IDS-608

There is a known UI/UX issue where a very large site list is displayed within the SSO management UI.  This results in hard to use UI if large lists of sites are present in the SSO deployment. A possible workaround is to use an ldap editor to configure the authorization policies and groups.

IDS-941

There is a known issue where unregistered SMTP OTP authentication will not permit TLS or any secure authentication.  Documentation improvement will be made to ensure proper configuration is shown if unsecure SMTP servers are required.

IDS-1171

There is a known issue when using OpenLDAP 2.4.44 when performing SSO session cleanup which will cause replication issues.

IDS-1525

There is a known issue where SSO logs will contain a stopped search warning entry when tomcat is shutdown. This error can be safely ignored.  

IDS-1526

There is a known issue where SSO logs will contain an unstopped thread warning entry when tomcat is shutdown. This error can be safely ignored.

IDS-1635

There is a known issue where the logout HTML of SSO contains two DOCTYPE entries. There is no known work around for this.

IDS-1832

There is a known issue where editing an existing authorisation policy (example case added an attribute) resulted in the alteration of ubiloginNameValue. This affects SSO 8.3.0 and later. There is no work around at this time.

IDS-1995

When using BankID and Safari, during initial login Safari displays a 0kb file being downloaded when there is no downloaded file

IDS-2089

There is a known issue where shutting down Ubisecure Accounting service on a windows server will show errors within the ids-accounting.log. 

IDS-2092

There is a known issue where the tomcat log will show a severe servlet warning for com.ubisecure.ss-ui.  However, this warning is due to a user repeating the same action (double clicking an item or using the back button).  This warning can be safely ignored and will be addressed in a future release. 

IDS-2094

There is a known issue where disabling the main account in the SSO login directory does not disable the User Driven Federation accounts.  Users are still able to login to services with the Federated account even while the main account is disabled.   Work around: Administrators who are disabling a main login directory account should ensure that they check and disable any associated UDF accounts at the same time.  This issue will be addressed in a future release.  

IDS-2095

There is a known issue that the Acccounting service generates a temp folder under Ubisecure\ubilogin-sso\accounting\temp each time it is restarted. A workaround that system administrator can do is to create a cron job that removes these folders on a regular interval.

IDS-2096

There is a known issue where attempting to use exceptionally long SAML Entity IDs will result in creation failure (larger than 64 characters) .  There is no known work around and may not be possible to resolve due to LDAP field limitations.  We will address this in a future release.  

IDS-2120

There is a known issue where dual node SSO will require jndi.properties to be manually configured on the second node during SSO upgrade.

IDS-2121

There is a known issue where dual node SSO will require settings.sh to be manually configured on the second node during SSO upgrade.

IDS-2261

There are several known issues with javascript tools when using SSO Password reset.  Similar javascript is used in UAS with no issue.  If you are experiencing password reset javascript issue, please contact Ubisecure Support referencing this internal ticket for potential work arounds. 

IDS-2315

There is a known issue that SSO returns refresh token for un-registered users. This should not be done since there is no way of handling the lifecycle of the un-registered user's refresh token.

IDS-2332

There is a known issue when using OpenLDAP in SSO where slapd runs out of connections to process incoming requests.

IDS-2663

There is a known issue where creating a new site via a Safari browser where the site as an @ symbol in the email address will cause an error and no site will be created.  This error is not experiences with current Chrome or Firefox browsers.  As a work around please use one of these alternate browsers.

IDS-2829

There is a known issue that TOTP API is unable to generate secret for user if keysize has not been configured in the method. This is mitigated by ensuring that keysize is set when creating TOTP method.

IDS-2880

There is a known issue when not including the scope of a sub claim in the authorisation policy for API protection. If this is not included during the API call, the response will not include any sub claims in the introspection response. A work around is to ensure your authorisation policy include the required claims.

IDS-2891

There is a known issue if the Lockout Duration is set to 0, then no lockout time will be used ever.  Work around is to set a very high number (in seconds) for accounts which should be locked out, but in a long duration. Remember to stop and start service for this configuration change to take place.

IDS-3113

There is know issue after upgrading to SSO 8.8. If there were old Unregistered CIBA methods configured in the system, Administrators are unable to see the configuration information. To resolve this, Administrators are able to update the method Type from previous "Backchannel Authentication Adapter" to new "Unregistered OpenID Connect CIBA" type and restart SSO server.

IDS-3186

There is a known issue when changing password, if the current password is reused as the new password, an internal application error is shown. There is no known work around.

Shown also as CustomerID known issue.

IDS-693

There is a known issue with user approvals from Users view. If there are required attributes for the approval step, these are not validated if approval is done through the Users view.

