Release notes

This release

Swedish BankID QR code updates

Aligning with revised QR code regulations for better usability and accessibility.

See more on https://www.bankid.com/tillgaenglighet-i-bankid/tillgangliga-qr-koder

3.2.0

LDAP Valve improvements

Handling items in more robust manner. Handles multiple items across all LDAP valves.

Missing log - unsolicited authenticated

Log was missing when doing unsolicited login

Support for new Freja e-d attributes

UNIQUE_PERSONAL_IDENTIFIER and LOA_LEVEL are now supported

UI improvements using Information endpoint module

UI fixes for Windows Edge.

Header white listing case insensitive

When declaring headers to let through to service. Case is now insensitive.

SAML meta data validation

Meta data loaded from URL can be validated using a certificate

New authenticator

ExternalFlow authenticator added

Improved session security

User-Agent is now fingerprinted. See more info at https://docs.fortifiedid.se/common/server/http-listener#http-fingerprinting

OIDC refresh token update

It is now possible for re-usage of refresh tokens. This is default behaviour when interacting with Microsoft Entra ID.

Include improvement

Deeper include structures previously had unexpected behaviour.

CVE updates

Updating underlying building blocks, both front and backend, in order to keep CVE risks at a minimum.

3.1.0

Authenticators with more default values

All authenticators with web UI now has default values for:

overlay_dir

web_root

This reduces configuration. Se authenticator documentation for default values.

New authenticator SSOAuthenticator

Use for generic SSO login when target not supporting OIDC or SAML 2.0

Default location for http listener

When configured, the HTTP listener can now handle requests to / by redirecting the user agent to a predefined target URL.:

"redirect_url": "/userinfo/generic/"

Updated validation rules on incoming SAML assertion when brokering

Updated documentation is found here SAML SP

Source ip behind proxy

Source IP now is actual calling client when behind proxy

Include improvements

@inclunde expressions is now more powerful. More information here File inclusion

Chain authenticator updates

Execution order can now be configured using "order" attribute for each entry in "chain". See more on Chain

CVE updates

Updating underlying building blocks, both front and backend, in order to keep CVE risks at a minimum.

List of used components and known CVE's is available on request.

3.0.1

Request throttling

Improved handling of request management on request flooding.

Changed product name in CEF

New name is Access

Unsolicited saml logins

SAML idp now can have a default sp configured.

Task authenticator update

Button added for manual app-switch.

Simplified handling of overriding translation in authenticator

By introcucing scopes in translation files all translation/overrdides now can be in one locales file.

Start up order of modules updated

All modules used for enxternal communication now starts in node group "first". Rest is in default.

Bug fixes

Handling multiple OP's now works

Error SSO between protocols fixed

Using FrejaID on same device now returns to same browser tab

3.0.0

New valve - GUIDToString

Valve to create a string format GUID ("b9d663ed-50dc-4260-b37e-147a62caa7f6") from the internal 16 byte binary representation used by AD / EntraID.

New valve - Base64Converter

Converts a base 64 value to another representation

SithsWithQr updates

Changed default behaviour, assuming using card reader instead of mobile app.

Improvement saml metadata loading

In previous version broken cash data stops server.

Set custom HTTP security headers

CSP, HSTS,XFO can now be set manually.

Improvement information endpoint module

logout now is attached to installation allowing for overriding logout look and feel.

AD binary attributes are now supported

UI updates

A number of UI improvements for a smoother user experience.

CVE updates

Updating underlying building blocks, both front and backend, in order to keep CVE risks at a minimum.

Bug fixes

#268 errors are not sent back to calling SAML IDP