Change log - CustomerID
Please see the current Release Notes (here - scroll down to change log) for the active release change log
Ubisecure CustomerID 5.x.x
CustomerID 5.8.0 (21/06/2021)
New Features
- IDS-2770 - CustomerID REST API 2.1 has been updated with "PUT117 Reinvite User" (the endpoint was later renamed to "PUT123 Reinvite User" in the documentation). This allows an Administrator send a new email to a user with status "Waiting for registration". This might be useful if the user that is waiting to register has lost their invitation email or if their email address was invalid an Administrator can update the email and reinvite the user without having to start the process from scratch. Please find more information about this API call in REST API 2.1 - CustomerID
Improvements
- IDS-2851 - policy.password.history = N configuration in SSO for CustomerID password method (password.2) now works as expected. If N is set to be 3, the user is unable to update their password to their current one or to the 2 previous ones
- IDS-1947 - Input fields in pop-up windows are now pre-selected. This removes the need to select the input field before entering the verification code in, for example, mobile or email verification during registration
- IDS-2227 - Two node upgrade on Windows - CustomerID documentation are updated and tested with Windows Server 2019
Corrections
- IDS-2943 - Inviting a user to a role through mandates when the user did not have previous mandate objects available caused errors in the CustomerID UI although role was added. This has now been resolved and correct message is displayed to the Administrator.
- IDS-2709 - Registering a user without filling in optional custom attribute field previously caused a stack trace error and did not populate SQL db with user information. This has now been resolved and optional custom attributes can again be used within registration.
CustomerID 5.7.0 (20/01/2021)
New Features
- IDS-2766 - CustomerID REST API now support OAuth2 access tokens for authentication. This allows Administrators to enable access to specific users instead of relying on hardcoded username and password being distributed throughout the organisation. More information on how to configure this for your system can be found from Configuring OAuth2 authentication for REST API
- IDS-2767 - API calls using OAuth2 access tokens have been added to audit logs. This will allow Administrators of the system to better monitor which users are using with API calls compared to previous hardcoded username and password. More information can be found from Logging - CustomerID
- IDS-2768 - Administrators are able to disable basic HTTP authentication and query parameter authentication using simple username and password for REST APIs to make sure REST calls can only be done with OAuth2 access tokens. See REST API configuration options - CustomerID for details
Improvements
- IDS-2707 - CustomerID dependencies have been updated to remove vulnerabilities. You can find the latest versions used in the CustomerID Table 1 on 3rd party licenses - CustomerID
- IDS-2855 - CustomerID REST API 1.0 has been updated to use same authentication methods as other API versions. Information on how to use different authentications can be found from REST API authentication - CustomerID
CustomerID 5.6.0 (05/11/2020)
Improvements
- IDS-2719 - ubixmlsec library has been updated to version 1.5.8.50494 to use same version as SSO
CustomerID 5.5.5 (02/08/2021)
Improvements
- IDS-2869 - An improvement has been made for CustomerID when used with User Driven Federation (UDF) during registration. SSN is checked during UDF authorization step in registration to verify that there is not already a user with same SSN in the system. Previously the user was able to proceed to the registration and register another user with same SSN (which could not be used)
CustomerID 5.5.4 (29/09/2020)
Corrections
- IDS-2309 - Encrypted organizational attributes are now shown in human-readable format for user approval step in the Administrator UI. Earlier these attributes were shown in encrypted format for the Administrator
- IDS-2257 - Error handling has been fixed when attempting to create a new organization, but with a case, such as "New Organization" vs "new organization". Previously this returned a stack trace in the Administrator UI. This has also been resolved in REST API 1.0, 2.0 and 2.1 to return error 409 in these cases
CustomerID 5.5.3 (25/08/2020)
Corrections
- IDS-2170 -
general.unsecure.debuglog.include.rest.password
configuration key is removed due to its insecure nature of making queried passwords logged in the debug log file - IDS-2579 - REST API 1.0 (REQ001b) List Users now takes into account maxResults above 127 in AD LDS setup. Previously value above 127 returned all users (or maximum page size of 1000 users)
CustomerID 5.5.2 (18/08/2020)
(CustomerID 5.5.1 was omitted from public release due to a severe issue found and fixed during final release testing)
Improvements
- IDS-2616 - Language keys in messages_xx.properties have been change to be case-insensitive to help Administrators with localisation
Corrections
- IDS-2446 - Updating email address for a user through the Administrator GUI now updates all required fields in the database. One field was previously not updated and caused issues with new registrations for previously registered email addresses
- IDS-2528 - Emptying custom attribute field through API 2.0 (MOD04) now also empties the LDAP field. This field was previously left populated while the SQL field was emptied
- IDS-2650 - Duplicate language keys in messages_en.properties have been removed. With this fix, there was a change to the role removal confirmation language key "general.ui.actions.removerole" that has been replaced with "general.ui.confirm.removerole". Changes between versions can be found from Configuration changes in versions - CustomerID
- IDS-2640 - Emptying custom attribute field mapped to SSN through API 2.0 (MOD04) now also empties the LDAP field. This was previously left populated while the SQL field was emptied
CustomerID 5.5.0 (17/06/2020)
Improvements
- IDS-2225 - Improved version handling of CustomerID components in order to have a better understanding of which version is currently installed. Deployment of correct (i.e. same as the release version) versioned components are shown in the logs
Corrections
- IDS-2304 - CustomerID again shows the full path of the organisation in the organisation search results in Administration view, this previously only showed the organisation friendly name
- IDS-2330 - CustomerID roles for main and sub-organisations are again shown in different tables if configured to search for roles in sub-organisations as well (ui.organization.roles.recursive = true)
CustomerID 5.4.1 (18/12/2019)
Improvements
- IDS-2255 - Query User REST calls in API 2.0 and 2.1 has been updated to also include organizationEntityName and organizationId in the response. More information about what values are returned can be found from REST API 2.0 - CustomerID and REST API 2.1 - CustomerID
Corrections
