Versions Compared

Old Version 1

changes.mady.by.user John Jellema

Saved on

compared with

New Version Current

changes.mady.by.user ubisebastian

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Please see the current Release Notes (here - scroll down to change log) for the active release change log

...

  • IDS-2770 - CustomerID REST API 2.1 has been updated with "PUT117 Reinvite User" (the endpoint was later renamed to "PUT123 Reinvite User" in the documentation). This allows an Administrator send a new email to a user with status "Waiting for registration". This might be useful if the user that is waiting to register has lost their invitation email or if their email address was invalid an Administrator can update the email and reinvite the user without having to start the process from scratch. Please find more information about this API call in REST API 2.1 - CustomerID

Improvements

  • IDS-2851 - policy.password.history = N configuration in SSO for CustomerID password method (password.2) now works as expected. If N is set to be 3, the user is unable to update their password to their current one or to the 2 previous ones
  • IDS-1947 - Input fields in pop-up windows are now pre-selected. This removes the need to select the input field before entering the verification code in, for example, mobile or email verification during registration
  • IDS-2227 - Two node upgrade on Windows - CustomerID documentation are updated and tested with Windows Server 2019

Corrections

  • IDS-2943 - Inviting a user to a role through mandates when the user did not have previous mandate objects available caused errors in the CustomerID UI although role was added. This has now been resolved and correct message is displayed to the Administrator.
  • IDS-2709 - Registering a user without filling in optional custom attribute field previously caused a stack trace error and did not populate SQL db with user information. This has now been resolved and optional custom attributes can again be used within registration.

CustomerID 5.7.0 (20/01/2021)

New Features

  • IDS-2766 - CustomerID REST API now support OAuth2 access tokens for authentication. This allows Administrators to enable access to specific users instead of relying on hardcoded username and password being distributed throughout the organisation. More information on how to configure this for your system can be found from Configuring OAuth2 authentication for REST API
  • IDS-2767 - API calls using OAuth2 access tokens have been added to audit logs. This will allow Administrators of the system to better monitor which users are using with API calls compared to previous hardcoded username and password. More information can be found from Logging - CustomerID
  • IDS-2768 - Administrators are able to disable basic HTTP authentication and query parameter authentication using simple username and password for REST APIs to make sure REST calls can only be done with OAuth2 access tokens. See REST API configuration options - CustomerID for details

Improvements

  • IDS-2707 - CustomerID dependencies have been updated to remove vulnerabilities. You can find the latest versions used in the CustomerID Table 1 on 3rd party licenses - CustomerID
  • IDS-2855 - CustomerID REST API 1.0 has been updated to use same authentication methods as other API versions. Information on how to use different authentications can be found from REST API authentication - CustomerID

CustomerID 5.6.0 (05/11/2020)

...

  • IDS-2616 - Language keys in messages_xx.properties have been change to be case-insensitive to help Administrators with localisation

Corrections

  • IDS-2446 - Updating email address for a user through the Administrator GUI now updates all required fields in the database. One field was previously not updated and caused issues with new registrations for previously registered email addresses
  • IDS-2528 - Emptying custom attribute field through API 2.0 (MOD04) now also empties the LDAP field. This field was previously left populated while the SQL field was emptied
  • IDS-2650 - Duplicate language keys in messages_en.properties have been removed. With this fix, there was a change to the role removal confirmation language key "general.ui.actions.removerole" that has been replaced with "general.ui.confirm.removerole". Changes between versions can be found from Configuration changes in versions - CustomerID
  • IDS-2640 - Emptying custom attribute field mapped to SSN through API 2.0 (MOD04) now also empties the LDAP field. This was previously left populated while the SQL field was emptied

...

  • IDS-2225 - Improved version handling of CustomerID components in order to have a better understanding of which version is currently installed. Deployment of correct (i.e. same as the release version) versioned components are shown in the logs

Corrections

  • IDS-2304 - CustomerID again shows the full path of the organisation in the organisation search results in Administration view, this previously only showed the organisation friendly name
  • IDS-2330 - CustomerID roles for main and sub-organisations are again shown in different tables if configured to search for roles in sub-organisations as well (ui.organization.roles.recursive = true)

CustomerID 5.4.1 (18/12/2019)

...

  • IDS-2255 - Query User REST calls in API 2.0 and 2.1 has been updated to also include organizationEntityName and organizationId in the response. More information about what values are returned can be found from REST API 2.0 - CustomerID and REST API 2.1 - CustomerID

Corrections

  • IDS-1467 - There was an ability to alter Organisational structure during the Approval of pending users.  This feature was implemented erroneously and has been removed from the Pending User approval tab. Utilising this feature, in CustomerID 5.4.0 and previous versions will result in a synchronisation error to occur between LDAP and SQL records for all pending users in the modified Organization
  • IDS-81 - Fix for User Defined Federation logout when locale is included in URL
  • IDS-2167 - Fix for NullPointerException in REST API 1.0 REQ004b "Query Organizations" when querying an organization in a non-case sensitive manner
  • IDS-2203 - Fix for Query requests in REST API 2.0 and 2.1 where additional parameters (i.e. exactMatch) are used. In CustomerID 5.4.0 the additional parameters are not considered in the requests. More information about the additional parameters and usage can be found from REST API 2.0 - CustomerID and REST API 2.1 - CustomerID
  • IDS-1704 - Fix for updating user attributes returned by CustomerID backend call during registration process. See documentation on how to use Backend query configuration - CustomerID
  • IDS-2300 - Fix for sending API requests through proxy using X-Forwarded-For with multiple IPs. This previously resulted in UnknownHostException and incorrect client IP was logged
  • IDS-1415 - Fix for Application error if user has pressed Enter key during email confirmation in registration. This fix only resolves error condition, Enter key can still not be used to confirm the email address in registration
  • IDS-1521 - Fix for Administrators to be able to change pending user's organization in approval stage. There are still a few identified issues related to changing organization for pending users, IDS-2311 (changing main organization fails to create new sub-organization) and IDS-2312 (changing technical name of organization to name with Scandinavian letters) 
  • IDS-2301 - Fix for encrypted organization custom attributes if there is an empty value in the field or one of the organizations. Previously this would return Internal Error when querying organization with REST API 2.1

CustomerID 5.4.0 (12/11/2019)

...

