Please see the current Release Notes (here - scroll down to change log) for the active release change log

Ubisecure SSO 8.x.x

Ubisecure SSO 8.3.8 (24/10/2019)

This release improves the compatibility with Finnish Trust Network. It also includes improvements on general OpenID Connect compatibility.

Improvements

• IDS-2037: OpenID Connect: Ability to duplicate parameters outside the request object when sending Authorization requests as JWTs

• IDS-2107: OpenID Connect: Implementation of Key ID in JWKs, JWS and JWE

• IDS-2108: OpenID Connect: Send client_id as a request parameter in Token requests when using client assertions

• IDS-2110: OpenID Connect: Ability to perform relaxed or strict JWT aud claim validation

• IDS-2113: OpenID Connect: Improved UI locale handling

• IDS-2114: OpenID Connect: Ability to perform Authentication request with HTTP POST instead of GET

• IDS-2115: OpenID Connect:: Include the aud claim in client assertions

• IDS-2164: OpenID Connect: Ability to define static ubisecure_request_parameters to be sent with Authorization requests

Ubisecure SSO 8.3.7

• This version was omitted from public consumption due to limited use functionality

Ubisecure SSO 8.3.6 (12/04/2019)

Improvements

• IDS-1412: Improvements in support for Redis Cluster failover during server startup and runtime.

  • SSO now supports configuring more than one initial seed nodes which are used during SSO startup. Instructions on setting the initial seed nodes can be found here.

  • SSO now recovers from changes in the Redis cluster's topology during runtime, such as nodes going down and back up.

• IDS-1460: The errors "User not found" and "Invalid credentials" are no longer revealed in "subStatus" attribute of the JSON object "view", which can be found when viewing the page source of the login page.

Ubisecure SSO 8.3.5 (01/03/2019)

Corrections

• IDS-1354: Fixed warning of missing library file commons-daemon.jar in application server log during startup

  • This issue occurred in version 8.3.4 but does not cause regression other than the warning note in the logs

Ubisecure SSO 8.3.4 (21/02/2019)

New Features

• IDS-1308: Finnish Trust Network: Support for SAML2 LG extension as specified in FTN SAML2 Profile v1.0 chapter 3.5.3.1.

  • SSO is now able to read the LG extension from inbound SAML 2.0 Authentication Requests and use it as the login UI locale; and write it to outbound SAML 2.0 Authentication Requests.

  • For SAML 2.0 Authentication Methods, writing the extension in an Authentication Request requires a new Compatibility Flag FinnishTrustNetwork set for the method.

  • For SAML 2.0 Applications, the Extension is read from an Authentication Request automatically if one is available.

Corrections

• IDS-1326: Running the setup.sh for Enterprise Linux doesn't require high system entropy.

  • This was an errored requirement used only in 8.3.2 and 8.3.3

• IDS-1279: Mobile Connect Authentication v1.1: Error responses for Mobile Connect authentication requests are now compatible with the updated Authentication 1.1 profile.

Ubisecure SSO 8.3.3 (17/01/2019)

New Features

• IDS-1146: One-time password format in OAuth SMS/SMTP grant can be freely formatted.

  • Check the documentation from Configuration of unregistered SMTP - SSO and Installing SMS authentication method - SSO.

Ubisecure SSO 8.3.2 (14/01/2019)

New Features

• IDS-1117: Support for HTML emails in OAuth SMTP-OTP Grant.

  • You can set a new parameter in OAuth and our language files to set an explicit content type for emails and if omitted then plain text will be used for backward compatibility.

  • Check the documentation from Configuration of unregistered SMTP - SSO and Password Reset application internationalization - SSO.

Corrections

• IDS-947: Corrected ForceAuthn authentications when user has already an existing authentication.

• IDS-1037: Made it possible to update Tomcat version.

  • Check the RefreshServlet security chapter from Security considerations for production environments - SSO and Configuring CORS with credentials - SSO.

• IDS-1106: Corrected JWK interoperability issue with Chrome browser.

Ubisecure SSO 8.3.0 (12/10/2018)

New Features

• IDS-270: Password Reset - A new web application for resetting a forgotten password.

  • More information in the documentation.

• IDS-639: Support for Swedish BankID via external Authentication Adapter using Ubisecure Backchannel Authentication Adapter (UBAA) Authentication Method.