- IDS-1467 - There was an ability to alter Organisational structure during the Approval of pending users. This feature was implemented erroneously and has been removed from the Pending User approval tab. Utilising this feature, in CustomerID 5.4.0 and previous versions will result in a synchronisation error to occur between LDAP and SQL records for all pending users in the modified Organization
- IDS-81 - Fix for User Defined Federation logout when locale is included in URL
- IDS-2167 - Fix for NullPointerException in REST API 1.0 REQ004b "Query Organizations" when querying an organization in a non-case sensitive manner
- IDS-2203 - Fix for Query requests in REST API 2.0 and 2.1 where additional parameters (i.e. exactMatch) are used. In CustomerID 5.4.0 the additional parameters are not considered in the requests. More information about the additional parameters and usage can be found from REST API 2.0 - CustomerID and REST API 2.1 - CustomerID
- IDS-1704 - Fix for updating user attributes returned by CustomerID backend call during registration process. See documentation on how to use Backend query configuration - CustomerID
- IDS-2300 - Fix for sending API requests through proxy using X-Forwarded-For with multiple IPs. This previously resulted in UnknownHostException and incorrect client IP was logged
- IDS-1415 - Fix for Application error if user has pressed Enter key during email confirmation in registration. This fix only resolves error condition, Enter key can still not be used to confirm the email address in registration
- IDS-1521 - Fix for Administrators to be able to change pending user's organization in approval stage. There are still a few identified issues related to changing organization for pending users, IDS-2311 (changing main organization fails to create new sub-organization) and IDS-2312 (changing technical name of organization to name with Scandinavian letters)
- IDS-2301 - Fix for encrypted organization custom attributes if there is an empty value in the field or one of the organizations. Previously this would return Internal Error when querying organization with REST API 2.1
CustomerID 5.4.0 (12/11/2019)
Improvements
- IDS-80 - CustomerID now supports locale (language setting) URL parameter in registration
- IDS-209 - Search field and "Filter results"-button is hidden if there are no mandates present
- IDS-949 - CustomerID now supports configuration for locale parameter in returnURL (General properties - CustomerID)
- IDS-1079 - Updated CustomerID external library (3rd party) dependencies (3rd party licenses - CustomerID)
- IDS-1110 - Documented the following : CustomerID database migration from 5.x.x to 5.4 (Single node upgrade - CustomerID)
- IDS-1168 - REST POST log entries are configurable for testing purposes (General properties - CustomerID)
- IDS-1314 - Removed unnecessary "Are you sure you want to leave this page?" window in mandate role delegation screen
- IDS-1568 - Enabled apostrophe ' as valid character in email address, i.e. john.o’reilly@ubisecure.com
Corrections
Approvals
- IDS-1028 - Fix for cancelling rejection of role approval. If an approver cancels the rejection of role approval, the role does not get removed anymore
- IDS-1081 - Approval tab button now updates the number of pending approvals if users that have pending approvals get deleted
- IDS-1126 - Fix for expiration of pending users if approval is required
- IDS-1198 - Fix for deletion of pending user if a role was added to the user through approval tab
- IDS-1388 - Fix for unnecessary "Are you sure you want to leave this page?" window in approval rejection
- IDS-1408 - Fix for deletion of pending user. Previously there might have been references left in the organization where there pending user was created
Configuration
- IDS-611 - Fix for locales parameter in the eidm2.properties file
- IDS-1099 - Fix for /eidm2/error/authnCancelled redirection
- IDS-1187 - Fix for system user privileges related to role removal
Installation
- IDS-1003 - Documentation correction for CREATE COLLATION on PostgreSQL 10.5 and newer versions (PostgreSQL preparation on Windows - CustomerID, PostgreSQL preparation on Linux - CustomerID)
- IDS-1313 - Fix for import.cmd if filename contains space character on windows
Logging
- IDS-1072 - Removed invalid error in server.log when user is redirected from registration to CustomerID UI
- IDS-1367 - Organization changes are now written to diag and audit logs
Mandates
- IDS-1075 - Fix for re-notification email for pending ORGTOORG mandate
- IDS-1076 - Fix for expiration email for pending ORGTOORG mandate
- IDS-1078 - Fix for filtering pending mandates
- IDS-1362 - Email is now sent to mandatee when their mandate is removed
- IDS-1363 - Fix for mandates allowed if user has OrganizationOwner role
- IDS-1420 - Fix for PERTOORG mandate tab UI
- IDS-1434 - Fix for mandate permission in organization title
- IDS-1512 - Enforce mandate name in organization creation
Miscellaneous
- IDS-1114 - Fix to ensure that Administrators can not unlink strongly authenticated accounts which use UDF linking
- IDS-1300 - Fix for moving user to another organization in order not to save extra custom attribute to SQL anymore
- IDS-1331 - Fix for invalid error message after successful mobile phone verification
- IDS-1366 - Fix for removing sub-organization so that it no longer redirects the user to the frontpage
- IDS-1371 - Error messages fixed to highlight which input fields do not meet requirements
- IDS-1378 - Fix for importing users with uniqueID that is not 36 characters
- IDS-1384 - Fix for when changing organization branch or organization identifier a unnecessary pop up "do you want to leave" does not appear anymore
- IDS-1386 - Fix for when changing to a new password that is longer than 64 digits, the password is no longer shown in the error message
- IDS-1414 - Updated documentation related to Organization Technical Name validator (Data model - CustomerID)
- IDS-1470 - Fixed check/uncheck all check box
Permissions
- IDS-1012 - Search box is no longer displayed if the user does not have permissions to list users
- IDS-1443 - Fix for redirection after deleting sub organization if the user doesn't have permissions to parent organization
Registration
- IDS-687 - Fix for duplicate user check in registration, blocked waiting for registration users
- IDS-735 - Fixed unnecessary email sent when changing password for pending user
- IDS-1205 - Fix for notification about user registration is sent to the inviter
- IDS-1369 - If user gives too long password in registration, the default validation message does not show the password anymore
- IDS-1581 - Fixed email / mobile phone validation check when user tries to register with invalid information
REST API
- IDS-661 - Permit listing all organization attributes from a single REST call (REST API 2.0 - CustomerID, REST API 2.1 - CustomerID)
- IDS-816 - Removed stack trace from CustomerID diag log file for many REST calls
- IDS-1005 - Removed internal server error when using REST API v2.1: POST /organizations. Error is now correctly shown as a HTTP 201 client side error
- IDS-1125 - Fix for REST: MOD014: Create mandate approval to permit administrator to set to true to false (always approved or always requested)
- IDS-1240 - Fix for UI error when role invite is sent to user whose account was originally created via REST
- IDS-1317 - Fix for REST API PUT103 operation to update a users password and make an audit log entry.