IDS-1332

There is a known issue with CustomerID where it is not possible to use one email account for multiple UIDs created in CustomerID.  Work around: It is possible for the system administrator to use custom attributes holding the same email address in the second or third CustomerID UID.  

IDS-1358

There is a known issue within CustomerID where an administrator applying permissions across a whole organization will result in a failure of CustomerID to initialise.  Work around: Admins should ensure that they do not apply permissions to an entire organisation, but apply the permission to a specific organisation class.  All classes within an organisation may have the permission added, but not to the whole organisation at the same time, during the same commit.

IDS-1365

There is a known UI improvement for lists of Users and Roles for CustomerID administrators.  Currently the lists are not ajax based, which means that cannot be called via popup, unlike other lists seen in CustomerID Admin UI.  While this does not cause an error, it is not ideal from a usage point of view.

IDS-1380

There is a known issue with CustomerID organisational attributes where the UI validation (validation.json) is not utilised.  This impacts MOD001, POST100, PUT101 and MOD003.  Using the API calls will result in good responses, but no organisational attribute change will be made.  

IDS-1382

There is a known issue within CustomerID mandates where no email is sent to the user or organisation when the configuration is set to false ( mandate.receiver.approval = false), even though the administrator requests a mail to be sent.  No error or warning screen is displayed.

IDS-1389

There is a known usage limit in CustomerID Mandates. When viewing a mandate, currently only the role is shown. It would be more user friendly to show both the role and its organisation within the mandate view. There is no workaround. 

IDS-1411

There is a known issue within the CustomerID XML schema ID, if an administrator makes an error and reuses and existing variable ID, this second use of the variable ID will not be assigned but the organisation will still be created.  No error is reported.  This can cause troubleshooting and usage errors.  Workaround: Administrators should ensure that variable IDs are unique prior to creating new variable IDs within the system installation.

IDS-1413

There is a known error in CustomerID mandates if the mandate name is longer than 61 characters. If longer than 61 characters, creating the mandate will fail. Workaround: Do not create mandate names longer than 61 characters. 

IDS-1418

There is a known issue with CustomerID REST API MOD008. If an administrator removes a single mandate role from a user with multiple mandate role, the original (removed) mandate template still exists within the LDAP database. This can result in troubleshooting errors and database checking errors (backup, etc). 

IDS-1419

There is a known issue with CustomerID REST API MOD021 when creating a new user. Even when the API call appears to work, the user is not added to the organisation. Workaround: Do not use REST MOD021 (modification) during the creation of a new account. Please ensure you use create APIs when making new users. 

IDS-1446

There is a known issue when using CustomerID REST API MOD009 to create a new user. The API will return 200 OK even when the new user password is not set; this results in a failed account creation. Workaround: Do not use REST API MOD009 (modification) to create a new user account. Please ensure you use create APIs when making new users. 

IDS-1463

There is a known issue when using the CustomerID lost password recovery wizard where the wildfly server will log an exception in the error log. The password reset works correctly for the end user, but the resulting log file is cumbersome for large deployments where end users often reset their passwords. The error exceptions can be safely ignored, these will be corrected in a future release.

IDS-1468

There is a known issue caused by an Administrator altering the name of an Organisation when a new user has registered but not yet been approved. An application error occurs and is logged. Workaround: To avoid this only change an organization name when the pending user view is empty.

IDS-1474

There is a known issue that results in unsaved organisational custom attributes occurring when approval is set to false; attributes are saved when they should not be. 

IDS-1476

There is a known issue within User DrivenFederation (UDF) of a social login during registration. If a user attempts to register more than one social login (UDF) against an external account a warning error message is presents. Resolution will be to provide the user a message explaining that they have already UDF'd a social account to this internal account and it is not possible to register a second social account.  

IDS-1478

There is a known issue that results in a null pointer exception with stack trace if a user attempts Self Service User Driven Registration (UDF) of a social login account when UDF is not enabled within the CustomerID service.

IDS-1494

There is a known issue that causes occasional error pages to be displayed when a user logs out of their federated (User Driven Federation, UDF) social login account.

IDS-1504

This known issue is a regression. When a user is invited to multiple roles, only one role appears in the invitation screen. This impacts both CustomerID Admin UI and user Self-Service. 

IDS-1555

There is a known issue where the mandate tab cannot be accessed on the CustomerID UI if the localisation information is incomplete. Workaround is to ensure that all localisation fields are completed. 

IDS-1681

There is a known issue where the cursor focus remains in the mobile text field after a user has selected the email confirmation, when both email and mobile confirmations are required. 

