806: Correction to approval using the drop down action list.
• IDS-807: Corrected several issues with the addrole configuration.
  • See documentation from User interface properties - CustomerID.
• IDS-808: Corrected role request approvals.
• IDS-839: Corrected error messages for UniqueAttributeValidator concerning the login attribute.
• IDS-875: Corrected companyid and customerid attribute handling in registrations.
• IDS-997: Corrected roles listing when using  ui.organization.roles.recursive=true.
• IDS-1059: Corrected confirmation thresholds.

Ubisecure CustomerID 5.2.18 (23/03/2018)

Corrections

• IDS-654: Fixed duplicate user check based on SSN in registrations

Ubisecure CustomerID 5.2.17 (19/03/2018)

Corrections

• IDS-634: Fixed an error with confirmation functionality in registrations
• IDS-566: Fixed REST call GET106 List Organizations for organizations that have no custom attributes 

Ubisecure CustomerID 5.2.16 (02/03/2018)

Corrections

• IDS-581: Fixed potential error situation with logging
• IDS-601: Fixed erronous sending of multiple data confirmation notifications

...

• IDS-440: Performance improvement for role approvals in approval tabs

Corrections

• IDS-458: Password change related feedback messages have been fixed

...

• IAM-2709: User search now checks that all inputs match search results
• IAM-2077, IAM-1247: CustomerID workers have been separated from the main EAR
• IAM-2665: Domain whitelisting for CSRF check
  • See general.accepted.origin.whitelist configuration property documentation from General properties - CustomerID.
• IAM-2705: Configurable favicon
  • See documentation from Configuration files related to customization - CustomerID.
• IAM-2833: Unicode support for built-in email address format validator
• IAM-718: User status can be defined in a human readable way in REST filters
• IAM-2284: Organization path is visible in summary step when inviting user to multiple roles

Corrections

• IAM-2711, IAM-2744: Possible problems with role invitation to existing user fixed
• IAM-2671: Fixed rejecting role invitations to existing users
• IAM-2687: Fixed name change when Active Directory is in use
• IAM-2633: Fixed email notification concerning pending user approval
• IAM-2636: Fixed unnecessary email renotification to pending user when user was waiting for approval
• IAM-2888: Fixed predefined role requests
• IAM-2896: Fixed organization removal in case there is an open role invitation for a new user
• IAM-3018: Fixed unwanted built-in attribute mandatoriness

...

• Workers have been separated to their own EAR
• Reorganization of some JARs

Corrections

• IAM-2064: Long organization names are no longer truncated in role add dialogue

Ubisecure CustomerID 5.1.5 (25/04/2017)

Corrections

• New version of cid-sso-adapter that does not add duplicate libraries into Ubisecure SSO when it is installed.

...

• Performance improvements
• IAM-1946: Updated WildFly version to 10.1.0.Final
• IAM-2005: CSRF prevention checks added

Corrections

• IAM-1842: Modify operations targeted to current-user from backend now work for existing user
• IAM-1947: Importtool saves locale to SQL
• IAM-2035: Corrected a possible NullPointerException in a certain type of role invitation

...

• Performance improvements
• CID-90: CustomerID uses built-in WildFly (instead of Tomcat)
• CID-112: CustomerID is packaged as an Enterprise Archive (EAR)
• CID-89: CustomerID uses Java 8
• CID-288: Updated Apache Wicket user interface framework version to 7.4.0
• CID-482: CustomerID logging can be configured via WildFly also logging format structure has been improved

Corrections

• CID-726: Corrected situation where REST response sometimes included a -1 value in port number

...

Ubisecure CustomerID 4.6.0 (29/02/2016)

Corrections

• IAM-45: Notification about pending role reception approval is now sent to new user after successful registration
• IAM-154: User interface handles long organization name in organization search results correctly
• IAM-1182: REST password change validates given password against the configured password policy.

...