  • Technical information, installing and configuring Swedish BankID Authentication Adapter is described here

  • Installing the Ubisecure Backchannel Authentication Adapter Authentication Method is described here

    • SSO Management UI supports configuration by providing new method type Backchannel Authentication Adapter

Impovements

• IDS-963: The LDAP search for finding a ubiloginAuthMapping entry in the Ubilogin Directory, that is performed each time a user is authenticated, consumes less resources

• IDS-78: LDAPS support for SSO install.sh, export.sh and import.sh

• IDS-388: The default font size for error messages is increased from 0.8em to 1.1em

Corrections

• IDS-60: Disabled users cannot log in to applications with accounts that are linked by User Driven Federation.

  • When a user authenticates with a federated identity and a matching local account is returned by a FederationManager implementation (i.e. CIDFederationManager or UbiloginFederationTable), the local account status is now verified and the access is denied if the status is not valid.

  • The workaround fix Preventing disabled users from logging in with user driven federation as described in the page User driven federation is not needed anymore.

• IDS-1014: SSO management doesn't disclose the client_secret for OAuth2 application agents

  • When uploading a client metadata to an OAuth 2.0 application agent using the SSO Management Console, if the metadata contains a client_secret, the client_secret is now removed before storing the metadata in the agent configuration in Ubilogin Directory.

    • Prior to 8.3, the client_secret was not removed, but stored as is in the agent configuration in Ubilogin Directory.

  • Furthermore, even if the client_secret has already been stored in the agent configuration, as may be the case for agents that have already been activated prior to SSO 8.3, the client_secret will now not be shown in the SSO Management Console nor in the SSO Management API.

    • Prior to 8.3, the client_secret, if set in the client metadata, was shown in SSO Management Console.

• IDS-1052: OTP lists for UbiloginDirectory users created from SSO Management Console are not invalid randomly

• IDS-945: Execute flag is set for the bash scripts in the Linux version

• IDS-723: The SMTP message that is sent by SMTP OTP method sets the Date header as specified in RFC 822

• IDS-821: Some errors (such as LDAP read timeout) during password/reset don't deactivate the servlet that catches it

• IDS-437: Main Class in the MANIFEST.MF of sso-pkipolicy.jar is correct

• IDS-1074: Linux version: OpenLDAP installation script (ldap/openldap/install.sh) doesn't show an unnecessary error message ldap_modify: No such attribute (16)

Ubisecure SSO 8.2.25-1 (06/2018)

Corrections

• IDS-782: Added missing OTP Server files to installation package.

Ubisecure SSO 8.2.25

Improvements for Finnish MobileID (Mobile Certificate / Mobiilivarmenne) Authentication Method

• IDS-578: Configurable status request delay.

  • The delays between the transaction request and the initial status request, as well as the delay between consecutive status requests after the first one, are configurable. The configuration parameters are initialStatusRequestDelay and consecutiveStatusRequestDelay. Refer also to the method configuration guide.

• IDS-658: Separate error message when authentication times out.

  • There is a new error message LOGIN_EXPIRED that is shown whenever authentication timeout occurs. The timeout is set in the ae.timeout configuration parameter. The possible error messages are listed under ETSI MSS Mobile PKI Unregistered Screen in Login Screens.

Corrections

• IDS-589: Chrome: Forms submitted using POST to SSO's browser endpoints don't work.

  • SSO 8.2.19 and 8.2.24 had the issue with Chrome browser, that Forms submitted using POST method to SSO's browser endpoint return 403 Forbidden HTTP status. This caused problems for example with SAML 2.0 login sequence with Ubisecure SAML SP module, because it uses SAML HTTP-POST binding by default, which is based on send a form using POST. That issue is now fixed.

Ubisecure SSO 8.2.24

Improvements and Corrections for Finnish Mobile ID (Mobile Certificate / Mobiilivarmenne) Authentication Method

• IDS-89: Configurable length of Event Identifier

  • Length of the event identifier used for matching the authentication event in the mobile device and the browser can now be configured to be 4 to 8 digits long. This is done by setting the new configuration parameter eventIdLength, which is also described in the method configuration documentation.

• IDS-555: Show the error message for missing or invalid NoSpamCode

  • When NoSpamCode has been asked from a user, but the NoSpamCode the user has given is invalid or missing, error message is now shown to the user to indicate what went wrong.

