Release notes
This will highlight the most important items. For in depth detail contact Fortified ID.
LDAP Valve improvements
Handling items in more robust manner. Handles multiple items across all LDAP valves.
Missing log - unsolicited authenticated
Log was missing when doing unsolicited login
Support for new Freja e-d attributes
UNIQUE_PERSONAL_IDENTIFIER and LOA_LEVEL are now supported
UI improvements using Information endpoint module
UI fixes for Windows Edge.
Header white listing case insensitive
When declaring headers to let through to service. Case is now insensitive.
SAML meta data validation
Meta data loaded from URL can be validated using a certificate
New authenticator
ExternalFlow authenticator added
Improved session security
User-Agent is now fingerprinted. See more info at https://docs.fortifiedid.se/common/server/http-listener#http-fingerprinting
OIDC refresh token update
It is now possible for re-usage of refresh tokens. This is default behaviour when interacting with Microsoft Entra ID.
Include improvement
Deeper include structures previously had unexpected behaviour.
CVE updates
Updating underlying building blocks, both front and backend, in order to keep CVE risks at a minimum.
3.1.0
Authenticators with more default values
All authenticators with web UI now has default values for:
overlay_dir
web_root
This reduces configuration. Se authenticator documentation for default values.
New authenticator SSOAuthenticator
SSOAuthenticatorUse for generic SSO login when target not supporting OIDC or SAML 2.0
Default location for http listener
When configured, http listener now kan handle accessing / for redirecting user agent to a predefined target:
"redirect_url": "/userinfo/generic/"Updated validation rules on incoming SAML assertion when brokering
Updated documentation is found here SAML SP
Source ip behind proxy
Source IP now is actual calling client when behind proxy
Include improvements
@inclunde expressions is now more powerful. More information here File inclusion
Chain authenticator updates
Execution order can now be configured using "order" attribute for each entry in "chain". See more on Chain
CVE updates
Updating underlying building blocks, both front and backend, in order to keep CVE risks at a minimum.
List of used components and known CVE's is available on request.
3.0.1
Request throttling
Improved handling of request management on request flooding.
Changed product name in CEF
New name is Access
Unsolicited saml logins
SAML idp now can have a default sp configured.
Task authenticator update
Button added for manual app-switch.
Simplified handling of overriding translation in authenticator
By introcucing scopes in translation files all translation/overrdides now can be in one locales file.
Start up order of modules updated
All modules used for enxternal communication now starts in node group "first". Rest is in default.
Bug fixes
Handling multiple OP's now works
Error SSO between protocols fixed
Using FrejaID on same device now returns to same browser tab
Version 3.0.0
New valve - GUIDToString
Valve to create a string format GUID ("b9d663ed-50dc-4260-b37e-147a62caa7f6") from the internal 16 byte binary representation used by AD / EntraID.
New valve - Base64Converter
Converts a base 64 value to another representation
SithsWithQr updates
Changed default behaviour, assuming using card reader instead of mobile app.
Improvement saml metadata loading
In previous version broken cash data stops server.
Set custom HTTP security headers
CSP, HSTS,XFO can now be set manually.
Improvement information endpoint module
logout now is attached to installation allowing for overriding logout look and feel.
AD binary attributes are now supported
UI updates
A number of UI improvements for a smoother user experience.
CVE updates
Updating underlying building blocks, both front and backend, in order to keep CVE risks at a minimum.
Bug fixes
#268 errors are not sent back to calling SAML IDP