• IAM-750: REST Query to list mandates received/sent by an organization/user

Corrections

• IAM-170: Invitation renotification email show correct links
• IAM-899: Role invitation wizard changes. Mail template step removed.
• IAM-921: Organization user list and search performance improved when listing users by roles
• IAM-1111: Updating e-mail address works correctly in AD with long emails (>20 characters)
• IAM-740: CID Lostpwd shows now actual login ID to user

Ubisecure CustomerID 4.4.1 (30/09/2015)

Corrections

• IAM-944: Registration allows creation of duplicate users when SSN matches
• IAM-949: When loginusernprincipalname is used as login then no new users can be created
• IAM-971: Validators are not working on user approval
• IAM-945: CID should not include client IP address in AuthnStatement/SubjectLocality in SAML AP requests

...

• IAM-736: Organizations can be created with unique random string identifier automatically
• IAM-794: Structured authorizer role information 
• IAM-821: REST: Search organizations by using any attribute

Corrections

• IAM-909: User transfer from organization to another fails

...

Improvements

• Performance improvements

Corrections

• IAM-775: Wrong language when transferring from registration to application
• IAM-847: /eidm2/wf/changepwd operation based on temporary token instead of permanent one
• IAM-260: REST: Creating ORG2ORG mandates fails

...

• IAM-747: A new way to configure authentication method activation step in registrations. It is now possible to also activate (link) external authentication methods to the created user account.

Corrections

• IAM-738: Automatic role approvals after registration now work also for role invitations made using the REST-interface

Ubisecure CustomerID 4.2.1.39626

Corrections

• IAM-725: Also pending users can now be searched via REST-interface

...

• IAM-48: TUPAS methods can be grouped in user driven federation
• IAM-229: Locale field can now be used also in role invitation wizard

Corrections

• IAM-56: Mistyped email confirmation code no longer leads to an application error
• IAM-39: In CustomerID Admin interface, organization name change now updates the view immediately
• IAM-21: UI layout is no longer broken on approval tab (it was broken when using Firefox)
• IAM-23: User custom attributes are saved when uniqueID attribute is used in user import
• IAM-168: organization.class.default.restrictedRoleInvite no longer shows extra role in organization view

...

• Product name has beed changed from Ubisecure CustomerID to GlobalSign CustomerID
• Configurable validation for attribute values
• User driven federation support
• More mobile friendly user interface
• Registration fields can be prefilled from authentication method attributes
• EIDM-1340: Automatic generation of organization technical name
• EIDM-1372: Delete User REST query by user ID
• EIDM-1384: Second web agent for CustomerID
• EIDM-1391: Return URL can be given for registrations as an URL parameter
• EIDM-1401: Verification step in registrations can now support also other authentication methods than TUPAS
• EIDM-1348: Role invitation information can be queried via REST using user ID Improvements
• Attribute validation is performed also for REST calls
• Several performance improvements concerning large user amounts
• EIDM-1349: Update user REST call can be used also for pending users
• EIDM-1350: Query user REST call can be made based on user ID
• EIDM-1351: Update user REST call can be made based on user ID
• EIDM-1373: Listing users via REST can use any attribute for filtering results
• EIDM-1374: Query Role REST call can be made based on role ID

Corrections

• EIDM-173: Bank authentication (TUPAS) method name, title, and logo are now configurable
• EIDM-572: Password change error messages are no longer duplicated
• EIDM-598: An unknown TUPAS method in the properties does not present an exception in the browser
• EIDM-618: Long information does not break the registration confirmation step display
• EIDM-859: We will correctly report an error message if someone tries to create a sub organization that has the same name as a role in the parent organization
• EIDM-920: Database update is now quicker
• EIDM-991: Approval does not close if mandatory fields are left empty when approving
• EIDM-1198: Removing multiple users is now quicker
• EIDM-1204: Organization filtering is now quicker
• EIDM-1255: Users imported with unique ID defined now get proper status
• EIDM-1267: Custom usernames can now have validation via the new validation configuration option
• EIDM-1294: Documentation updated concerning removed email.corporateRegisterEmail.message key from mail message configuration
• EIDM-1377: Password change wizard now only sends the correct email message instead of two different messages
• EIDM-1379: Verification now works also in protected registrations
• EIDM-1381: Welcome message is sent for new user after create user wizard also when email confirmation is not required
• EIDM-1383: Password change now only sends the correct email message and not two different ones
• EIDM-1386: Reminder message about user registration is now sent correctly
• EIDM-1392: Corrected possible problems with registration.x.temporary.fields
• EIDM-1394: Changing language on registration no longer skips backend query
• EIDM-1397: Pending password change expiration no longer deletes the registered user
• EIDM-1403: Role add step can now be hidden from create user wizard
• EIDM-1420: User CN information is now updated correctly also to the SQL database
• EIDM-1421: Corrections to SSN uniqueness validation

...

