Please see the current Release Notes (here - scroll down to change log) for the active release change log
Ubisecure CustomerID 5.x.x
Ubisecure CustomerID 5.3.5
Corrections
- IDS-1471: Corrected MOD026 Create Pending User logic to use the defined password for user, if user doesn't define password during registration flow.
Ubisecure CustomerID 5.3.4
Corrections
- IDS-1488: Corrected registration behaviour when multiple users performed registration at the same time. This defect caused backend responses with CustomerID XML schema field
Modify type=current-user
to modify wrong user when multiple users completed registration at the same time.
Ubisecure CustomerID 5.3.3
Corrections
- IDS-1466: Corrected backend call with disabled fields. This defect prevented having a step in registration which did not contain user editable fields.
Ubisecure CustomerID 5.3.2 (14/03/2019)
Corrections
- IDS-1276: Corrected backend call error status handling for responses following the Ubisecure CustomerID XML schema.
- IDS-1277: Corrected backend call error message handling for responses following the Ubisecure CustomerID XML schema.
- IDS-1330: Corrected parametrized role assignment in registrations when a temporary attribute is used in the role definition.
- IDS-1335: Corrected some performance problems with the organization's role tab when roles from sub organizations are also included.
Ubisecure CustomerID 5.3.1 (29/01/2019)
Corrections
- IDS-1275: Corrected unintentional decryption of user attributes.
- See notification from Known issues - CustomerID.
...
- IDS-593: Various minor improvements in the error reporting of command line scripts in the tools folder.
- IDS-698: Added security related flags (
secure
andhttp-only
) to session cookies. - IDS-111: Security update of 3rd party libraries.
- See documentation from 3rd party licenses - CustomerID.
- IDS-184: CustomerID now supports internationalized email addresses.
- IDS-804: Roles in mandates are listed more clearly in the user interface.
Corrections
- IDS-972: Corrected enabling pending user via REST call
MOD004 Update User
.- See documentation from REST API 2.0 - CustomerID.
- IDS-1064: Corrected information updating concerning the OTP authentication method in Self-Service user interface.
- IDS-759: Corrected response of REST API call
REQ015 Query Registration
when no result could not be found. Now we return404 Not Found
instead of500 Internal Server Error
.- See documentation from REST API 1.2 - CustomerID.
- IDS-1060: Corrected Lost Password wizard.
- IDS-742: Corrected validation error message when trying to input an already existing email address.
- IDS-421: Corrected role handling in REST API call
MOD022 Update Mandate Template
. - IDS-803: Corrected values of resource keys when using the "show resource keys" language in mandate related user interface screens.
- IDS-805: Corrected sending person originated mandate invite to new organization.
- IDS-806: Correction to approval using the drop down action list.
- IDS-807: Corrected several issues with the addrole configuration.
- See documentation from User interface properties - CustomerID.
- IDS-808: Corrected role request approvals.
- IDS-839: Corrected error messages for UniqueAttributeValidator concerning the login attribute.
- IDS-875: Corrected
companyid
andcustomerid
attribute handling in registrations. - IDS-997: Corrected roles listing when using
ui.organization.roles.recursive=true
. - IDS-1059: Corrected confirmation thresholds.
Ubisecure CustomerID 5.2.18 (23/03/2018)
Corrections
- IDS-654: Fixed duplicate user check based on SSN in registrations
Ubisecure CustomerID 5.2.17 (19/03/2018)
Corrections
- IDS-634: Fixed an error with confirmation functionality in registrations
- IDS-566: Fixed REST call GET106 List Organizations for organizations that have no custom attributes
Ubisecure CustomerID 5.2.16 (02/03/2018)
Corrections
- IDS-581: Fixed potential error situation with logging
- IDS-601: Fixed erronous sending of multiple data confirmation notifications
...
- IDS-440: Performance improvement for role approvals in approval tabs
Corrections
- IDS-458: Password change related feedback messages have been fixed
...