- IDS-1422 - Removed URL pluralisation in MOD026 Create Pending user (REST 1.2) where URL path should be singular (“pendinguser” not “pendingusers”). REST: Create Registration/Pending user returns invalid url
- IDS-1423 - Fix for REST MOD014 : Create duplicate mandate to return 409 conflict instead of 400 Bad Request
- IDS-1435 - Fix in search behaviour for all REST calls where the user data contains potential wildcard characters (i.e. underscore, hyphen or period in a user email address)
- IDS-1471 - Fix for REST operation MOD026 Create Pending User to set a default password rather than creating the user with no password (uncorrected behaviour required Admin to set an initial password for each new user manually)
Roles
- IDS-1295 - Fixed role search to ensure duplicate entries are not shown
- IDS-1077 - Removed an error message shown to administrator when they send a reminder or re-invitation to a pending user
- IDS-1189 - Resized the Add Role popup window layout for ease of viewing
- IDS-1197 - Fix for logged error message when role invite is sent via UI to new user who is waiting for registration
- IDS-1364 - Removed visibility of Add Role button from users who do not have administration permission
- IDS-1403 - Fixed error which permitted a user Role invitation when an organization is not set
- IDS-1447 - Fix for error when an existing user requests access to a pre-selected role
- IDS-1570 - Fixed pending user registration via REST MOD026 to assign additional roles (new users created within existing organisation should received pre-assigned roles)
Ubisecure CustomerID 5.3.5 (27/06/2019)
Corrections
- IDS-1471: Corrected MOD026 Create Pending User logic to use the defined password for user, if user doesn't define password during registration flow.
Ubisecure CustomerID 5.3.4 (26/04/2019)
Corrections
- IDS-1488: Corrected registration behaviour when multiple users performed registration at the same time. This defect caused backend responses with CustomerID XML schema field
Modify type=current-user
to modify wrong user when multiple users completed registration at the same time.
Ubisecure CustomerID 5.3.3 (11/04/2019)
Corrections
- IDS-1466: Corrected backend call with disabled fields. This defect prevented having a step in registration which did not contain user editable fields.
Ubisecure CustomerID 5.3.2 (14/03/2019)
Corrections
- IDS-1276: Corrected backend call error status handling for responses following the Ubisecure CustomerID XML schema.
- IDS-1277: Corrected backend call error message handling for responses following the Ubisecure CustomerID XML schema.
- IDS-1330: Corrected parametrized role assignment in registrations when a temporary attribute is used in the role definition.
- IDS-1335: Corrected some performance problems with the organization's role tab when roles from sub organizations are also included.
Ubisecure CustomerID 5.3.1 (29/01/2019)
Corrections
- IDS-1275: Corrected unintentional decryption of user attributes.
- See notification from Known issues - CustomerID.
Ubisecure CustomerID 5.3.0 (03/10/2018)
New Features
- IDS-334, IDS-335: User status is shown when listing users and when looking at user information details. There is also a new status for pending users: "Waiting for registration", which means that the user has not registered yet. The previous "Pending" status is still used for users that have registered but are waiting for approval. Users that are in either of these statuses are called pending users in most use cases and the background color used for them in user lists is the same. Ability to search and remove pending users from the user interface.
- IDS-391: Users can unlink federated accounts in CustomerID Self-Service user interface.
Improvements
- IDS-593: Various minor improvements in the error reporting of command line scripts in the tools folder.
- IDS-698: Added security related flags (
secure
andhttp-only
) to session cookies. - IDS-111: Security update of 3rd party libraries.
- See documentation from 3rd party licenses - CustomerID.
- IDS-184: CustomerID now supports internationalized email addresses.
- IDS-804: Roles in mandates are listed more clearly in the user interface.
Corrections
- IDS-972: Corrected enabling pending user via REST call
MOD004 Update User
.- See documentation from REST API 2.0 - CustomerID.
- IDS-1064: Corrected information updating concerning the OTP authentication method in Self-Service user interface.
- IDS-759: Corrected response of REST API call
REQ015 Query Registration
when no result could not be found. Now we return404 Not Found
instead of500 Internal Server Error
.- See documentation from REST API 1.2 - CustomerID.
- IDS-1060: Corrected Lost Password wizard.
- IDS-742: Corrected validation error message when trying to input an already existing email address.
- IDS-421: Corrected role handling in REST API call
MOD022 Update Mandate Template
. - IDS-803: Corrected values of resource keys when using the "show resource keys" language in mandate related user interface screens.
- IDS-805: Corrected sending person originated mandate invite to new organization.
- IDS-806: Correction to approval using the drop down action list.
- IDS-807: Corrected several issues with the addrole configuration.
- See documentation from User interface properties - CustomerID.
