Lanzamientos

IMPORTANT - Before updating if deployed in Azure: Open Azure Portal and navigate to the app services one at the time (including the test slots) . Add the following application setting with the Deployment slot setting checked:

   Name: "Settings:Options:Log", Value: "ApplicationInsights"
   Name: "Settings:Options:DataStorage", Value: "CosmosDb"
   Name: "Settings:Options:KeyStorage", Value: "KeyVault"
   Name: "Settings:Options:Cache", Value: "Redis"
   Name: "Settings:Options:DataCache", Value: "Default"

The master branch is renamed to main and you need to update the deployment configuration (delete and recreate the deployment configuration) to read from the main branch.

• Support deployment with docker and Kubernetes (K8s).
  • On-premises or with any Cloud Vendor providing Kubernetes support.
  • You may need a self-hosting license. Free for development, testing, small companies, including personal projects and non-profit educational institutions.
• Support to use MongoDB and PostgreSQL as database and cache, configurable.
• Support to seed a main tenant.
• Optionally run without a KeyVault.
• Optionally log to Stdout.
• Always log to Stdout if in development mode.
• Default run with a file store as database and cache in development and optionally a memory cache.
• Invalidate the environment cache if the master certificate becomes too old and needs to be forcibly renewed.
• SAML 2.0 authn request include ACS URL.
• SAML 2.0 issuer error text improved.
• Authentication methods data class change to always use a list of Issuers instead of SAML 2.0 using issuer.
• CosmosDb seed moved to CosmosDbDataRepositoryClient constructor.
• A tenant and an environment can not have the name "control" or "health"
• Support X-FoxIDs-Secret as query parm.

If deployed in Azure Consider changing you Azure App Services to use Azure App Service Container deployment with a Linux App Service plan. It is significantly cheaper to use a Linux App Service plan instead of a Windows App Service plan.
You need to create two new App Services for the FoxIDs site and FoxIDs Control site and a new Linux App Service plan.

• Select single container and deploy from Docker Hub
• Add the two new App Services to the VLAN data subnet
• Create and configure managed identities for the two new App Services
• Grant the two new managed identities access to Key Vault and Log Analytics workspace

Bugs resolved:

• Control Client unable to delete e.g. environment bug.

• Create and link external user in the authentication methods OpenID Connect, SAML 2.0 and environment link.

  • External users can be created automatically through the login flow where an optionally dialog with dynamic elements can request the user to e.g. enter their name. It is possible to add / change claims with claim transformations.
  • External users can be created manually / provisioned through the Control Client / Control API.
  • A unique ID is added to each external user.
  • Claims can be added to the external user.

• Optionally pipe the external ID (sub or email claim) in an environment link to achieve ID separation.

• SAML 2.0 to JWT claim mapping maps from all SMAL 2.0 claims although if two SAML 2.0 claims is mapping to the same JWT claim.

• Add support for display name in addition to the technical name (Client ID, Resource ID), the technical name can be auto generated if the display name is provided.
• Support disabling absolute URIs/URLs for OpenID Connect OAuth 2.0 and SAML 2.0 applications.
• Limit to maximum 1,000 up-parties and 1,000 down-parties per environment (track).
• Add IDistributedCacheProvider interface to allow future caching alternatives in place of Redis.
• Add Microsoft Entra ID (Azure AD) multi-tenant support by supporting * to accept all issuers in OIDC and OAuth 2.0 auth. methods. Only possible if the issuer is edited.
• Default include additionally claims in access token.
• Add auth_method and auth_method_type claims to the claim pipeline.
• License changed to Business Source License 1.1.

Control Client updated with more user-friendly design and name changes (the naming is changed in Control Client and docs but not in the code and Control API):

• Down-party is change to Application
• Up-party is changed to Authentication method
• Track is change to Environment

Bugs resolved:

• OpenID Connect EndSession not validating if URL is in client.PostLogoutRedirectUri bug.
• Not logging if the tenant is not connected to a plan or the plan is without a application insights connection bug.
• Correct empty secret error message bug in OIDC and OAuth 2.0

• Responsive two-factor design improved on mobile devices.
• Control Client support users with foxids:tenant:basic.read access.
• Control Client add a version to recurses URLs based on last build.
• Show the master track as the last item in Control Client track drop-down.

• The Control Client master tenants default login session lifetime change from 0 to 10 hours.

Bugs resolved:

• OpenID Connect up-party client secret bug.

• Track selector moved to the center of Control Client with auto select and track remember.
• Control Client updated with party type selection and advanced options selector.
• Add change password button in My profile in Control Client.
• Load Control Client dynamic and add a version to recurses URLs.
• OpenID Connect up-party, update secret in separate Control API.
• Fine grained Control API roles and scopes access rights.
• Spelling correction in Control API, change JwtWithCertificateInfo to JwkWithCertificateInfo.
• OpenID Connect down-party and up-party has support for prompt none, login and select_account.
• SAML 2.0 down-party ForceAuthn cannot change identity in a session exists.

• Do not require the jti (JWT ID) claim to present in a client credentials assertion.
• OpenID Connect up-party supports reading up to 50 keys from external OpenID Connect Discovery. If there are more than 10 keys, the X509 certificate information is ignored and the keys are therefore not validated based on a possible certificate.

• Change OpenID Connect Discovery element subject_types_supported to say public.
• Add support for organization in SAML 2.0 metadata.
• SAML 2.0 to JWT claim mapping changed to make it possible to change the default mappings to JWT for claim types:
  • email
  • given_name
  • family_name
  • role

• Updated to .NET 8.
• Add page specific CSS tags at the page-container level, making it possible to differentiate between the pages.
• Limit to maximum 2,000 up-parties and 2,000 down-parties per track.

If you are upgrading an existing FoxIDs installation please change the .NET version to .NET 8 on all four App Services slots after successfully upgrading to this version. However, this version runs fine on both .NET 7 and .NET 8. The .NET version is set to .NET 8 under the App Service General settings.