• IDS-556: NoSpamCode field being visible or not is preserved when error message is shown

  • NoSpamCode field is hidden in login screen with error message, if the field was also hidden before the error. Conversely, the field is shown, if it was also shown before the error.

• IDS-582: Correct text in the label for the phone number is shown in the wait screen

  • The wait screen (the screen where the Event Identifier is shown) shows now correct text MPKI_UNREGISTERED_MOBILENUMBER in the label for the phone number.

Other Changes

• IDS-464: Mobile Connect / OpenID Connect: SSO decrypts an encrypted Mobile Connect login_hint when passed to OpenID Connect Authentication Provider

  • SSO passes login_hint to an Open ID Connect Authentication Provider as a generic unencrypted OpenID Connect login_hint also, if the login_hint originates from a Mobile Connect Authentication Request that contains an encrypted login_hint.

Ubisecure SSO 8.2.19

Improvements and Corrections

• IAM-2304: OpenID Connect authentication method

  • OpenID Connect authentication providers can now be used as authentication methods in SSO. For more information, please see the documentation in OpenID Connect authentication method - SSO.

• IAM-1038: OpenID Connect: Support for configuration of essential JSON Web Algorithms in encryption and signing

  • Along with the previously supported RS256 digital signing algorithm, we have added support for HS256, in which the signing key is derived from client_secret value. For encryption, there are also options for algorithms in key management and content encryption.
    Complete list of supported algorithms for the various endpoints can be found in the OpenID Connect provider metadata (see documentation for OAuth 2.0 and OpenID Connect metadata - SSO).
    Reference: https://tools.ietf.org/html/rfc7518

• IAM-2156: OpenID Connect: Configurable idtoken encryption and signing

  • Added support for enabling encryption for idtokens, which can be configured by setting id_token_encrypted_response_alg and id_token_encrypted_response_enc configuration parameters in the client metadata. The digital signing algorithm used for idtokens can respectively be configured by setting id_token_signed_response_alg (by default it is "RS256").
    Complete list of supported values is provided in the id_token_encryption_alg_values_supported, id_token_encryption_enc_values_supported and id_token_signing_alg_values_supported attributes in the OpenID Connect provider metadata (see documentation for OAuth 2.0 and OpenID Connect metadata - SSO).

• IAM-2157: OpenID Connect: Configurable userinfo response encryption and signing

  • Added support for enabling encryption for userinfo endpoint responses, which can be configured by setting userinfo_encrypted_response_alg and userinfo_encrypted_response_enc configuration parameters in the client metadata. The digital signing algorithm used for userinfo response can respectively be configured by setting userinfo_signed_response_alg (by default no signature is added to userinfo response).
    Complete list of supported values is provided in the userinfo_encryption_alg_values_supported, userinfo_encryption_enc_values_supported and userinfo_signing_alg_values_supported attributes in the OpenID Connect provider metadata (see documentation for OAuth 2.0 and OpenID Connect metadata - SSO).

• IAM-2303: OpenID Connect client integrations: JSON Web Token (JWT) Profile for Client Authentication

  • Added support for JWT based methods client_secret_jwt and private_key_jwt for client authencation. The method to be used by the client integration can be configured by setting token_endpoint_auth_method and token_endpoint_auth_signing_alg configuration parameters in the client metadata.
    Complete list of supported values is provided in the token_endpoint_auth_methods_supported attribute in the OpenID Connect provider metadata (see documentation for OAuth 2.0 and OpenID Connect metadata - SSO).
    References:
        https://tools.ietf.org/html/rfc7521#section-4.2
        https://tools.ietf.org/html/rfc7523#section-2.2
        http://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication
        https://tools.ietf.org/html/rfc7519

• IAM-2364: OpenID Connect client integrations: Any port is allowed for Loopback URI Redirection

  • When a loopback URI (such as "http://localhost/app") is set in the redirect_uri or redirect_uris attribute of the client metadata of an OAuth2 application, then it is allowed use any port in the redirect_uri of the Authorization Request.
    Reference: https://tools.ietf.org/html/draft-ietf-oauth-native-apps-09#section-7.3

• IAM-2363: OpenID Connect client integrations: App-declared Custom URI Scheme Redirection

  • Applications can register customer URI schemes, such as "com.example.app", as their redirect_uris.
    Reference: https://tools.ietf.org/html/draft-ietf-oauth-native-apps-09#section-7.1

• IAM-1435: OpenID Connect client integrations: Support for scope in client metadata

  • Use the client metadata scope setting to restrict and white list the set of allowed scopes for a OAuth client.
    Scopes "openid", "userinfo" and the client_id of the metadata's owner cannot be disallowed, so they are always implicitly included in the scope list (if set in the client metadata in the first place).
    Reference: https://tools.ietf.org/html/rfc7591#section-2

• IAM-1847: Java Runtime Environment is no longer provided in the SSO installation package

  • Ubisecure SSO uses now an existing JRE installation provided in the standard JRE_HOME environment variable. This must be taken into account for all upgrades from pre-8.2 SSO's.

