Please see the current Release Notes (here - scroll down to change log) for the active release change log

Ubisecure CustomerID 5.x.x

CustomerID 5.6.0 (05/11/2020)

Improvements

• IDS-2719 - ubixmlsec library has been updated to version 1.5.8.50494 to use same version as SSO

CustomerID 5.5.4 (29/09/2020)

Corrections

• IDS-2309 - Encrypted organizational attributes are now shown in human-readable format for user approval step in the Administrator UI. Earlier these attributes were shown in encrypted format for the Administrator

• IDS-2257 - Error handling has been fixed when attempting to create a new organization, but with a case, such as "New Organization" vs "new organization". Previously this returned a stack trace in the Administrator UI. This has also been resolved in REST API 1.0, 2.0 and 2.1 to return error 409 in these cases

CustomerID 5.5.3 (25/08/2020)

Corrections

• IDS-2170 - general.unsecure.debuglog.include.rest.password configuration key is removed due to its insecure nature of making queried passwords logged in the debug log file

• IDS-2579 - REST API 1.0 (REQ001b) List Users now takes into account maxResults above 127 in AD LDS setup. Previously value above 127 returned all users (or maximum page size of 1000 users)

CustomerID 5.5.2 (18/08/2020)

(CustomerID 5.5.1 was omitted from public release due to a severe issue found and fixed during final release testing)

Improvements

• IDS-2616 - Language keys in messages_xx.properties have been change to be case-insensitive to help Administrators with localisation

Corrections

• IDS-2446 - Updating email address for a user through the Administrator GUI now updates all required fields in the database. One field was previously not updated and caused issues with new registrations for previously registered email addresses

• IDS-2528 - Emptying custom attribute field through API 2.0 (MOD04) now also empties the LDAP field. This field was previously left populated while the SQL field was emptied

• IDS-2650 - Duplicate language keys in messages_en.properties have been removed. With this fix, there was a change to the role removal confirmation language key "general.ui.actions.removerole" that has been replaced with "general.ui.confirm.removerole". Changes between versions can be found from Configuration changes in versions - CustomerID

• IDS-2640 - Emptying custom attribute field mapped to SSN through API 2.0 (MOD04) now also empties the LDAP field. This was previously left populated while the SQL field was emptied

CustomerID 5.5.0 (17/06/2020)

Improvements

• IDS-2225 - Improved version handling of CustomerID components in order to have a better understanding of which version is currently installed. Deployment of correct (i.e. same as the release version) versioned components are shown in the logs

Corrections

• IDS-2304 - CustomerID again shows the full path of the organisation in the organisation search results in Administration view, this previously only showed the organisation friendly name

• IDS-2330 - CustomerID roles for main and sub-organisations are again shown in different tables if configured to search for roles in sub-organisations as well (ui.organization.roles.recursive = true)

CustomerID 5.4.1 (18/12/2019)

Improvements

• IDS-2255 - Query User REST calls in API 2.0 and 2.1 has been updated to also include organizationEntityName and organizationId in the response. More information about what values are returned can be found from REST API 2.0 - CustomerID and REST API 2.1 - CustomerID

Corrections

• IDS-1467 - There was an ability to alter Organisational structure during the Approval of pending users.  This feature was implemented erroneously and has been removed from the Pending User approval tab. Utilising this feature, in CustomerID 5.4.0 and previous versions will result in a synchronisation error to occur between LDAP and SQL records for all pending users in the modified Organization

• IDS-81 - Fix for User Defined Federation logout when locale is included in URL

• IDS-2167 - Fix for NullPointerException in REST API 1.0 REQ004b "Query Organizations" when querying an organization in a non-case sensitive manner

• IDS-2203 - Fix for Query requests in REST API 2.0 and 2.1 where additional parameters (i.e. exactMatch) are used. In CustomerID 5.4.0 the additional parameters are not considered in the requests. More information about the additional parameters and usage can be found from REST API 2.0 - CustomerID and REST API 2.1 - CustomerID

• IDS-1704 - Fix for updating user attributes returned by CustomerID backend call during registration process. See documentation on how to use Backend query configuration - CustomerID

• IDS-2300 - Fix for sending API requests through proxy using X-Forwarded-For with multiple IPs. This previously resulted in UnknownHostException and incorrect client IP was logged

• IDS-1415 - Fix for Application error if user has pressed Enter key during email confirmation in registration. This fix only resolves error condition, Enter key can still not be used to confirm the email address in registration