- IDS-808: Corrected role request approvals.
- IDS-839: Corrected error messages for UniqueAttributeValidator concerning the login attribute.
- IDS-875: Corrected
companyid
andcustomerid
attribute handling in registrations. - IDS-997: Corrected roles listing when using
ui.organization.roles.recursive=true
. - IDS-1059: Corrected confirmation thresholds.
Ubisecure CustomerID 5.2.18 (23/03/2018)
Corrections
- IDS-654: Fixed duplicate user check based on SSN in registrations
Ubisecure CustomerID 5.2.17 (19/03/2018)
Corrections
- IDS-634: Fixed an error with confirmation functionality in registrations
- IDS-566: Fixed REST call GET106 List Organizations for organizations that have no custom attributes
Ubisecure CustomerID 5.2.16 (02/03/2018)
Corrections
- IDS-581: Fixed potential error situation with logging
- IDS-601: Fixed erronous sending of multiple data confirmation notifications
Ubisecure CustomerID 5.2.15
Improvements
- IDS-550: Performance improvement for user search
Ubisecure CustomerID 5.2.14 (16/01/2018)
Improvements
- IDS-440: Performance improvement for role approvals in approval tabs
Corrections
- IDS-458: Password change related feedback messages have been fixed
Ubisecure CustomerID 5.2.12 (02/01/2018)
New Features
- IAM-1663: REST API ping and basic health check
- See documentation from Health REST API 1.0 - CustomerID.
- IAM-2865: Configurable attribute set for user searches in user interface
- See
ui.user.search.attribute.names
configuration property documentation from User interface properties - CustomerID.
- See
- IAM-1246: Possibility to run two CustomerID nodes
- See the new installation instructions from Two node installation - CustomerID.
- IAM-2140: HTML email content support
- See
notification.email.format.html
configuration property documentation from Notification properties - CustomerID.
- See
- IAM-2294: Configuration option for user defined message part in role invitations
- See
ui.role.invite.message.enabled
configuration property documentation from User interface properties - CustomerID.
- See
Improvements
- IAM-2709: User search now checks that all inputs match search results
- IAM-2077, IAM-1247: CustomerID workers have been separated from the main EAR
- IAM-2665: Domain whitelisting for CSRF check
- See
general.accepted.origin.whitelist
configuration property documentation from General properties - CustomerID.
- See
- IAM-2705: Configurable favicon
- See documentation from Configuration files related to customization - CustomerID.
- IAM-2833: Unicode support for built-in email address format validator
- IAM-718: User status can be defined in a human readable way in REST filters
- IAM-2284: Organization path is visible in summary step when inviting user to multiple roles
Corrections
- IAM-2711, IAM-2744: Possible problems with role invitation to existing user fixed
- IAM-2671: Fixed rejecting role invitations to existing users
- IAM-2687: Fixed name change when Active Directory is in use
- IAM-2633: Fixed email notification concerning pending user approval
- IAM-2636: Fixed unnecessary email renotification to pending user when user was waiting for approval
- IAM-2888: Fixed predefined role requests
- IAM-2896: Fixed organization removal in case there is an open role invitation for a new user
- IAM-3018: Fixed unwanted built-in attribute mandatoriness
Ubisecure CustomerID 5.1.9 (03/07/2017)
New Features
- IAM-1986: Possibility to pass password value to backend call in registration summary step
- IAM-2524: Password reset works for registered authentications without user having to have an SSN attribute
- IAM-2354: Java information is logged when the system starts
Improvements
- Workers have been separated to their own EAR
- Reorganization of some JARs
Corrections
- IAM-2064: Long organization names are no longer truncated in role add dialogue
Ubisecure CustomerID 5.1.5 (25/04/2017)
Corrections
- New version of cid-sso-adapter that does not add duplicate libraries into Ubisecure SSO when it is installed.
Ubisecure CustomerID 5.1.4 (04/2017)
New Features
- IAM-2003: Authorizer and REST API provide more information concerning delegations
- In an authorization policy you can use eidm:delegations, which lists role, mandate and mandatee organization for each delegation
- GET115 and GET116 REST calls added
Improvements
- Performance improvements
- IAM-1946: Updated WildFly version to 10.1.0.Final
- IAM-2005: CSRF prevention checks added
Corrections
- IAM-1842: Modify operations targeted to current-user from backend now work for existing user
- IAM-1947: Importtool saves locale to SQL
- IAM-2035: Corrected a possible NullPointerException in a certain type of role invitation
Ubisecure CustomerID 5.0.x (01/2017)
New Features
- CID-5: Database layer uses JPA and supports PostgreSQL
- CID-11: There is a separate Derby to PostgreSQL migration package available to help updating to this version
- CID-513: Summary step in registrations is now optional
Improvements
- Performance improvements
- CID-90: CustomerID uses built-in WildFly (instead of Tomcat)
- CID-112: CustomerID is packaged as an Enterprise Archive (EAR)
- CID-89: CustomerID uses Java 8
- CID-288: Updated Apache Wicket user interface framework version to 7.4.0
- CID-482: CustomerID logging can be configured via WildFly also logging format structure has been improved
Corrections
- CID-726: Corrected situation where REST response sometimes included a -1 value in port number
Removed Features
- CID-727: Removed organization group feature
- CID-455: Removed network source address based restrictions from CID REST API
- Back channel logout is no longer supported.
Ubisecure CustomerID 4.x.x
Ubisecure CustomerID 4.6.0 (29/02/2016)
Corrections
- IAM-45: Notification about pending role reception approval is now sent to new user after successful registration
- IAM-154: User interface handles long organization name in organization search results correctly
- IAM-1182: REST password change validates given password against the configured password policy.