• EIDM-1004: Suport for a separate validation code in the email message concerning email address change
• EIDM-1318: CustomerID backend query message format implementation
• EIDM-1342: Jersey upgrade (from 1.1x to 2.5.1)

Corrections

• EIDM-1285: Mandate delegation and removal is now logged to audit logfile
• EIDM-1311: Deleting organization now works even if there are pending mandates
• EIDM-1328: Logout corrected in case saml.custid.ap has an active session in SSO
• EIDM-1337: Role invite expire does not cause an error
• EIDM-1338: Person mandate to new user does not anymore create a duplicate pending user when there already is a pending user with same email address
• EIDM-1343: Empty or whitespace-only string as a result from backend query does not cause problems with parameter evaluation

...

• EIDM-1112: Robots.txt search engine hiding
• EIDM-1225: Role specific approval in registrations
• EIDM-1272: Creation of several organizations from multivalue registration fields
• EIDM-1290: Ubisecure favicon
• Link to Administration interface from self-service if the user has the necessary permissions

Corrections

• EIDM-1295: A problem related to role invitation renotifications has been corrected

Ubisecure CustomerID 3.11.1.34322

Corrections

• EIDM-1257: Fixed role rejection count in the user interface in case email sending fails.
• EIDM-1262: It is now possible to add roles also to disabled users.
• EIDM-1275: Corrected character encoding handling when reading backend responses.
• Nothing is automatically selected to the country list anymore.
• Added missing self.mandate.read permission to default permissions.
• Removed erronous self.edit.read permission from default permissions.
• Mandate delegation panel doesn't show pending users anymore.
• Added missing Derby starting command to Linux installation scripts.
• Corrected an erronous path in Linux uninstall script.
• Unified uninstallation in Linux so that also the Derby service will be removed in uninstall script.
• Now we accept ', ` and ´ characters in firstname and surname fields.
• Minor country ordering issue has been fixed.
• Improved out of the box authorizer support for SSO versions starting from 6.8.0.
• Corrected country selector behavior in IE 7 and IE 8. (Note that we don't actually officially support IE 7. However in this case we did a fix for it.)
• Removed extra HTML coding for certain characters that were included in backend request parameters.

...

• EIDM-1247: User contact information may be added to the role approval page
• EIDM-1222: Java updated to 64bit Java 7

Corrections

• EIDM-1142: Special characters such as "!" in the REST password value no longer cause problems (for example when updating database)
• EIDM-1228: It is again ok to send mandates to unregistered users when the mandate receiver approval is false
• EIDM-1266: Custom attributes for user can be updated via REST

Ubisecure CustomerID 3.10.1.33745

Corrections

• EIDM-1241: User information on self-service now works

...

Ubisecure CustomerID 3.9.1.33383

Corrections

• EIDM-913: Error with more than on pending user for same organization and organization is changed in approval
• EIDM-1144: Add role might cause error when selecting another organization before role search is finished
• EIDM-1174: Changing user attributes doesn't update breadcrumbs
• EIDM-1187: Self-service password change removes pending password change requirement
• EIDM-1209: User receives same email notification when he registers or changes his email, new key is: email.pendingEmailRegistration
• EIDM-1216: user.delete permission not working at user action dropdown
• Custom attributes are now supported in the role invitation wizard
• Permissions are checked properly when deciding if to enable role assignment in the role action dropdown
• Permissions are checked properly when deciding if to show user search results in the user selection step in the role assign wizard

...

