Breaking changes

This version

Updated default encryption

As of 3.1.0 default encryption has been changed. This will only affect systems where encryption is enabled.

To keep previous implementation ensure environment setting:

FORTIFIED_SECRETS_IMPL = local

3.0.0

SAML NameID format update

When deciding outgoing SAML assertion NameID format selection process is updated. If NameID format is configured this will supersed anything else. If not configured, requested format value from the AuthNRequest is used.

If none of the above is true, default fallback is:

urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified

Any format values in SAML meta data is ignored.

Overriding logos has new way of configuration

Default property names, and the overriding, of logos have changed.

All logos are now configured in a "logos" property in the ui_config and ui_config_overrides.json

{
  "logos": {
    "app_logo": {
      "src": "assets/fortified_logo_green-white.svg",
      "height": "40px"
    },
    "access_header": {
      "src": "assets/fortified_logo_green-teal.svg",
      "height": "80px"
    },
    "access_footer": {
      "src": "assets/fortified_logo_green-teal.svg",
      "height": "40px",
      "link": {
        "url": "https://fortifiedid.se",
        "text": "FortifiedID"
      }
    }
  }
}

All Integrity Access ui's now use logos defined in the access_header and access_footer. All apps with a top header bar (Password Reset, Portal etc) use the app_logo.

This allows for better separation of logos and for using the same configuration and/or same configuration file for multiple ui apps.

New Hazel cast schema

If running cluster, update cluster configuration xml file using schema:

Session cookie defaults

All session cookies now are set out to require User-Agent communication being done using TLS (encrypted channel)

Running in a non secure channel will require setting:

"http_session_cookie_secure": false,