• IDS-1521 - Fix for Administrators to be able to change pending user's organization in approval stage. There are still a few identified issues related to changing organization for pending users, IDS-2311 (changing main organization fails to create new sub-organization) and IDS-2312 (changing technical name of organization to name with Scandinavian letters) 

• IDS-2301 - Fix for encrypted organization custom attributes if there is an empty value in the field or one of the organizations. Previously this would return Internal Error when querying organization with REST API 2.1

CustomerID 5.4.0 (12/11/2019)

Improvements

• IDS-80 - CustomerID now supports locale (language setting) URL parameter in registration

• IDS-209 - Search field and "Filter results"-button is hidden if there are no mandates present

• IDS-949 - CustomerID now supports configuration for locale parameter in returnURL (General properties - CustomerID)

• IDS-1079 - Updated CustomerID external library (3rd party) dependencies (3rd party licenses - CustomerID)

• IDS-1110 - Documented the following : CustomerID database migration from 5.x.x to 5.4 (Single node upgrade - CustomerID)

• IDS-1168 - REST POST log entries are configurable for testing purposes (General properties - CustomerID)

• IDS-1314 - Removed unnecessary "Are you sure you want to leave this page?" window in mandate role delegation screen

• IDS-1568 - Enabled apostrophe ' as valid character in email address, i.e. john.o’reilly@ubisecure.com

Corrections

Approvals

• IDS-1028 - Fix for cancelling rejection of role approval. If an approver cancels the rejection of role approval, the role does not get removed anymore

• IDS-1081 - Approval tab button now updates the number of pending approvals if users that have pending approvals get deleted

• IDS-1126 - Fix for expiration of pending users if approval is required

• IDS-1198 - Fix for deletion of pending user if a role was added to the user through approval tab

• IDS-1388 - Fix for unnecessary "Are you sure you want to leave this page?" window in approval rejection

• IDS-1408 - Fix for deletion of pending user. Previously there might have been references left in the organization where there pending user was created

Configuration

• IDS-611 - Fix for locales parameter in the eidm2.properties file

• IDS-1099 - Fix for /eidm2/error/authnCancelled redirection

• IDS-1187 - Fix for system user privileges related to role removal

Installation

• IDS-1003 - Documentation correction for CREATE COLLATION on PostgreSQL 10.5 and newer versions (PostgreSQL preparation on Windows - CustomerID, PostgreSQL preparation on Linux - CustomerID)

• IDS-1313 - Fix for import.cmd if filename contains space character on windows

Logging

• IDS-1072 - Removed invalid error in server.log when user is redirected from registration to CustomerID UI

• IDS-1367 - Organization changes are now written to diag and audit logs

Mandates

• IDS-1075 - Fix for re-notification email for pending ORGTOORG mandate

• IDS-1076 - Fix for expiration email for pending ORGTOORG mandate

• IDS-1078 - Fix for filtering pending mandates

• IDS-1362 - Email is now sent to mandatee when their mandate is removed

• IDS-1363 - Fix for mandates allowed if user has OrganizationOwner role

• IDS-1420 - Fix for PERTOORG mandate tab UI

• IDS-1434 - Fix for mandate permission in organization title

• IDS-1512 - Enforce mandate name in organization creation

Miscellaneous

• IDS-1114 - Fix to ensure that Administrators can not unlink strongly authenticated accounts which use UDF linking

• IDS-1300 - Fix for moving user to another organization in order not to save extra custom attribute to SQL anymore

• IDS-1331 - Fix for invalid error message after successful mobile phone verification

• IDS-1366 - Fix for removing sub-organization so that it no longer redirects the user to the frontpage

• IDS-1371 - Error messages fixed to highlight which input fields do not meet requirements

• IDS-1378 - Fix for importing users with uniqueID that is not 36 characters

• IDS-1384 - Fix for when changing organization branch or organization identifier a unnecessary pop up "do you want to leave" does not appear anymore

• IDS-1386 - Fix for when changing to a new password that is longer than 64 digits, the password is no longer shown in the error message

• IDS-1414 - Updated documentation related to Organization Technical Name validator (Data model - CustomerID)

• IDS-1470 - Fixed check/uncheck all check box

Permissions

• IDS-1012 - Search box is no longer displayed if the user does not have permissions to list users