- IAM-2709: User search now checks that all inputs match search results
- IAM-2077, IAM-1247: CustomerID workers have been separated from the main EAR
- IAM-2665: Domain whitelisting for CSRF check
- See
general.accepted.origin.whitelist
configuration property documentation from General properties - CustomerID.
- See
- IAM-2705: Configurable favicon
- See documentation from Configuration files related to customization - CustomerID.
- IAM-2833: Unicode support for built-in email address format validator
- IAM-718: User status can be defined in a human readable way in REST filters
- IAM-2284: Organization path is visible in summary step when inviting user to multiple roles
Corrections
- IAM-2711, IAM-2744: Possible problems with role invitation to existing user fixed
- IAM-2671: Fixed rejecting role invitations to existing users
- IAM-2687: Fixed name change when Active Directory is in use
- IAM-2633: Fixed email notification concerning pending user approval
- IAM-2636: Fixed unnecessary email renotification to pending user when user was waiting for approval
- IAM-2888: Fixed predefined role requests
- IAM-2896: Fixed organization removal in case there is an open role invitation for a new user
- IAM-3018: Fixed unwanted built-in attribute mandatoriness
...
- Workers have been separated to their own EAR
- Reorganization of some JARs
Corrections
- IAM-2064: Long organization names are no longer truncated in role add dialogue
Ubisecure CustomerID 5.1.5 (25/04/2017)
Corrections
- New version of cid-sso-adapter that does not add duplicate libraries into Ubisecure SSO when it is installed.
...
- Performance improvements
- IAM-1946: Updated WildFly version to 10.1.0.Final
- IAM-2005: CSRF prevention checks added
Corrections
- IAM-1842: Modify operations targeted to current-user from backend now work for existing user
- IAM-1947: Importtool saves locale to SQL
- IAM-2035: Corrected a possible NullPointerException in a certain type of role invitation
...
- Performance improvements
- CID-90: CustomerID uses built-in WildFly (instead of Tomcat)
- CID-112: CustomerID is packaged as an Enterprise Archive (EAR)
- CID-89: CustomerID uses Java 8
- CID-288: Updated Apache Wicket user interface framework version to 7.4.0
- CID-482: CustomerID logging can be configured via WildFly also logging format structure has been improved
Corrections
- CID-726: Corrected situation where REST response sometimes included a -1 value in port number
...
Ubisecure CustomerID 4.6.0 (29/02/2016)
Corrections
- IAM-45: Notification about pending role reception approval is now sent to new user after successful registration
- IAM-154: User interface handles long organization name in organization search results correctly
- IAM-1182: REST password change validates given password against the configured password policy.
...
- IAM-750: REST Query to list mandates received/sent by an organization/user
Corrections
- IAM-170: Invitation renotification email show correct links
- IAM-899: Role invitation wizard changes. Mail template step removed.
- IAM-921: Organization user list and search performance improved when listing users by roles
- IAM-1111: Updating e-mail address works correctly in AD with long emails (>20 characters)
- IAM-740: CID Lostpwd shows now actual login ID to user
Ubisecure CustomerID 4.4.1 (30/09/2015)
Corrections
- IAM-944: Registration allows creation of duplicate users when SSN matches
- IAM-949: When loginusernprincipalname is used as login then no new users can be created
- IAM-971: Validators are not working on user approval
- IAM-945: CID should not include client IP address in AuthnStatement/SubjectLocality in SAML AP requests
...
- IAM-736: Organizations can be created with unique random string identifier automatically
- IAM-794: Structured authorizer role information
- IAM-821: REST: Search organizations by using any attribute
Corrections
- IAM-909: User transfer from organization to another fails
...
Improvements
- Performance improvements
Corrections
- IAM-775: Wrong language when transferring from registration to application
- IAM-847: /eidm2/wf/changepwd operation based on temporary token instead of permanent one
- IAM-260: REST: Creating ORG2ORG mandates fails
...
