Release notes

This will highlight the key items. For more in-depth details, please contact Fortified ID.

3.1.0

Updating underlying building blocks, both front and backend, in order to keep CVE risks at a minimum.

3.0.0 Four modules have been consolidated into a single module.

In this version, we have simplified the administration of modules so that the 4 different enrollment modules have now become one module. It simplifies e.g. port and other common configuration is now done in one place. Below is an example of the enrollment module and how it could look like.

{
    "name": "Enrollment",
    "enabled": true,
    "config": {
        "http_listener": "default",
        "token_issuer": "Fortified ID Test",
        "logout_endpoint_url": "${globals.logout_endpoint_url}",
        "overlay_dir": "${system.customer_home}/overlay/",
        "flow_layout": "STANDARD",
        "oathsw": {
            "enabled": true
        },
        "oathhw": {
            "enabled": false
        },
        "webauthn": {
            "enabled": true
        },
        "mobileid": {
            "enabled": true,
			"server_api_url": "http://127.0.0.1:9097/mos"
        }
    }
}

Four available submodules

Refer to the configuration example above. The four modules are: oathsw, oathhw, webauthn, and mobileid.

A submodule will only be available if it is added and set to enabled: true. If it is not added or set to enabled: false, it will remain inactive.

Modules have moved and have new names

The modules OathSwEnrollment, OathHwEnrollment, WebAuthnEnrollment and MobileServerEnrollment have become submodules for the new module Enrollment. They also have new names as you can se below.

OathSwEnrollment -> oathsw

OathHwEnrollment -> oathhw

WebAuthnEnrollment -> webauthn

MobileServerEnrollment -> mobileid

Added parameter logout_endpoint_url

See configuration example above. If you like the logout page to support look and feel for your organisation or you like to have a common logout page your can use logout_endpoint_url parameter. If not added logout will be local and fortified id look and feel. This a feature supported in all our products.

Updated configuration best practices regarding authN and SAML SP

To enable login from Enrollment, the authN module must be configured as a SAML SP. With four available modules, the configuration can vary depending on your specific scenario.

Our strong recommendation is to use a single authN module with one SAML SP configured for all four submodules. See example below.

{
    "name": "AuthN",
    "config": {
        "http_listener": "default",
        "authenticators": [
            {
                "id": "sp_enrollment",
                "type": "SAMLSP",
				"metadata_cache": "${system.customer_home}/samlcache",
                "config": {
                    "context_path": "/enrollment/authn/login",
                    "success_location": "/enrollment/redir",
                    "logout_location": "/enrollment/logged_out",
                    "metadata_output_directory": "${system.customer_home}/resources/",
                    "metadata": {
                        "url": "${globals.saml_idp_metadata_url}"
                    },
                    "entity_id": "${globals.saml_entity_id}",
                    "metadata_file_path": "${system.customer_home}/resources/fortifiedid_enrollment_template.xml",
                    "sign_ref": [
                        {
                            "keystore": {
                                "alias": "${globals.keystore_saml_alias}",
                                "key_password": "${globals.keystore_saml_key_password}",
                                "password": "${globals.keystore_saml_password}",
                                "path": "${globals.keystore_saml_path}"
                            }
                        }
                    ]
                }
            }
        ]
    }
}

PreviousAbout this release NextBreaking changes

{ "name": "Enrollment", "enabled": true, "config": { "http_listener": "default", "token_issuer": "Fortified ID Test", "logout_endpoint_url": "${globals.logout_endpoint_url}", "overlay_dir": "${system.customer_home}/overlay/", "flow_layout": "STANDARD", "oathsw": { "enabled": true }, "oathhw": { "enabled": false }, "webauthn": { "enabled": true }, "mobileid": { "enabled": true, "server_api_url": "http://127.0.0.1:9097/mos" } } }

{ "name": "AuthN", "config": { "http_listener": "default", "authenticators": [ { "id": "sp_enrollment", "type": "SAMLSP", "metadata_cache": "${system.customer_home}/samlcache", "config": { "context_path": "/enrollment/authn/login", "success_location": "/enrollment/redir", "logout_location": "/enrollment/logged_out", "metadata_output_directory": "${system.customer_home}/resources/", "metadata": { "url": "${globals.saml_idp_metadata_url}" }, "entity_id": "${globals.saml_entity_id}", "metadata_file_path": "${system.customer_home}/resources/fortifiedid_enrollment_template.xml", "sign_ref": [ { "keystore": { "alias": "${globals.keystore_saml_alias}", "key_password": "${globals.keystore_saml_key_password}", "password": "${globals.keystore_saml_password}", "path": "${globals.keystore_saml_path}" } } ] } } ] } }