• IDS-1443 - Fix for redirection after deleting sub organization if the user doesn't have permissions to parent organization

Registration

• IDS-687 - Fix for duplicate user check in registration, blocked waiting for registration users

• IDS-735 - Fixed unnecessary email sent when changing password for pending user

• IDS-1205 - Fix for notification about user registration is sent to the inviter

• IDS-1369 - If user gives too long password in registration, the default validation message does not show the password anymore

• IDS-1581 - Fixed email / mobile phone validation check when user tries to register with invalid information

REST API

• IDS-661 - Permit listing all organization attributes from a single REST call (REST API 2.0 - CustomerID, REST API 2.1 - CustomerID)

• IDS-816 - Removed stack trace from CustomerID diag log file for many REST calls

• IDS-1005 - Removed internal server error when using REST API v2.1: POST /organizations.  Error is now correctly shown as a HTTP 201 client side error

• IDS-1125 - Fix for REST: MOD014: Create mandate approval to permit administrator to set to true to false (always approved or always requested)

• IDS-1240 - Fix for UI error when role invite is sent to user whose account was originally created via REST

• IDS-1317 - Fix for REST API PUT103 operation to update a users password and make an audit log entry.

• IDS-1422 - Removed URL pluralisation in MOD026 Create Pending user (REST 1.2) where URL path should be singular (“pendinguser” not “pendingusers”). REST: Create Registration/Pending user returns invalid url

• IDS-1423 - Fix for REST MOD014 : Create duplicate mandate to return 409 conflict instead of 400 Bad Request

• IDS-1435 - Fix in search behaviour for all REST calls where the user data contains potential wildcard characters (i.e. underscore, hyphen or period in a user email address)

• IDS-1471 - Fix for REST operation MOD026 Create Pending User to set a default password rather than creating the user with no password (uncorrected behaviour required Admin to set an initial password for each new user manually)

Roles

• IDS-1295 - Fixed role search to ensure duplicate entries are not shown

• IDS-1077 - Removed an error message shown to administrator when they send a reminder or re-invitation to a pending user

• IDS-1189 - Resized the Add Role popup window layout for ease of viewing

• IDS-1197 - Fix for logged error message when role invite is sent via UI to new user who is waiting for registration

• IDS-1364 - Removed visibility of Add Role button from users who do not have administration permission

• IDS-1403 - Fixed error which permitted a user Role invitation when an organization is not set

• IDS-1447 - Fix for error when an existing user requests access to a pre-selected role

• IDS-1570 - Fixed pending user registration via REST MOD026 to assign additional roles (new users created within existing organisation should received pre-assigned roles)

Ubisecure CustomerID 5.3.5 (27/06/2019)

Corrections

• IDS-1471: Corrected MOD026 Create Pending User logic to use the defined password for user, if user doesn't define password during registration flow.

Ubisecure CustomerID 5.3.4 (26/04/2019)

Corrections

• IDS-1488: Corrected registration behaviour when multiple users performed registration at the same time. This defect caused backend responses with CustomerID XML schema field Modify type=current-user to modify wrong user when multiple users completed registration at the same time.

Ubisecure CustomerID 5.3.3 (11/04/2019)

Corrections

• IDS-1466: Corrected backend call with disabled fields. This defect prevented having a step in registration which did not contain user editable fields.

Ubisecure CustomerID 5.3.2 (14/03/2019)

Corrections

• IDS-1276: Corrected backend call error status handling for responses following the Ubisecure CustomerID XML schema.

• IDS-1277: Corrected backend call error message handling for responses following the Ubisecure CustomerID XML schema.

• IDS-1330: Corrected parametrized role assignment in registrations when a temporary attribute is used in the role definition.

• IDS-1335: Corrected some performance problems with the organization's role tab when roles from sub organizations are also included.

Ubisecure CustomerID 5.3.1 (29/01/2019)

Corrections

• IDS-1275: Corrected unintentional decryption of user attributes.

  • See notification from Known issues - CustomerID.

Ubisecure CustomerID 5.3.0 (03/10/2018)

New Features

• IDS-334, IDS-335: User status is shown when listing users and when looking at user information details. There is also a new status for pending users: "Waiting for registration", which means that the user has not registered yet. The previous "Pending" status is still used for users that have registered but are waiting for approval. Users that are in either of these statuses are called pending users in most use cases and the background color used for them in user lists is the same. Ability to search and remove pending users from the user interface.