- IAM-747: A new way to configure authentication method activation step in registrations. It is now possible to also activate (link) external authentication methods to the created user account.
Corrections
- IAM-738: Automatic role approvals after registration now work also for role invitations made using the REST-interface
Ubisecure CustomerID 4.2.1.39626
Corrections
- IAM-725: Also pending users can now be searched via REST-interface
...
- IAM-48: TUPAS methods can be grouped in user driven federation
- IAM-229: Locale field can now be used also in role invitation wizard
Corrections
- IAM-56: Mistyped email confirmation code no longer leads to an application error
- IAM-39: In CustomerID Admin interface, organization name change now updates the view immediately
- IAM-21: UI layout is no longer broken on approval tab (it was broken when using Firefox)
- IAM-23: User custom attributes are saved when uniqueID attribute is used in user import
- IAM-168: organization.class.default.restrictedRoleInvite no longer shows extra role in organization view
...
- Product name has beed changed from Ubisecure CustomerID to GlobalSign CustomerID
- Configurable validation for attribute values
- User driven federation support
- More mobile friendly user interface
- Registration fields can be prefilled from authentication method attributes
- EIDM-1340: Automatic generation of organization technical name
- EIDM-1372: Delete User REST query by user ID
- EIDM-1384: Second web agent for CustomerID
- EIDM-1391: Return URL can be given for registrations as an URL parameter
- EIDM-1401: Verification step in registrations can now support also other authentication methods than TUPAS
- EIDM-1348: Role invitation information can be queried via REST using user ID Improvements
- Attribute validation is performed also for REST calls
- Several performance improvements concerning large user amounts
- EIDM-1349: Update user REST call can be used also for pending users
- EIDM-1350: Query user REST call can be made based on user ID
- EIDM-1351: Update user REST call can be made based on user ID
- EIDM-1373: Listing users via REST can use any attribute for filtering results
- EIDM-1374: Query Role REST call can be made based on role ID
Corrections
- EIDM-173: Bank authentication (TUPAS) method name, title, and logo are now configurable
- EIDM-572: Password change error messages are no longer duplicated
- EIDM-598: An unknown TUPAS method in the properties does not present an exception in the browser
- EIDM-618: Long information does not break the registration confirmation step display
- EIDM-859: We will correctly report an error message if someone tries to create a sub organization that has the same name as a role in the parent organization
- EIDM-920: Database update is now quicker
- EIDM-991: Approval does not close if mandatory fields are left empty when approving
- EIDM-1198: Removing multiple users is now quicker
- EIDM-1204: Organization filtering is now quicker
- EIDM-1255: Users imported with unique ID defined now get proper status
- EIDM-1267: Custom usernames can now have validation via the new validation configuration option
- EIDM-1294: Documentation updated concerning removed email.corporateRegisterEmail.message key from mail message configuration
- EIDM-1377: Password change wizard now only sends the correct email message instead of two different messages
- EIDM-1379: Verification now works also in protected registrations
- EIDM-1381: Welcome message is sent for new user after create user wizard also when email confirmation is not required
- EIDM-1383: Password change now only sends the correct email message and not two different ones
- EIDM-1386: Reminder message about user registration is now sent correctly
- EIDM-1392: Corrected possible problems with registration.x.temporary.fields
- EIDM-1394: Changing language on registration no longer skips backend query
- EIDM-1397: Pending password change expiration no longer deletes the registered user
- EIDM-1403: Role add step can now be hidden from create user wizard
- EIDM-1420: User CN information is now updated correctly also to the SQL database
- EIDM-1421: Corrections to SSN uniqueness validation
...