Ubisecure CustomerID 4.5.0 (27/11/2015)
New Features
- IAM-750: REST Query to list mandates received/sent by an organization/user
Corrections
- IAM-170: Invitation renotification email show correct links
- IAM-899: Role invitation wizard changes. Mail template step removed.
- IAM-921: Organization user list and search performance improved when listing users by roles
- IAM-1111: Updating e-mail address works correctly in AD with long emails (>20 characters)
- IAM-740: CID Lostpwd shows now actual login ID to user
Ubisecure CustomerID 4.4.1 (30/09/2015)
Corrections
- IAM-944: Registration allows creation of duplicate users when SSN matches
- IAM-949: When loginusernprincipalname is used as login then no new users can be created
- IAM-971: Validators are not working on user approval
- IAM-945: CID should not include client IP address in AuthnStatement/SubjectLocality in SAML AP requests
Ubisecure CustomerID 4.4.0 (01/09/2015)
New Features
- IAM-736: Organizations can be created with unique random string identifier automatically
- IAM-794: Structured authorizer role information
- IAM-821: REST: Search organizations by using any attribute
Corrections
- IAM-909: User transfer from organization to another fails
Ubisecure CustomerID 4.3.0.40230 (07/2015)
New Features
- IAM-747: Federation linking during registration workflow (UDF)
- IAM-762: REST: search pending users by email
Improvements
- Performance improvements
Corrections
- IAM-775: Wrong language when transferring from registration to application
- IAM-847: /eidm2/wf/changepwd operation based on temporary token instead of permanent one
- IAM-260: REST: Creating ORG2ORG mandates fails
Ubisecure CustomerID 4.2.2.40007
New Features
- IAM-747: A new way to configure authentication method activation step in registrations. It is now possible to also activate (link) external authentication methods to the created user account.
Corrections
- IAM-738: Automatic role approvals after registration now work also for role invitations made using the REST-interface
Ubisecure CustomerID 4.2.1.39626
Corrections
- IAM-725: Also pending users can now be searched via REST-interface
Ubisecure CustomerID 4.2.0.39098 (04/2015)
New Features
- IAM-8: Registration workflow specific email text support
- IAM-10: Top-level Approvals-tab is hidden in the admin user interface if user has no permissions to manage approvals
- IAM-20: Email address confirmation is done at the user information wizard step in registrations (This is a change to the previous email address confirmation functionality)
- IAM-38: Saml AP can be used with returnurl in registrations
Improvements
- IAM-48: TUPAS methods can be grouped in user driven federation
- IAM-229: Locale field can now be used also in role invitation wizard
Corrections
- IAM-56: Mistyped email confirmation code no longer leads to an application error
- IAM-39: In CustomerID Admin interface, organization name change now updates the view immediately
- IAM-21: UI layout is no longer broken on approval tab (it was broken when using Firefox)
- IAM-23: User custom attributes are saved when uniqueID attribute is used in user import
- IAM-168: organization.class.default.restrictedRoleInvite no longer shows extra role in organization view
Ubisecure CustomerID 4.1.0.38078
New Features
- Product name has beed changed from Ubisecure CustomerID to GlobalSign CustomerID
- Configurable validation for attribute values
- User driven federation support
- More mobile friendly user interface
- Registration fields can be prefilled from authentication method attributes
- EIDM-1340: Automatic generation of organization technical name
- EIDM-1372: Delete User REST query by user ID
- EIDM-1384: Second web agent for CustomerID
- EIDM-1391: Return URL can be given for registrations as an URL parameter
- EIDM-1401: Verification step in registrations can now support also other authentication methods than TUPAS
- EIDM-1348: Role invitation information can be queried via REST using user ID Improvements
- Attribute validation is performed also for REST calls
- Several performance improvements concerning large user amounts
- EIDM-1349: Update user REST call can be used also for pending users
- EIDM-1350: Query user REST call can be made based on user ID
- EIDM-1351: Update user REST call can be made based on user ID
- EIDM-1373: Listing users via REST can use any attribute for filtering results
- EIDM-1374: Query Role REST call can be made based on role ID
Corrections
- EIDM-173: Bank authentication (TUPAS) method name, title, and logo are now configurable
- EIDM-572: Password change error messages are no longer duplicated
- EIDM-598: An unknown TUPAS method in the properties does not present an exception in the browser
- EIDM-618: Long information does not break the registration confirmation step display
- EIDM-859: We will correctly report an error message if someone tries to create a sub organization that has the same name as a role in the parent organization
- EIDM-920: Database update is now quicker
- EIDM-991: Approval does not close if mandatory fields are left empty when approving
- EIDM-1198: Removing multiple users is now quicker
- EIDM-1204: Organization filtering is now quicker
- EIDM-1255: Users imported with unique ID defined now get proper status
- EIDM-1267: Custom usernames can now have validation via the new validation configuration option
- EIDM-1294: Documentation updated concerning removed email.corporateRegisterEmail.message key from mail message configuration
- EIDM-1377: Password change wizard now only sends the correct email message instead of two different messages
- EIDM-1379: Verification now works also in protected registrations
- EIDM-1381: Welcome message is sent for new user after create user wizard also when email confirmation is not required
- EIDM-1383: Password change now only sends the correct email message and not two different ones
- EIDM-1386: Reminder message about user registration is now sent correctly
- EIDM-1392: Corrected possible problems with registration.x.temporary.fields
- EIDM-1394: Changing language on registration no longer skips backend query
- EIDM-1397: Pending password change expiration no longer deletes the registered user
- EIDM-1403: Role add step can now be hidden from create user wizard
- EIDM-1420: User CN information is now updated correctly also to the SQL database
- EIDM-1421: Corrections to SSN uniqueness validation
Ubisecure CustomerID 4.0.0.35856
New Features
- EIDM-1292: Mandate delegation based on user organization membership via received role
- EIDM-1322: Support for XSLT in connection with backend query responses
Improvements
- EIDM-1004: Suport for a separate validation code in the email message concerning email address change
- EIDM-1318: CustomerID backend query message format implementation
- EIDM-1342: Jersey upgrade (from 1.1x to 2.5.1)
Corrections
- EIDM-1285: Mandate delegation and removal is now logged to audit logfile
- EIDM-1311: Deleting organization now works even if there are pending mandates
- EIDM-1328: Logout corrected in case saml.custid.ap has an active session in SSO
- EIDM-1337: Role invite expire does not cause an error
- EIDM-1338: Person mandate to new user does not anymore create a duplicate pending user when there already is a pending user with same email address
- EIDM-1343: Empty or whitespace-only string as a result from backend query does not cause problems with parameter evaluation
Ubisecure CustomerID 3.x.x
Ubisecure CustomerID 3.12.0.34980
New Features
- EIDM-1273: You can request predefined role sets from self-service
- EIDM-1274: Registration workflow supports existing users
Improvements
- EIDM-1112: Robots.txt search engine hiding
- EIDM-1225: Role specific approval in registrations
- EIDM-1272: Creation of several organizations from multivalue registration fields
- EIDM-1290: Ubisecure favicon
- Link to Administration interface from self-service if the user has the necessary permissions
Corrections
- EIDM-1295: A problem related to role invitation renotifications has been corrected
Ubisecure CustomerID 3.11.1.34322
Corrections
- EIDM-1257: Fixed role rejection count in the user interface in case email sending fails.