• IDS-391: Users can unlink federated accounts in CustomerID Self-Service user interface.

Improvements

• IDS-593: Various minor improvements in the error reporting of command line scripts in the tools folder.

• IDS-698: Added security related flags (secure and http-only) to session cookies.

• IDS-111: Security update of 3rd party libraries.

  • See documentation from 3rd party licenses - CustomerID.

• IDS-184: CustomerID now supports internationalized email addresses.

• IDS-804: Roles in mandates are listed more clearly in the user interface.

Corrections

• IDS-972: Corrected enabling pending user via REST call MOD004 Update User.

  • See documentation from  REST API 2.0 - CustomerID.

• IDS-1064: Corrected information updating concerning the OTP authentication method in Self-Service user interface.

• IDS-759: Corrected response of REST API call REQ015 Query Registration when no result could not be found. Now we return 404 Not Found instead of 500 Internal Server Error. 

  • See documentation from REST API 1.2 - CustomerID.

• IDS-1060: Corrected Lost Password wizard.

• IDS-742: Corrected validation error message when trying to input an already existing email address.

• IDS-421: Corrected role handling in REST API call MOD022 Update Mandate Template.

• IDS-803: Corrected values of resource keys when using the "show resource keys" language in mandate related user interface screens.

• IDS-805: Corrected sending person originated mandate invite to new organization.

• IDS-806: Correction to approval using the drop down action list.

• IDS-807: Corrected several issues with the addrole configuration.

  • See documentation from User interface properties - CustomerID.

• IDS-808: Corrected role request approvals.

• IDS-839: Corrected error messages for UniqueAttributeValidator concerning the login attribute.

• IDS-875: Corrected companyid and customerid attribute handling in registrations.

• IDS-997: Corrected roles listing when using  ui.organization.roles.recursive=true.

• IDS-1059: Corrected confirmation thresholds.

Ubisecure CustomerID 5.2.18 (23/03/2018)

Corrections

• IDS-654: Fixed duplicate user check based on SSN in registrations

Ubisecure CustomerID 5.2.17 (19/03/2018)

Corrections

• IDS-634: Fixed an error with confirmation functionality in registrations

• IDS-566: Fixed REST call GET106 List Organizations for organizations that have no custom attributes 

Ubisecure CustomerID 5.2.16 (02/03/2018)

Corrections

• IDS-581: Fixed potential error situation with logging

• IDS-601: Fixed erronous sending of multiple data confirmation notifications

Ubisecure CustomerID 5.2.15

Improvements

• IDS-550: Performance improvement for user search

Ubisecure CustomerID 5.2.14 (16/01/2018)

Improvements

• IDS-440: Performance improvement for role approvals in approval tabs

Corrections

• IDS-458: Password change related feedback messages have been fixed

Ubisecure CustomerID 5.2.12 (02/01/2018)

New Features

• IAM-1663: REST API ping and basic health check

  • See documentation from Health REST API 1.0 - CustomerID.

• IAM-2865: Configurable attribute set for user searches in user interface

  • See ui.user.search.attribute.names configuration property documentation from User interface properties - CustomerID.

• IAM-1246: Possibility to run two CustomerID nodes

  • See the new installation instructions from Two node installation - CustomerID.

• IAM-2140: HTML email content support

  • See notification.email.format.html configuration property documentation from Notification properties - CustomerID.

• IAM-2294: Configuration option for user defined message part in role invitations

  • See ui.role.invite.message.enabled configuration property documentation from User interface properties - CustomerID.

Improvements

• IAM-2709: User search now checks that all inputs match search results

• IAM-2077, IAM-1247: CustomerID workers have been separated from the main EAR

• IAM-2665: Domain whitelisting for CSRF check

  • See general.accepted.origin.whitelist configuration property documentation from General properties - CustomerID.

• IAM-2705: Configurable favicon

  • See documentation from Configuration files related to customization - CustomerID.