• EIDM-466: Possibility to authenticate registration backend query REST calls with HTTP BASIC Authentication
• EIDM-969: Possibility to configure temporary registration fields (fields that are not stored in database)
• EIDM-1039: More user friendly way of selecting users when adding a role to multiple users
• EIDM-1052: Globally unselectable actions are no longer presented to the user
• EIDM-1070: Removed unnecessary confirmation dialog when approving users
• EIDM-1129: Performance improvements concerning mandates
• EIDM-1154: Added information footer
• EIDM-1189: More sophisticated configuration options for selecting UI messages from registration backend responses
• EIDM-1190: Possibility to disable the back button in registrations

Corrections

• EIDM-529: Duplicate error message
• EIDM-1107: Password change fails on AD if user is not active
• EIDM-1145: Approval tab counter doesn't check permission
• EIDM-1163: OTP Printout-method status is not shown correctly in Self-Service Interface
• EIDM-1168: Organization's technical name is shown instead of FriedlyName when removing role
• EIDM-1171: Changing user's password link in admin interface is not working

Ubisecure CustomerID 3.8.1.32723

Corrections

• EIDM-978: Roles are not automatically approved for new user
• EIDM-1089: Roleinvitation without organisation selection causes error
• EIDM-1092: language change does not work when creating a mandate
• EIDM-1102: CustomerID is not replying organization TechnicalName when REST get or delete function is used
• EIDM-1105: Password change link is visible to user that has no rights to edit information
• EIDM-1139: Role list when doing role request throws NPE when only one role would be shown
• EIDM-1140: Create User-button is shown in virtual organizations
• EIDM-1141: Received Mandates shows received roles with technical name

...

• EIDM-1000: Mandate listings is limited and a search functionality is implemented to find the rest of the entries
• EIDM-1001: New permission for removing issued mandates from users in the Admin UI
• EIDM-1002: Possibility to insert a user custom attribute into an email

Corrections

• EIDM-990: When selecting save or approval for an open approval, that approval is closed even if the operation failed
• EIDM-1003: User approval should not be required if the creator of the user has permission rights to approve the user
• EIDM-1094: workflow.roles.firstuser definition is applied if the user is the first one to have a role from the organization
• EIDM-1095: Some attributes are not saved to SQL if user information is changed
• EIDM-1098: Role localized names and descriptions are now shown when removing roles from users
• EIDM-1102: CustomerID is not replying organization TechnicalName when REST get or delete function is used

...

• EIDM-986: Inform in UI if user or role listing has been limited
• EIDM-942: Sampo Bank TUPAS method changed to Danske Bank
• EIDM-988: Performance improvements concerning the add user wizard
• EIDM-985: Performance improvements concerning user search
• EIDM-987: Performance improvements concerning database and LDAP updates
• EIDM-975: Organization selections lists changed to organization search in role invitation and role request wizards (This was made so that memory usage can be kept in reasonable limits with large databases)
• Performance improvements concerning role listing
• Performance improvements concerning approval listing
• Performance improvements concerning organization search

Corrections

• EIDM-989: Issue count in the tab headings is now updated without delay in approval, role and mandate tab headings
• EIDM-983: Approval reject popup now again closes after a successful reject operation

...

• EIDM-947: User search is based on SQL content instead of LDAP content
• EIDM-948: Organization lists in workflows need to be changed to organization search

Corrections

• EIDM-935: Login-attribute uniqueness is not checked
• EIDM-949: Registration workflow doesnt create virtual organizations

...

Ubisecure CustomerID 3.5.3.29169

Corrections

• Saving organization's company id in OID format fixed

...

• Approval page is faster to load
• Organization's role listing is faster and more user friendly when there is a large amount of organizations

Corrections

• Corrected edit-permission in approval page

...

• REST returns custom attributes for organizations

Corrections

• Approval UI save functionality works if reject reason is required
• Authorizer now includes the guava-11.0.2.jar library so that it does not need to be added separately

...