- EIDM-1262: It is now possible to add roles also to disabled users.
- EIDM-1275: Corrected character encoding handling when reading backend responses.
- Nothing is automatically selected to the country list anymore.
- Added missing self.mandate.read permission to default permissions.
- Removed erronous self.edit.read permission from default permissions.
- Mandate delegation panel doesn't show pending users anymore.
- Added missing Derby starting command to Linux installation scripts.
- Corrected an erronous path in Linux uninstall script.
- Unified uninstallation in Linux so that also the Derby service will be removed in uninstall script.
- Now we accept ', ` and ´ characters in firstname and surname fields.
- Minor country ordering issue has been fixed.
- Improved out of the box authorizer support for SSO versions starting from 6.8.0.
- Corrected country selector behavior in IE 7 and IE 8. (Note that we don't actually officially support IE 7. However in this case we did a fix for it.)
- Removed extra HTML coding for certain characters that were included in backend request parameters.
Ubisecure CustomerID 3.11.0.34122
New Features
- EIDM-1210: Organization creation is ignored in registration workflow if the organization definition cannot be resolved
- EIDM-1211: Role assign is ignored in registration workflow if the role definition cannot be resolved
- EIDM-1212: Organization attributes may be stored separately in different organizations defined in the registration workflow configuration
- EIDM-1251: Derby DB is started in a separate service
Improvements
- EIDM-1247: User contact information may be added to the role approval page
- EIDM-1222: Java updated to 64bit Java 7
Corrections
- EIDM-1142: Special characters such as "!" in the REST password value no longer cause problems (for example when updating database)
- EIDM-1228: It is again ok to send mandates to unregistered users when the mandate receiver approval is false
- EIDM-1266: Custom attributes for user can be updated via REST
Ubisecure CustomerID 3.10.1.33745
Corrections
- EIDM-1241: User information on self-service now works
Ubisecure CustomerID 3.10.0.33656
New Features
- EIDM-1100: REST operation for role invitation for existing user
- EIDM-1116: REST operation for listing active role invitations
- EIDM-1208: Configurable country data type
- EIDM-1220: REST operation for creating pending user
- EIDM-1244: New Backend call possible when registration wizard is finished
- EIDM-1245: Optionally require printing before registration wizard can be sent.
Improvements
- EIDM-1223: Modify role.deassign permission for configuring role spesific deassignment
Ubisecure CustomerID 3.9.1.33383
Corrections
- EIDM-913: Error with more than on pending user for same organization and organization is changed in approval
- EIDM-1144: Add role might cause error when selecting another organization before role search is finished
- EIDM-1174: Changing user attributes doesn't update breadcrumbs
- EIDM-1187: Self-service password change removes pending password change requirement
- EIDM-1209: User receives same email notification when he registers or changes his email, new key is: email.pendingEmailRegistration
- EIDM-1216: user.delete permission not working at user action dropdown
- Custom attributes are now supported in the role invitation wizard
- Permissions are checked properly when deciding if to enable role assignment in the role action dropdown
- Permissions are checked properly when deciding if to show user search results in the user selection step in the role assign wizard
Ubisecure CustomerID 3.9.0.33285
New Features
- EIDM-967: Selected attributes and values can be shown in the Self-Registration Confirmation wizard step
- EIDM-1109: role.assign permissions can now be role spesific
Improvements
- EIDM-466: Possibility to authenticate registration backend query REST calls with HTTP BASIC Authentication
- EIDM-969: Possibility to configure temporary registration fields (fields that are not stored in database)
- EIDM-1039: More user friendly way of selecting users when adding a role to multiple users
- EIDM-1052: Globally unselectable actions are no longer presented to the user
- EIDM-1070: Removed unnecessary confirmation dialog when approving users
- EIDM-1129: Performance improvements concerning mandates
- EIDM-1154: Added information footer
- EIDM-1189: More sophisticated configuration options for selecting UI messages from registration backend responses
- EIDM-1190: Possibility to disable the back button in registrations
Corrections
- EIDM-529: Duplicate error message
- EIDM-1107: Password change fails on AD if user is not active
- EIDM-1145: Approval tab counter doesn't check permission
- EIDM-1163: OTP Printout-method status is not shown correctly in Self-Service Interface
- EIDM-1168: Organization's technical name is shown instead of FriedlyName when removing role
- EIDM-1171: Changing user's password link in admin interface is not working
Ubisecure CustomerID 3.8.1.32723
Corrections
- EIDM-978: Roles are not automatically approved for new user
- EIDM-1089: Roleinvitation without organisation selection causes error
- EIDM-1092: language change does not work when creating a mandate
- EIDM-1102: CustomerID is not replying organization TechnicalName when REST get or delete function is used
- EIDM-1105: Password change link is visible to user that has no rights to edit information
- EIDM-1139: Role list when doing role request throws NPE when only one role would be shown
- EIDM-1140: Create User-button is shown in virtual organizations
- EIDM-1141: Received Mandates shows received roles with technical name
Corrections in earlier versions
- EIDM-441: Change password page contains obsolete button
- EIDM-1009: loginuppercase is not correct
- EIDM-1010: Delegate mandate shows duplicate users
- EIDM-1012: Create user fails if organization doesnt exists
- EIDM-1013: Canceling registration fails to User not found with unique id: null
- EIDM-1015: Error when user tries to change login that already exists
Ubisecure CustomerID 3.8.0.32497
New Features
- EIDM-927: REST API to support mandate management
Improvements