- EIDM-1004: Suport for a separate validation code in the email message concerning email address change
- EIDM-1318: CustomerID backend query message format implementation
- EIDM-1342: Jersey upgrade (from 1.1x to 2.5.1)
Corrections
- EIDM-1285: Mandate delegation and removal is now logged to audit logfile
- EIDM-1311: Deleting organization now works even if there are pending mandates
- EIDM-1328: Logout corrected in case saml.custid.ap has an active session in SSO
- EIDM-1337: Role invite expire does not cause an error
- EIDM-1338: Person mandate to new user does not anymore create a duplicate pending user when there already is a pending user with same email address
- EIDM-1343: Empty or whitespace-only string as a result from backend query does not cause problems with parameter evaluation
...
- EIDM-1112: Robots.txt search engine hiding
- EIDM-1225: Role specific approval in registrations
- EIDM-1272: Creation of several organizations from multivalue registration fields
- EIDM-1290: Ubisecure favicon
- Link to Administration interface from self-service if the user has the necessary permissions
Corrections
- EIDM-1295: A problem related to role invitation renotifications has been corrected
Ubisecure CustomerID 3.11.1.34322
Corrections
- EIDM-1257: Fixed role rejection count in the user interface in case email sending fails.
- EIDM-1262: It is now possible to add roles also to disabled users.
- EIDM-1275: Corrected character encoding handling when reading backend responses.
- Nothing is automatically selected to the country list anymore.
- Added missing self.mandate.read permission to default permissions.
- Removed erronous self.edit.read permission from default permissions.
- Mandate delegation panel doesn't show pending users anymore.
- Added missing Derby starting command to Linux installation scripts.
- Corrected an erronous path in Linux uninstall script.
- Unified uninstallation in Linux so that also the Derby service will be removed in uninstall script.
- Now we accept ', ` and ´ characters in firstname and surname fields.
- Minor country ordering issue has been fixed.
- Improved out of the box authorizer support for SSO versions starting from 6.8.0.
- Corrected country selector behavior in IE 7 and IE 8. (Note that we don't actually officially support IE 7. However in this case we did a fix for it.)
- Removed extra HTML coding for certain characters that were included in backend request parameters.
...
- EIDM-1247: User contact information may be added to the role approval page
- EIDM-1222: Java updated to 64bit Java 7
Corrections
- EIDM-1142: Special characters such as "!" in the REST password value no longer cause problems (for example when updating database)
- EIDM-1228: It is again ok to send mandates to unregistered users when the mandate receiver approval is false
- EIDM-1266: Custom attributes for user can be updated via REST
Ubisecure CustomerID 3.10.1.33745
Corrections
- EIDM-1241: User information on self-service now works
...
Ubisecure CustomerID 3.9.1.33383
Corrections
- EIDM-913: Error with more than on pending user for same organization and organization is changed in approval
- EIDM-1144: Add role might cause error when selecting another organization before role search is finished
- EIDM-1174: Changing user attributes doesn't update breadcrumbs
- EIDM-1187: Self-service password change removes pending password change requirement
- EIDM-1209: User receives same email notification when he registers or changes his email, new key is: email.pendingEmailRegistration
- EIDM-1216: user.delete permission not working at user action dropdown
- Custom attributes are now supported in the role invitation wizard
- Permissions are checked properly when deciding if to enable role assignment in the role action dropdown
- Permissions are checked properly when deciding if to show user search results in the user selection step in the role assign wizard
...