• IAM-2353: SSO writes information of the system environment in the diag log during start up

  • When starting up, SSO writes a comprehensive information printout in the diagnostics log about the system environment it's running on. The printout includes JRE version, environment variables, Java security providers, trusted certificates etc. This is crucial for our support, as with the JRE now removed, it would otherwise be difficult and time consuming to gain knowledge of the exact details of the environment SSO is running on.

• IAM-2873: OpenID Connect: Access token lifetime follows SSO session's lifetime

  • Access token lifetime follows the lifetime of the associated SSO session, in which the token was issued. This means that an access token's lifetime can be extended by extending SSO session's lifetime. Conversely, if an SSO session is terminated, all access tokens issued during that session are revoked.

• IAM-2982: OpenID Connect: Second use of authorization code revokes the access token that was previously issued for the authorization code

  • When authorization code replay is detected, the access token, that has been issued for the replayed authorization code during its first use, is revoked.

• IAM-2891: Error page without authentication methods is now shown also for SAML and Tupas agents

  • The plain error page, that is shown when there are no visible authentication methods to be shown, was previously skipped when the application agent was of type SAML or Tupas whereas for other agent types it was visible. This behaviour is now unified so that the error page is visible with all agents.
    Any other page (such as authentication method list also known as "menu" page) that happened to contain an error message was shown with all agents even in previous versions.

• IDS-22: Improved support for UI template setting in Password Change and Password Reset

  • There are some UI template settings, that hasn't been shown properly in the Password application. These setttings are logo.ico, logolink, logoalt, HEADER_TEXT_1, HEADER_TEXT_2 and COPYRIGHT. Now they are shown and updated correctly based on the selected UI template also in the Password Application.
    Secondly, if user changes the locale in the Password Application, the changed locale is now included in the URL that is sent in the password reset mail. Also, if the password reset was initiated from SSO login page, the changed locale is propagated back to the SSO page when user is returned there after finishing or canceling the reset.

Ubisecure SSO 8.1.2 (15/05/2017)

Corrections

• IAM-2376: The rules specified in methodmenu.rules are now applied correctly

Ubisecure SSO 8.1.1 (26/04/2017)

New Features

• IAM-2320: Tupas IDP: If A01Y_RETLINK contains query part, the query part is now included also in the tupas response.

Corrections

• IAM-2300: In fresh SSO installation, user can now define "allowed to" -group for SSO API agent

• IAM-2308: Agent type of SSO API agent is now correctly OAuth agent

• IAM-2326: WS-Federation: Continue button is now shown after successful IDP initated logout, if there's active WS-Federation session

• IAM-2311: Url is corrected for Nordea TUPAS test method (tupas.nordea.1) in methods-tupas.ldif

Ubisecure SSO 8.1.0 (28/03/2017)

New Features

• IAM-1374: SSO support for wreply and wfresh paraneters in WS-Federation

• IAM-2019: SSO support for wauth and whr parameters in WS-Federation 

• IAM-1352: SSO Management API - New functionality to add/remove/modify users 

• IAM-1457: SSO Management API - New functionality to create mapping configuration (persistentId, refreshtokenPolicy)

• IAM-1735: Sms-mt-otp and smtp-otp grant, added error description to Error Response explaining the error situation

• IAM-1907: OTP Timout for Sms-mt-otp and smtp-otp grant,is now configurable in minutes. By default, there is no timeout.

• IAM-2073: TUPAS IDP A01Y_RETLINK parameter allows ignoring of query parameters from the URL(s)

• IAM-2110: Type and attribute names in SSO Management API calls for input are now case in-sensitive. Type and attribute names in responses are now in CamelCase.