- EIDM-1000: Mandate listings is limited and a search functionality is implemented to find the rest of the entries
- EIDM-1001: New permission for removing issued mandates from users in the Admin UI
- EIDM-1002: Possibility to insert a user custom attribute into an email
Corrections
- EIDM-990: When selecting save or approval for an open approval, that approval is closed even if the operation failed
- EIDM-1003: User approval should not be required if the creator of the user has permission rights to approve the user
- EIDM-1094: workflow.roles.firstuser definition is applied if the user is the first one to have a role from the organization
- EIDM-1095: Some attributes are not saved to SQL if user information is changed
- EIDM-1098: Role localized names and descriptions are now shown when removing roles from users
- EIDM-1102: CustomerID is not replying organization TechnicalName when REST get or delete function is used
Ubisecure CustomerID 3.7.2.31682
Improvements
- EIDM-986: Inform in UI if user or role listing has been limited
- EIDM-942: Sampo Bank TUPAS method changed to Danske Bank
- EIDM-988: Performance improvements concerning the add user wizard
- EIDM-985: Performance improvements concerning user search
- EIDM-987: Performance improvements concerning database and LDAP updates
- EIDM-975: Organization selections lists changed to organization search in role invitation and role request wizards (This was made so that memory usage can be kept in reasonable limits with large databases)
- Performance improvements concerning role listing
- Performance improvements concerning approval listing
- Performance improvements concerning organization search
Corrections
- EIDM-989: Issue count in the tab headings is now updated without delay in approval, role and mandate tab headings
- EIDM-983: Approval reject popup now again closes after a successful reject operation
Ubisecure CustomerID 3.7.0.31102
New Features
- EIDM-936: Create user-function can create users directly under organization
Improvements
- EIDM-947: User search is based on SQL content instead of LDAP content
- EIDM-948: Organization lists in workflows need to be changed to organization search
Corrections
- EIDM-935: Login-attribute uniqueness is not checked
- EIDM-949: Registration workflow doesnt create virtual organizations
Ubisecure CustomerID 3.6.0.29549
New Features
- Organization's role listing can be configured to show sub-organizations
- REST API response has xsd schema (cid-1.0.xsd)
- REST response has changed for querying user and organization custom attributes
Improvements
- Improved functionality to handle erroneous objects created with Import Tool
Ubisecure CustomerID 3.5.3.29169
Corrections
- Saving organization's company id in OID format fixed
Ubisecure CustomerID 3.5.2.29115
New Features
- Organization's role listing can be filtered with keywords
Improvements
- Approval page is faster to load
- Organization's role listing is faster and more user friendly when there is a large amount of organizations
Corrections
- Corrected edit-permission in approval page
Ubisecure CustomerID 3.5.1.28859
New Features
- Self-Service UI has field specific permissions for viewing and editing user information
- Admin UI has field specific permissions for viewing and editing user information
- Admin UI has field specific permissions for viewing and editing organization information
- Approval UI has field specific permissions for viewing and editing information
- It is possible to add organization custom attributes to SAML messages from the organization in which the user is stored
Improvements
- REST returns custom attributes for organizations
Corrections
- Approval UI save functionality works if reject reason is required
- Authorizer now includes the guava-11.0.2.jar library so that it does not need to be added separately
Ubisecure CustomerID 3.5.0.28697
New Features
- EIDM-868: It is now configurable if approval is required for received mandates or not
- EIDM-750: Administrator is able to add roles to multiple users in one workflow
- Administrator is able to remove roles from multiple users in one workflow
- Administrator is able to invite multiple users to roles in one workflow
- Administrator is able to remove multiple users at the same time
- Administrator is able to remove multiple roles from an organization
- Administrator is able to approve/reject multiple users at the same time
- Administrator is able to approve/reject multiple role invitations at the same time
- It is now configurable if the organization name should be in the Finnish company id format when targeting mandates to organizations
Improvements
- EIDM-749: User approval request is validated before approving user
- EIDM-870: User status is shown when requesting user information via the REST-interface
- User approval request can be saved without giving all the required information
- Delegating mandates to large number of users is faster
- Listing organizations is faster
- Listing organizations' users is faster
Corrections
- EIDM-856: Organization custom attributes can be used in registration and approval page
- New organizations are shown correctly in approval page
- User's email confirmation is shown correctly in approval page
Ubisecure CustomerID 3.4.3.28216
Corrections
- Fixed selecting user's organization in create user workflow
- Generation of invalid login value in self-registration and create user workflows
Ubisecure CustomerID 3.4.2.28187
Improvements
- Email messages support user's attributes as parameters
- Create User workflow supports custom attributes
- Create User workflow supports features from self-registration, configuring create user workflows has changed
- Usability improvements in organization listings and search user interfaces
- REST now supports reseting the Derby database
Corrections
- Update methods -command creates derby object for all organizations
- Mobile confirmation field can be set to disabled
- Creating deep organization additions now works in registrations
- Corrected a few serialization errors
- Corrected handling of comma characters (",") in attributes
Ubisecure CustomerID 3.4.1.27680
Improvements
- Support for custom attributes in ImportTool
Corrections