• IAM-2833: Unicode support for built-in email address format validator

• IAM-718: User status can be defined in a human readable way in REST filters

• IAM-2284: Organization path is visible in summary step when inviting user to multiple roles

Corrections

• IAM-2711, IAM-2744: Possible problems with role invitation to existing user fixed

• IAM-2671: Fixed rejecting role invitations to existing users

• IAM-2687: Fixed name change when Active Directory is in use

• IAM-2633: Fixed email notification concerning pending user approval

• IAM-2636: Fixed unnecessary email renotification to pending user when user was waiting for approval

• IAM-2888: Fixed predefined role requests

• IAM-2896: Fixed organization removal in case there is an open role invitation for a new user

• IAM-3018: Fixed unwanted built-in attribute mandatoriness

Ubisecure CustomerID 5.1.9 (03/07/2017)

New Features

• IAM-1986: Possibility to pass password value to backend call in registration summary step

• IAM-2524: Password reset works for registered authentications without user having to have an SSN attribute

• IAM-2354: Java information is logged when the system starts

Improvements

• Workers have been separated to their own EAR

• Reorganization of some JARs

Corrections

• IAM-2064: Long organization names are no longer truncated in role add dialogue

Ubisecure CustomerID 5.1.5 (25/04/2017)

Corrections

• New version of cid-sso-adapter that does not add duplicate libraries into Ubisecure SSO when it is installed.

Ubisecure CustomerID 5.1.4 (04/2017)

New Features

• IAM-2003: Authorizer and REST API provide more information concerning delegations

• In an authorization policy you can use eidm:delegations, which lists role, mandate and mandatee organization for each delegation

• GET115 and GET116 REST calls added

Improvements

• Performance improvements

• IAM-1946: Updated WildFly version to 10.1.0.Final

• IAM-2005: CSRF prevention checks added

Corrections

• IAM-1842: Modify operations targeted to current-user from backend now work for existing user

• IAM-1947: Importtool saves locale to SQL

• IAM-2035: Corrected a possible NullPointerException in a certain type of role invitation

Ubisecure CustomerID 5.0.x (01/2017)

New Features

• CID-5: Database layer uses JPA and supports PostgreSQL

• CID-11: There is a separate Derby to PostgreSQL migration package available to help updating to this version

• CID-513: Summary step in registrations is now optional

Improvements

• Performance improvements

• CID-90: CustomerID uses built-in WildFly (instead of Tomcat)

• CID-112: CustomerID is packaged as an Enterprise Archive (EAR)

• CID-89: CustomerID uses Java 8

• CID-288: Updated Apache Wicket user interface framework version to 7.4.0

• CID-482: CustomerID logging can be configured via WildFly also logging format structure has been improved

Corrections

• CID-726: Corrected situation where REST response sometimes included a -1 value in port number

Removed Features

• CID-727: Removed organization group feature

• CID-455: Removed network source address based restrictions from CID REST API

• Back channel logout is no longer supported.

Ubisecure CustomerID 4.x.x

Ubisecure CustomerID 4.6.0 (29/02/2016)

Corrections

• IAM-45: Notification about pending role reception approval is now sent to new user after successful registration

• IAM-154: User interface handles long organization name in organization search results correctly

• IAM-1182: REST password change validates given password against the configured password policy.

Ubisecure CustomerID 4.5.0 (27/11/2015)

New Features

• IAM-750: REST Query to list mandates received/sent by an organization/user

Corrections

• IAM-170: Invitation renotification email show correct links

• IAM-899: Role invitation wizard changes. Mail template step removed.

• IAM-921: Organization user list and search performance improved when listing users by roles

• IAM-1111: Updating e-mail address works correctly in AD with long emails (>20 characters)

• IAM-740: CID Lostpwd shows now actual login ID to user

Ubisecure CustomerID 4.4.1 (30/09/2015)

Corrections

• IAM-944: Registration allows creation of duplicate users when SSN matches

• IAM-949: When loginusernprincipalname is used as login then no new users can be created

• IAM-971: Validators are not working on user approval

• IAM-945: CID should not include client IP address in AuthnStatement/SubjectLocality in SAML AP requests

Ubisecure CustomerID 4.4.0 (01/09/2015)

New Features

• IAM-736: Organizations can be created with unique random string identifier automatically

• IAM-794: Structured authorizer role information 

• IAM-821: REST: Search organizations by using any attribute

Corrections

• IAM-909: User transfer from organization to another fails

Ubisecure CustomerID 4.3.0.40230 (07/2015)

New Features

• IAM-747: Federation linking during registration workflow (UDF)

• IAM-762: REST: search pending users by email

Improvements

• Performance improvements

Corrections

• IAM-775: Wrong language when transferring from registration to application

• IAM-847: /eidm2/wf/changepwd operation based on temporary token instead of permanent one