- EIDM-466: Possibility to authenticate registration backend query REST calls with HTTP BASIC Authentication
- EIDM-969: Possibility to configure temporary registration fields (fields that are not stored in database)
- EIDM-1039: More user friendly way of selecting users when adding a role to multiple users
- EIDM-1052: Globally unselectable actions are no longer presented to the user
- EIDM-1070: Removed unnecessary confirmation dialog when approving users
- EIDM-1129: Performance improvements concerning mandates
- EIDM-1154: Added information footer
- EIDM-1189: More sophisticated configuration options for selecting UI messages from registration backend responses
- EIDM-1190: Possibility to disable the back button in registrations
Corrections
- EIDM-529: Duplicate error message
- EIDM-1107: Password change fails on AD if user is not active
- EIDM-1145: Approval tab counter doesn't check permission
- EIDM-1163: OTP Printout-method status is not shown correctly in Self-Service Interface
- EIDM-1168: Organization's technical name is shown instead of FriedlyName when removing role
- EIDM-1171: Changing user's password link in admin interface is not working
Ubisecure CustomerID 3.8.1.32723
Corrections
- EIDM-978: Roles are not automatically approved for new user
- EIDM-1089: Roleinvitation without organisation selection causes error
- EIDM-1092: language change does not work when creating a mandate
- EIDM-1102: CustomerID is not replying organization TechnicalName when REST get or delete function is used
- EIDM-1105: Password change link is visible to user that has no rights to edit information
- EIDM-1139: Role list when doing role request throws NPE when only one role would be shown
- EIDM-1140: Create User-button is shown in virtual organizations
- EIDM-1141: Received Mandates shows received roles with technical name
...
- EIDM-1000: Mandate listings is limited and a search functionality is implemented to find the rest of the entries
- EIDM-1001: New permission for removing issued mandates from users in the Admin UI
- EIDM-1002: Possibility to insert a user custom attribute into an email
Corrections
- EIDM-990: When selecting save or approval for an open approval, that approval is closed even if the operation failed
- EIDM-1003: User approval should not be required if the creator of the user has permission rights to approve the user
- EIDM-1094: workflow.roles.firstuser definition is applied if the user is the first one to have a role from the organization
- EIDM-1095: Some attributes are not saved to SQL if user information is changed
- EIDM-1098: Role localized names and descriptions are now shown when removing roles from users
- EIDM-1102: CustomerID is not replying organization TechnicalName when REST get or delete function is used
...
- EIDM-986: Inform in UI if user or role listing has been limited
- EIDM-942: Sampo Bank TUPAS method changed to Danske Bank
- EIDM-988: Performance improvements concerning the add user wizard
- EIDM-985: Performance improvements concerning user search
- EIDM-987: Performance improvements concerning database and LDAP updates
- EIDM-975: Organization selections lists changed to organization search in role invitation and role request wizards (This was made so that memory usage can be kept in reasonable limits with large databases)
- Performance improvements concerning role listing
- Performance improvements concerning approval listing
- Performance improvements concerning organization search
Corrections
- EIDM-989: Issue count in the tab headings is now updated without delay in approval, role and mandate tab headings
- EIDM-983: Approval reject popup now again closes after a successful reject operation
...
- EIDM-947: User search is based on SQL content instead of LDAP content
- EIDM-948: Organization lists in workflows need to be changed to organization search
Corrections
- EIDM-935: Login-attribute uniqueness is not checked
- EIDM-949: Registration workflow doesnt create virtual organizations
...
Ubisecure CustomerID 3.5.3.29169
Corrections
- Saving organization's company id in OID format fixed
...
- Approval page is faster to load
- Organization's role listing is faster and more user friendly when there is a large amount of organizations
Corrections
- Corrected edit-permission in approval page
...
- REST returns custom attributes for organizations
Corrections
- Approval UI save functionality works if reject reason is required
- Authorizer now includes the guava-11.0.2.jar library so that it does not need to be added separately
...
- EIDM-749: User approval request is validated before approving user
- EIDM-870: User status is shown when requesting user information via the REST-interface
- User approval request can be saved without giving all the required information
- Delegating mandates to large number of users is faster
- Listing organizations is faster
- Listing organizations' users is faster
Corrections
- EIDM-856: Organization custom attributes can be used in registration and approval page
- New organizations are shown correctly in approval page
- User's email confirmation is shown correctly in approval page
Ubisecure CustomerID 3.4.3.28216
Corrections
- Fixed selecting user's organization in create user workflow
- Generation of invalid login value in self-registration and create user workflows
...