• IAM-2204: Java updated to version jdk-8u121

• IAM-2197: Tomcat updated to version 8.0.42

Corrections

• IAM-2066: SSO Linux UbiloginDirectory does not fail to start after reboot (because the OS changes /var/run/ubilogin ownership to root:root)

• IAM-2075: Agents with empty template field, no longer show the wrong template in login page

• IAM-2018: Agent activation file download now works also in new Chrome browser

Ubisecure SSO 8.0.1 (02/12/2016)

Corrections

• IAM-1833: MPKI authentication now works with mobileconnectloginhint-compabilityflag and ENCR_MSIDN

Ubisecure SSO 8.0.0 (25/11/2016)

New Features

• IAM-1320: SSO Server acts as a TUPAS IDP

• IAM-1478: PCR generation - an option to use new kind of UUID format as specified in RFC 4122[9]

• IAM-1493: It is now possible to prevent SSO on server side by using agent setting (using either Forceauthn, oneTimeUse or both parameters)

• IAM-1736: New Ubisecure look and feel to SSO

• IAM-1770: New tomcat version 8.0.38

Corrections

• IAM-1685: SAML agent metadata configuration fixed - agentlogo is not mandatory when clientname is used

Ubisecure SSO 7.x.x

Ubisecure SSO 7.7.1 (03/10/2016)

New Features

• IAM-1506: SSO authorization policy can decrypt values

Corrections

• IAM-1538: SSO password app doesn't show errors for all users

Ubisecure SSO 7.7.0 (26/08/2016)

New Features

• IAM-1032: OpenID Provider Metadata, tokeninfo_endpoint replaced with introspection_endpoint (RFC 7662) 

• IAM-1384: Token Introspection updates for RFC 7662 

• IAM-1066: MPKI login screen can be configured so that it does not ask a spam code and tries automatically to login if mobile connect crypted loginhint is provided.

• IAM-1451: OAuth2 and SAML2 metadata agent logo, based on locale, can be set visible in the login screen, with or without the default SSO logo

• IAM-1474: SSO openldap version upgrade to openldap-2.4.44 (OpenLDAP is now compiled without DDS overlay and with both BDB (default) and new MDB backends)

Corrections

• IAM-1420: SSO management GUI copyright message is changed to state GlobalSign instead of Ubisecure

Ubisecure SSO 7.6.0 (29/05/2016)

New Features

• IAM-712: OAuth 2.0 Token Revocation (RFC 7009). 

• IAM-1124: SAML Profile for OAuth 2.0 Authorization Grants (RFC 7522)

• IAM-1354: SSO Management API new functionality to allow Relying Party specified client_id and secret for OAuth2 metadata (RFC-7591 Dynamic client registration protocol)

• IAM-1364: OAuth2 and SAML2 metadata client name can be set visible in the login screen, id addition, or to replace to current hostname

• IAM-1365: SSO Login screen templates can contain also javascript resources

• IAM-1366: Username in login screen cannot be changed if mobile connect login_hint is encrypted (ENCR_MSISDN)

• IAM-1384: Oauth2 Token Introspection token_type supports refresh_token 

• IAM-1448: OAuth2 OpenID Provider Metadata changes, tokeninfo_endpoint is replaced with introspection_endpoint. Note that tokeninfo_endpoint and /uas/oauth2/tokeninfo are deprecated (will be removed in the version after 7.6)

• IAM-1395: SSO can return grant type and refresh token create time to application using authorization policy

• IAM-1428: AuthnStatementSessionNotOnOrAfter interop flag to leave SessionNotOnOrAfter unassigned in SAML2 response

• IAM-1403: OpenID Connect idtoken contains azp attribute in Mobile Connect

• IAM-1404: OAuth2 idtoken attribute aud is now always array to fully support Mobile Connect

• IAM-1406: OAuth2 authorization endpoint error page now sets http status 400 to indicate error condition (Does not return user to relying party)

Corrections

• IAM-1402: OpenID Connect idtoken nonce updates correctly to new auth. requests (From same client using authorization code grant)

• IAM-1455: Password application url parameter "method" now handles the NUL character (= %00 url encoded) for password/reset application without error situation

Ubisecure SSO 7.5.0 (26.02.2016)

New Features

• IAM-5: OAuth2-extension for confirming Email and Phone number

• IAM-823: SSO Management REST API Phase 1

• IAM-873: Compability flag SendAssertionConsumerServiceURL for sending AssertionConsumerServiceURL in SAML-AuthnRequest 