- Organization's technical name can be shown in organization's information listing
- Organization class editing is done using a drop-down list
Ubisecure CustomerID 3.4.0.27608
New Features
- Custom attributes can be saved to CustomerID internal database
- CustomerID Authorizer supports transmitting custom attributes in SAML messages (SSO version 6.3.1 is required)
- User's attributes that are shown in Approval UI can be configured
- User's attributes that are editable in Approval UI can be configured
- Approver is able to edit and save user approval request
- Approver is able ot edit user's roles in Approval UI
- Approver is able to insert free text for the reject message
- Approver is able to identify if organization is new or existing one
- User's attributes that are shown in Self-Service UI can be configured
- User's attributes that are shown in Admin User UI can be configured
- Organization's attributes that are shown in Organization UI can be configured
- Tomcat version updated to 7.0.26
- Derby database version updated to 10.8.2.2
- Wicket version updated to 1.4.19
- Java version updated to 1.6.0_31
Improvements
- CustomerID internal database is started in CustomerID Server (service is removed)
Corrections
- CustomerID Authorizer returns inherited roles in Active Directory
Ubisecure CustomerID 3.3.2.26523
New Features
- Search for organizations
Improvements
- Improved support for large number of organizations
- Separate list for pending registration invitations
Corrections
- Email notifications were not sent for role invitations that required the approval of a newly registered user
- Information updating problem when changing the email address of the invited person in role invitations
Ubisecure CustomerID 3.3.1.26211
Corrections
- Modified organization configuration in registration
Ubisecure CustomerID 3.3.0.26146
New Features
- EIDM-763: Custom attribute values can be stored encrypted
- EIDM-771: Registration workflow configuration changes: user organization definition, additional organization creation, role assignment
- User information can be exported in CSV format through REST API. Command line tool is alsoprovided
- UI language codes can be selected as a presentation language in development mode
Improvements
- EIDM-802: Role visibility defined mainly by role.listusers instead of user.read.roles permission
- Removed unnecessary version information printout from HTML header
- User export now includes user password if ubilogin directory is used as a user repository
Corrections
- Role deassignment permission was based on user organization. Now it is based on role organization
- Role invitation registration required always approval. Now approval is required based on workflow configuration
Ubisecure CustomerID 3.2.0.25817
New Features
- EIDM-769: Configurable user details in role invitation
- EIDM-767: Customizable error page for registration
Improvements
- EIDM-789: Remove admin.user.delete.enabled property
Corrections
- EIDM-793: Unexpected error when browsing organization
- EIDM-796: eIDMUser-role is not added when creating user through REST interface
Ubisecure CustomerID 3.1.0.25673
New Features
- EIDM-762: Two phase user information input in registration wizard
- EIDM-764: Support for error messages based on backend query results
- EIDM-765: Backend connection for requesting user information in registration
- EIDM-768: Custom attribute storing to LDAP/AD attributes
- EIDM-772: Validation for SSN in TUPAS-authentication
- EIDM-790: SSN field is now handled as a custom attribute
Improvements
- EIDM-780: Removal of roleinvite.enabled property
- EIDM-781: Removal of addrole.enabled property
- EIDM-785: Removal of createuser.enabled property
- EIDM-788: Creating a new user using the REST interface automatically assigns user to the eIDMUser group
Corrections
- Listing large number of users fails in OpenLDAP with Protocol Error
Ubisecure CustomerID 3.0.4.25334
Corrections
- Email duplicate check was not included when companyAndCustomerId field was used in registrations
- Email duplicate check did not allow registrations based on mandate invitation
Ubisecure CustomerID 3.0.3.25298
Corrections
- The role selection popup in add role functionality did not work in certain situations
Ubisecure CustomerID 3.0.2.25282
Corrections
- Email duplicate check did not include pending registrations
- Insufficient role linkage in certain registrations
Ubisecure CustomerID 3.0.1.25247
Corrections
- Role member listing did not contain mandate delegates in REST API
- Session serialization contained errors
Ubisecure CustomerID 3.0.0.25183
New Features
- EIDM-774: User is able to give companyId in registration without backend support
- EIDM-577: Support for storing Finnish company IDs in OID format but presenting them in human readable format in the UI
Improvements
- EIDM-558: Tupas authentication to be not required again when accessing the service directly after registration
- EIDM-578: Parent level support for permissions
- EIDM-733: Whitespaces should be removed from customerId-field
Corrections
- EIDM-576: Friendly Name field should support characters: '/', '(' and ')'
- EIDM-581: SSN is not saved if registration uses both Tupas and email verification
- EIDM-662: When user accesses mail/phone number editing with a direct link to self-service, accessing roles tab after that gives an error message
- EIDM-665: Return link is broken for users who have access only to one organization
- EIDM-671: When login takes too long, SAML Expiration exception is shown to the user
- EIDM-709: User doesn't see pending approvals in approval page even when he was the one inviting the pending user
- EIDM-712: Error in first sign on after a single logout
- EIDM-718: Role tab is broken after user confirm email change
- EIDM-726: Mobile number validator should accept dashes and spaces but remove them
- EIDM-727: In changing user's organization, virtual organizations are listed
- EIDM-731: User approval request emails not sent if there is no organization main user
- EIDM-736: Organization name field too long for background when using IE8
- EIDM-738: SSN saved even if configured otherwise
- EIDM-777: Null pointer exception if Tupas configuration file is missing