- Email messages support user's attributes as parameters
- Create User workflow supports custom attributes
- Create User workflow supports features from self-registration, configuring create user workflows has changed
- Usability improvements in organization listings and search user interfaces
- REST now supports reseting the Derby database
Corrections
- Update methods -command creates derby object for all organizations
- Mobile confirmation field can be set to disabled
- Creating deep organization additions now works in registrations
- Corrected a few serialization errors
- Corrected handling of comma characters (",") in attributes
...
- Support for custom attributes in ImportTool
Corrections
- Organization's technical name can be shown in organization's information listing
- Organization class editing is done using a drop-down list
...
- CustomerID internal database is started in CustomerID Server (service is removed)
Corrections
- CustomerID Authorizer returns inherited roles in Active Directory
...
- Improved support for large number of organizations
- Separate list for pending registration invitations
Corrections
- Email notifications were not sent for role invitations that required the approval of a newly registered user
- Information updating problem when changing the email address of the invited person in role invitations
Ubisecure CustomerID 3.3.1.26211
Corrections
- Modified organization configuration in registration
...
- EIDM-802: Role visibility defined mainly by role.listusers instead of user.read.roles permission
- Removed unnecessary version information printout from HTML header
- User export now includes user password if ubilogin directory is used as a user repository
Corrections
- Role deassignment permission was based on user organization. Now it is based on role organization
- Role invitation registration required always approval. Now approval is required based on workflow configuration
...
- EIDM-789: Remove admin.user.delete.enabled property
Corrections
- EIDM-793: Unexpected error when browsing organization
- EIDM-796: eIDMUser-role is not added when creating user through REST interface
...
- EIDM-780: Removal of roleinvite.enabled property
- EIDM-781: Removal of addrole.enabled property
- EIDM-785: Removal of createuser.enabled property
- EIDM-788: Creating a new user using the REST interface automatically assigns user to the eIDMUser group
Corrections
- Listing large number of users fails in OpenLDAP with Protocol Error
Ubisecure CustomerID 3.0.4.25334
Corrections
- Email duplicate check was not included when companyAndCustomerId field was used in registrations
- Email duplicate check did not allow registrations based on mandate invitation
Ubisecure CustomerID 3.0.3.25298
Corrections
- The role selection popup in add role functionality did not work in certain situations
Ubisecure CustomerID 3.0.2.25282
Corrections
- Email duplicate check did not include pending registrations
- Insufficient role linkage in certain registrations
Ubisecure CustomerID 3.0.1.25247
Corrections
- Role member listing did not contain mandate delegates in REST API
- Session serialization contained errors
...
- EIDM-558: Tupas authentication to be not required again when accessing the service directly after registration
- EIDM-578: Parent level support for permissions
- EIDM-733: Whitespaces should be removed from customerId-field
Corrections
- EIDM-576: Friendly Name field should support characters: '/', '(' and ')'
- EIDM-581: SSN is not saved if registration uses both Tupas and email verification
- EIDM-662: When user accesses mail/phone number editing with a direct link to self-service, accessing roles tab after that gives an error message
- EIDM-665: Return link is broken for users who have access only to one organization
- EIDM-671: When login takes too long, SAML Expiration exception is shown to the user
- EIDM-709: User doesn't see pending approvals in approval page even when he was the one inviting the pending user
- EIDM-712: Error in first sign on after a single logout
- EIDM-718: Role tab is broken after user confirm email change
- EIDM-726: Mobile number validator should accept dashes and spaces but remove them
- EIDM-727: In changing user's organization, virtual organizations are listed
- EIDM-731: User approval request emails not sent if there is no organization main user
- EIDM-736: Organization name field too long for background when using IE8
- EIDM-738: SSN saved even if configured otherwise
- EIDM-777: Null pointer exception if Tupas configuration file is missing