• EIDM-749: User approval request is validated before approving user
• EIDM-870: User status is shown when requesting user information via the REST-interface 
• User approval request can be saved without giving all the required information
• Delegating mandates to large number of users is faster
• Listing organizations is faster
• Listing organizations' users is faster

Corrections

• EIDM-856: Organization custom attributes can be used in registration and approval page
• New organizations are shown correctly in approval page
• User's email confirmation is shown correctly in approval page

Ubisecure CustomerID 3.4.3.28216

Corrections

• Fixed selecting user's organization in create user workflow
• Generation of invalid login value in self-registration and create user workflows

...

• Email messages support user's attributes as parameters
• Create User workflow supports custom attributes
• Create User workflow supports features from self-registration, configuring create user workflows has changed
• Usability improvements in organization listings and search user interfaces
• REST now supports reseting the Derby database

Corrections

• Update methods -command creates derby object for all organizations
• Mobile confirmation field can be set to disabled
• Creating deep organization additions now works in registrations
• Corrected a few serialization errors
• Corrected handling of comma characters (",") in attributes

...

• Support for custom attributes in ImportTool

Corrections

• Organization's technical name can be shown in organization's information listing
• Organization class editing is done using a drop-down list

...

• CustomerID internal database is started in CustomerID Server (service is removed)

Corrections

• CustomerID Authorizer returns inherited roles in Active Directory

...

• Improved support for large number of organizations
• Separate list for pending registration invitations

Corrections

• Email notifications were not sent for role invitations that required the approval of a newly registered user
• Information updating problem when changing the email address of the invited person in role invitations

Ubisecure CustomerID 3.3.1.26211

Corrections

• Modified organization configuration in registration

...

• EIDM-802: Role visibility defined mainly by role.listusers instead of user.read.roles permission
• Removed unnecessary version information printout from HTML header
• User export now includes user password if ubilogin directory is used as a user repository

Corrections

• Role deassignment permission was based on user organization. Now it is based on role organization
• Role invitation registration required always approval. Now approval is required based on workflow configuration

...

• EIDM-789: Remove admin.user.delete.enabled property

Corrections

• EIDM-793: Unexpected error when browsing organization
• EIDM-796: eIDMUser-role is not added when creating user through REST interface

...

• EIDM-780: Removal of roleinvite.enabled property
• EIDM-781: Removal of addrole.enabled property
• EIDM-785: Removal of createuser.enabled property
• EIDM-788: Creating a new user using the REST interface automatically assigns user to the eIDMUser group

Corrections

• Listing large number of users fails in OpenLDAP with Protocol Error

Ubisecure CustomerID 3.0.4.25334

Corrections

• Email duplicate check was not included when companyAndCustomerId field was used in registrations
• Email duplicate check did not allow registrations based on mandate invitation

Ubisecure CustomerID 3.0.3.25298

Corrections

• The role selection popup in add role functionality did not work in certain situations

Ubisecure CustomerID 3.0.2.25282

Corrections

• Email duplicate check did not include pending registrations
• Insufficient role linkage in certain registrations

Ubisecure CustomerID 3.0.1.25247

Corrections

• Role member listing did not contain mandate delegates in REST API
• Session serialization contained errors

...

• EIDM-558: Tupas authentication to be not required again when accessing the service directly after registration
• EIDM-578: Parent level support for permissions
• EIDM-733: Whitespaces should be removed from customerId-field

Corrections

• EIDM-576: Friendly Name field should support characters: '/', '(' and ')'
• EIDM-581: SSN is not saved if registration uses both Tupas and email verification
• EIDM-662: When user accesses mail/phone number editing with a direct link to self-service, accessing roles tab after that gives an error message
• EIDM-665: Return link is broken for users who have access only to one organization
• EIDM-671: When login takes too long, SAML Expiration exception is shown to the user
• EIDM-709: User doesn't see pending approvals in approval page even when he was the one inviting the pending user
• EIDM-712: Error in first sign on after a single logout
• EIDM-718: Role tab is broken after user confirm email change
• EIDM-726: Mobile number validator should accept dashes and spaces but remove them
• EIDM-727: In changing user's organization, virtual organizations are listed
• EIDM-731: User approval request emails not sent if there is no organization main user
• EIDM-736: Organization name field too long for background when using IE8
• EIDM-738: SSN saved even if configured otherwise
• EIDM-777: Null pointer exception if Tupas configuration file is missing