IDS-2033

Search response when using the CustomerID authoriser rule will return duplicate entries if capitalisation is present in the searched term or in the database field. In the future, no duplicates will be returned even if capitals are used or present in the naming field. Example: friendlyName and friendlyname. 

IDS-2091

There is a known issue that the "New Organization" field in the "Open user applications" approval tab sometimes shows incorrect status

IDS-2093

There is a known issue that listing of users doesn't take into considerations users that are in locked status

IDS-2162

There is a known issue in CustomerID within Mandates, where no renotify email is sent to the administrator when an existing user requests a mandate for an existing additional organisation. No email is sent to Administrators for approval and no errors are logged. There is no workaround for this issue.

IDS-2201

There is a known issue in CustomerID where an email to a user with a single expiring or expired role will have all open roll invitations listed in the email, not just the expiring or expired role invitation.  

IDS-2205

There is a know issue in user registration where the "Mobile input field was not confirmed" error message is left in the UI even after the user has verified their mobile number if they have other invalid fields to correct

IDS-2207

There is a known issue in CustomerID where interrupting the creation of a pending user will reset localisation of the browser session. 

IDS-2231

There is a known issue when Administrator denies a role request for a user, that user gets two emails sent to them. One stating "Role invitation denied" and a second one stating "Role denied". 

IDS-2233

There is a known issue in CustomerID API 1.2 REST call MOD025 "Create Role Invitation" related to email notification. If this REST call is used, the inviter mail address configured does not get a notification when the end-user approves the received role. The notification still works if role invitations are done through the GUI.

IDS-2290

There is an issue opening approval tab under main organization branch if there are around 10 000 sub-organizations. As a workaround, you can choose not to use recursive selection by adding "admin.approvals.recursive.selection.default = false" to you eidm2.properties file. See also: IDS-2310 below.

IDS-2310

There is an issue searching roles under main organization branch if there are around 10 000 sub-organizations. As a workaround, you can choose not to use recursive roles by adding "ui.organization.roles.recursive = false" to you eidm2.properties file. See also: IDS-2290 above.

IDS-2311

There is a known issue in approval view where changing main organization for a pending user in a sub-organization fails to create the new sub-organization in LDAP. This will need to manually be resolved by removing the invalid sub-organization in SQL

IDS-2420

There is a known issue in registration when pressing Enter without filling in all required fields causes registration to get cancelled instead of highlighting the required fields needed to complete the registration. Identified in CID 5.3.5

IDS-2712

There is a known issue where an internal error is shown and stack trace is logged when a user registers with the same organisation name as an existing organisation but in a different case. Example. "UBISECURE" when "Ubisecure" already exists.  

IDS-2713

There is a known issue impacting Windows server installations, where the import and export tools fail to move users between CustomerID 5.3.x and later versions. 

IDS-2814

There is a known issue where Self Service will not open a user control window if the UDF (user driven federation) link refers to an obsolete authentication method.  For example if the external identity has switched from SAML to OIDC.  An exception is presented. There is no work around at this time. 

IDS-2816

There is a known issue which will create an unhandeled exception if the users SMTP server cannot be resolved.  This issue will cause a database collision issue which may prevent the same email address from being used, as it already exists within the database but not in a fully created form.  

IDS-2891

There is a known issue if the Lockout Duration is set to 0, then no lockout time will be used ever.  Work around is to set a very high number (in seconds) for accounts which should be locked out, but in a long duration. Remember to stop and start service for this configuration change to take place. 

IDS-2930

There is a known issue that CustomerID REST API returns invalid response code for internal server errors. If there is an internal server error, CustomerID REST API now returns 404 Not Found instead of 500 Internal Server Error.

IDS-2936

There is a known issue with data.attribute.mapping.surname = sn when using OpenLDAP.  The attribute mapping will not occur.

IDS-3186

There is a known issue when changing password, if the current password is reused as the new password, an internal application error is shown. There is no known work around.

Shown also as SSO known issue

IDS-3206

 There is a known issue where a user is completed registration and is waiting for approval of registration. No email is sent to any administrator that there is registration that needs to be approved. 

IDS-3339

There is a known issue where it is not possible to create person to person (PERTOPER) or person to organisation (PERTOORG) mandates from the CustomerID UI.  Work around this limitation by using REST API's which do permit these mandates.

IDS-3392

There is know issue when Administrator moves user is used moved to another organisation then error is logged.  The user is moved correctly, but unnecessarily logging occurs.  The log entries can be safely ignored. 

IDS-3698

There is a known issue with rejecting a user registration that doesn’t remove the approval request from the CustomerID database. A workaround for this is to remove the pending approval request from the database.