  • IDS-80 - CustomerID now supports locale (language setting) URL parameter in registration
  • IDS-209 - Search field and "Filter results"-button is hidden if there are no mandates present
  • IDS-949 - CustomerID now supports configuration for locale parameter in returnURL (General properties - CustomerID)
  • IDS-1079 - Updated CustomerID external library (3rd party) dependencies (3rd party licenses - CustomerID)
  • IDS-1110 - Documented the following : CustomerID database migration from 5.x.x to 5.4 (Single node upgrade - CustomerID)
  • IDS-1168 - REST POST log entries are configurable for testing purposes (General properties - CustomerID)
  • IDS-1314 - Removed unnecessary "Are you sure you want to leave this page?" window in mandate role delegation screen
  • IDS-1568 - Enabled apostrophe ' as valid character in email address, i.e. john.o’reilly@ubisecureo’reilly@ubisecure.com

Corrections

Approvals

  • IDS-1028 - Fix for cancelling rejection of role approval. If an approver cancels the rejection of role approval, the role does not get removed anymore
  • IDS-1081 - Approval tab button now updates the number of pending approvals if users that have pending approvals get deleted
  • IDS-1126 - Fix for expiration of pending users if approval is required
  • IDS-1198 - Fix for deletion of pending user if a role was added to the user through approval tab
  • IDS-1388 - Fix for unnecessary "Are you sure you want to leave this page?" window in approval rejection
  • IDS-1408 - Fix for deletion of pending user. Previously there might have been references left in the organization where there pending user was created

...

...

  • IDS-1114 - Fix to ensure that Administrators can not unlink strongly authenticated accounts which use UDF linking
  • IDS-1300 - Fix for moving user to another organization in order not to save extra custom attribute to SQL anymore
  • IDS-1331 - Fix for invalid error message after successful mobile phone verification
  • IDS-1366 - Fix for removing sub-organization so that it no longer redirects the user to the frontpage
  • IDS-1371 - Error messages fixed to highlight which input fields do not meet requirements
  • IDS-1378 - Fix for importing users with uniqueID that is not 36 characters
  • IDS-1384 - Fix for when changing organization branch or organization identifier a unnecessary pop up "do you want to leave" does not appear anymore
  • IDS-1386 - Fix for when changing to a new password that is longer than 64 digits, the password is no longer shown in the error message
  • IDS-1414 - Updated documentation related to Organization Technical Name validator (Data model - CustomerID)
  • IDS-1470 - Fixed check/uncheck all check box

...

  • IDS-687 - Fix for duplicate user check in registration, blocked waiting for registration users
  • IDS-735 - Fixed unnecessary email sent when changing password for pending user
  • IDS-1205 - Fix for notification about user registration is sent to the inviter
  • IDS-1369 - If user gives too long password in registration, the default validation message does not show the password anymore
  • IDS-1581 - Fixed email / mobile phone validation check when user tries to register with invalid information

REST API

  • IDS-661 - Permit listing all organization attributes from a single REST call (REST API 2.0 - CustomerIDREST API 2.1 - CustomerID)
  • IDS-816 - Removed stack trace from CustomerID diag log file for many REST calls
  • IDS-1005 - Removed internal server error when using REST API v2.1: POST /organizations.  Error is now correctly shown as a HTTP 201 client side error
  • IDS-1125 - Fix for REST: MOD014: Create mandate approval to permit administrator to set to true to false (always approved or always requested)
  • IDS-1240 - Fix for UI error when role invite is sent to user whose account was originally created via REST
  • IDS-1317 - Fix for REST API PUT103 operation to update a users password and make an audit log entry.
  • IDS-1422 - Removed URL pluralisation in MOD026 Create Pending user (REST 1.2) where URL path should be singular (“pendinguser” not “pendingusers”). REST: Create Registration/Pending user returns invalid url
  • IDS-1423 - Fix for REST MOD014 : Create duplicate mandate to return 409 conflict instead of 400 Bad Request
  • IDS-1435 - Fix in search behaviour for all REST calls where the user data contains potential wildcard characters (i.e. underscore, hyphen or period in a user email address)
  • IDS-1471 - Fix for REST operation MOD026 Create Pending User to set a default password rather than creating the user with no password (uncorrected behaviour required Admin to set an initial password for each new user manually)

Roles

  • IDS-1295 - Fixed role search to ensure duplicate entries are not shown
  • IDS-1077 - Removed an error message shown to administrator when they send a reminder or re-invitation to a pending user
  • IDS-1189 - Resized the Add Role popup window layout for ease of viewing
  • IDS-1197 - Fix for logged error message when role invite is sent via UI to new user who is waiting for registration
  • IDS-1364 - Removed visibility of Add Role button from users who do not have administration permission
  • IDS-1403 - Fixed error which permitted a user Role invitation when an organization is not set
  • IDS-1447 - Fix for error when an existing user requests access to a pre-selected role
  • IDS-1570 - Fixed pending user registration via REST MOD026 to assign additional roles (new users created within existing organisation should received pre-assigned roles)

Ubisecure CustomerID 5.3.5 (27/06/2019)

...