• IAM-1170: New compabilityflag ExplicitUnspecifiedAuthnContextClassRef for sending authnContextClassRef in SAML-response

• IAM-941: OTP server support for external SQL user database

• IAM-1060: Unregistered SMS OTP Authentication method 

• IAM-1208: Unregistered SMTP OTP Authentication method

• IAM-1147: Login_hint now works also with unregistered authentication methods (unregistered MPKI, SMS and SMTP)

• IAM-1253: SSO Management UI to GlobalSign branding

• IAM-1296: OAuth request scope now ignored as long as the correct scope in use is returned in Token Endpoint response

• IAM-1297: Only password, authorization_code and refresh_token are allowed OAuth grant_types By default.

• IAM-1295: Template property useloginhint for showing OAuth2 login_hint in SSO

• IAM-1294: Support for Mobile Connect encrypted login_hint with prefix ENCR_MSISDN

Corrections

• IAM-183: Audit contains information after user tries with incorrect username

Ubisecure SSO 7.4.0 (27.11.2015)

New Features

• IAM-805: Upgrade SSO JVM to Java 8

• IAM-884: SSO Tomcat updated, version 8.0.27

• IAM-910: OpenID Connect/Mobile Connect Identity Provider

• IAM-966: Support multivalue SAML2 AuthnContextClassRef in methods 

• IAM-995: updated OpenSSL version to 1.0.1p, used by OpenLDAP in linux installations

Ubisecure SSO 7.3.4 (30.9.2015)

Corrections

• IAM-997: Some button texts not visible in management UI

• IAM-998: Service cant be deleted if name contains "<>"

Ubisecure SSO 7.3.3 (29.9.2015)

New features

• IAM-817: SSO login flow should double check UDF linking need after registration and not ask for user consent if linking has be done

• IAM-895: Autocomplete for password input forms settable in UI-template (affects screens in SSO and password application)

• IAM-946: If address tracking (netmask) is disabled then a AuthnStatement/SubjectLocality element is no longer created in SAML Assertion

• IAM-948: If directory user mapping is successful for a user then UDF process will be skipped

• IAM-951: Backchannel messages (SOAP Logout) are now secured with TLS 1.2

Corrections

• IAM-25: SSO Management: Form inputs should be sanitized to prevent Cross-Site Scripting

• IAM-883: OAuth: Malformed JWT causes error "Unexpected char 127 (line no=1, column no=1, offset=0) at ...)"

• IAM-943: Session injection in Password application doesn't work in a reverse proxy deployment

• IAM-969: Methodmenu rules don't change when a template is changed

Ubisecure SSO 7.3 (29.5.2015)

New Features

• IAM-9: After a successfull password reset, a SSO session is created for the user and the user is redirected to a predefined url

• IAM-49: SSO Management UI for oAuth2.0 authorization server

• IAM-44: OAuth 2.0 Authorization Server 

• IAM-73: Password application to use the SSO UI templates

• IAM-601: Keytool to support SHA256WithRSA in certificate signatures

Corrections

• IAM-743: Password reset token email link broken

Ubisecure SSO 7.2.1 (16.4.2015)

Corrections

• IAM-270: Redirect URL for OAuth2 Authentication Method shown in SSO Management UI is invalid

• IAM-266: "Logout failed" is shown when using iframelogout and more than one sp-session is active

Ubisecure SSO 7.2.0 (2.4.2015)

New Features

• IAM-19: Support for OAuth2 protocol in Authentication Methods

• IAM-18: Support for Facebook authentication using OAuth2

• IAM-15: Support for Google+ authentication using OAuth2

• IAM-14: Support for Vkontakte authentication using OAuth2

• IAM-24: New password encryption methods: SHA256,SSHA256,SHA384,SSHA384,SHA512,SSHA512,PKCS5S2,PBKDF2

Improvements

• IAM-27: Value of NameID/@Format can now be explicitly set or asserted in Method

• IAM-36: Support for RHEL/CentOS 7 

• IAM-7: Support for user setting the new password when using Password-reset

Ubisecure SSO 7.1.0 (31.12.2014)

New Features

• SSO-574: User Driven Federation

• SSO-583: Support for Salesforce integration

• SSO-590: Support for setting emailAddress as NameID Format in Authorization Policy

Improvements