LogoLogo
HomeIntegrityControlSolutionsManagement Center
3.2.0 - Access
3.2.0 - Access
  • Introduction
  • The Service
    • Overview
    • About this release
      • Release notes
      • Breaking changes
    • Architecture
      • Modules
      • Folder structure
      • Startup
    • Getting started
    • Installation
      • Container
      • Linux
      • Windows
    • Operations
      • Configuration
      • Metrics
      • Health check
      • Logging
        • System logging
        • Event logging
      • SBOM & license material
  • Modules
    • External modules
    • Internal modules
      • SAMLModule
      • OIDC
        • OpenID Configuration endpoint
        • JWKS endpoint
        • Authorization endpoint
        • Token endpoint
          • Authorization code
          • Refresh token
        • User info endpoint
        • Introspection endpoint
        • End session endpoint
  • Configuration reference
    • Introduction
    • Terms and abbreviations
    • Property expansion
    • File inclusion
    • Secrets management
    • Examples
  • Authenticators
    • Introduction
    • Common configuration
    • Web Authenticator API
    • Flow control
      • AuthController
      • ExternalFlow
      • Chain
      • Impersonate
      • Impersonate With Search
      • Selector
      • SSO Authenticator
    • Credential validators
      • SITHS eID
        • With QR or "app-switch"
      • BankID
        • On another device
        • On mobile device
      • Freja e-ID
        • With user input
        • With QR or "app-switch"
      • Mobile ID
        • With QR or "app-switch"
      • Header based
        • Certificate
      • Pointsharp Net iD Access server
        • On another device
        • On same device
      • Integrated windows login, IWA
      • User name & password
      • User lookup
      • OTP validator
      • Passkey validator
      • Exposed metrics
      • Test
        • Static SAML
        • No operation
    • Protocol managers
      • OIDC
        • Authorization Code Flow
        • Implicit Flow
        • OIDC Relying Party
      • SAML
        • SAML IDP
        • SAML SP
        • IDP Discovery Service
    • UI
Powered by GitBook
On this page
  • LDAP Valve improvements
  • Missing log - unsolicited authenticated
  • Support for new Freja e-d attributes
  • UI improvements using Information endpoint module
  • Header white listing case insensitive
  • SAML meta data validation
  • New authenticator
  • Improved session security
  • OIDC refresh token update
  • Include improvement
  • CVE updates
  • 3.1.0
  • Authenticators with more default values
  • New authenticator SSOAuthenticator
  • Default location for http listener
  • Updated validation rules on incoming SAML assertion when brokering
  • Source ip behind proxy
  • Include improvements
  • Chain authenticator updates
  • CVE updates
  • 3.0.1
  • Request throttling
  • Changed product name in CEF
  • Unsolicited saml logins
  • Task authenticator update
  • Simplified handling of overriding translation in authenticator
  • Start up order of modules updated
  • Bug fixes
  • Version 3.0.0
  • New valve - GUIDToString
  • New valve - Base64Converter
  • SithsWithQr updates
  • Improvement saml metadata loading
  • Set custom HTTP security headers
  • Improvement information endpoint module
  • AD binary attributes are now supported
  • UI updates
  • CVE updates
  • Bug fixes
  1. The Service
  2. About this release

Release notes

This will highlight the most important items. For in depth detail contact Fortified ID.

LDAP Valve improvements

Handling items in more robust manner. Handles multiple items across all LDAP valves.

Missing log - unsolicited authenticated

Log was missing when doing unsolicited login

Support for new Freja e-d attributes

UNIQUE_PERSONAL_IDENTIFIER and LOA_LEVEL are now supported

UI improvements using Information endpoint module

UI fixes for Windows Edge.

Header white listing case insensitive

When declaring headers to let through to service. Case is now insensitive.

SAML meta data validation

Meta data loaded from URL can be validated using a certificate

New authenticator

ExternalFlow authenticator added

Improved session security

OIDC refresh token update

It is now possible for re-usage of refresh tokens. This is default behaviour when interacting with Microsoft Entra ID.

Include improvement

Deeper include structures previously had unexpected behaviour.

CVE updates

Updating underlying building blocks, both front and backend, in order to keep CVE risks at a minimum.

3.1.0

Authenticators with more default values

All authenticators with web UI now has default values for:

overlay_dir

web_root

This reduces configuration. Se authenticator documentation for default values.

New authenticator SSOAuthenticator

Use for generic SSO login when target not supporting OIDC or SAML 2.0

Default location for http listener

When configured, http listener now kan handle accessing / for redirecting user agent to a predefined target:

"redirect_url": "/userinfo/generic/"

Updated validation rules on incoming SAML assertion when brokering

Updated documentation is found here SAML SP

Source ip behind proxy

Source IP now is actual calling client when behind proxy

Include improvements

@inclunde expressions is now more powerful. More information here File inclusion

Chain authenticator updates

Execution order can now be configured using "order" attribute for each entry in "chain". See more on Chain

CVE updates

Updating underlying building blocks, both front and backend, in order to keep CVE risks at a minimum.

List of used components and known CVE's is available on request.

3.0.1

Request throttling

Improved handling of request management on request flooding.

Changed product name in CEF

New name is Access

Unsolicited saml logins

SAML idp now can have a default sp configured.

Task authenticator update

Button added for manual app-switch.

Simplified handling of overriding translation in authenticator

By introcucing scopes in translation files all translation/overrdides now can be in one locales file.

Start up order of modules updated

All modules used for enxternal communication now starts in node group "first". Rest is in default.

Bug fixes

Handling multiple OP's now works

Error SSO between protocols fixed

Using FrejaID on same device now returns to same browser tab

Version 3.0.0

New valve - GUIDToString

Valve to create a string format GUID ("b9d663ed-50dc-4260-b37e-147a62caa7f6") from the internal 16 byte binary representation used by AD / EntraID.

New valve - Base64Converter

Converts a base 64 value to another representation

SithsWithQr updates

Changed default behaviour, assuming using card reader instead of mobile app.

Improvement saml metadata loading

In previous version broken cash data stops server.

Set custom HTTP security headers

CSP, HSTS,XFO can now be set manually.

Improvement information endpoint module

logout now is attached to installation allowing for overriding logout look and feel.

AD binary attributes are now supported

UI updates

A number of UI improvements for a smoother user experience.

CVE updates

Updating underlying building blocks, both front and backend, in order to keep CVE risks at a minimum.

Bug fixes

#268 errors are not sent back to calling SAML IDP

PreviousAbout this releaseNextBreaking changes

User-Agent is now fingerprinted. See more info at

https://docs.fortifiedid.se/common/server/http-listener#http-fingerprinting