Lanzamientos

• Add test support within the Control Client on both the Applications and Authentication Methods tabs.
• Count plan usage when the authentication method starts.
• Count user info requests as token requests.
• Persist data protection keys in the configured data store if not using Redis cache.
• Add support for the characters [] and in applications and authentication methods display names.
• Update Control Client applications and authentication methods button names.

SAML 2.0 bugs resolved:

• Remove local repeated SAML 2.0 namespace from Scoping, IDPList and IDPEntry.
• Resolve SAML 2.0 Scoping.RequesterID and IDPList.GetComplete created as an attributes instead of an elements bug.
• SAML 2.0 scoping error "Unable to convert element ITfoxtec.Identity.Saml2.Schemas.Scoping".

• Log warning and redirect back to the application if the OpenID Connect authentication method do not support logout.
• Default add technically names to applications and authentication method in FoxIDs Control Client.
  • New FoxIDs Control API for generating new technically names.
• Add the token endpoint to the Facebook OpenID Discovery to support OpenID Connect authorization code flow for the Facebook Authority 'https://www.facebook.com/' and 'https://limited.facebook.com'.
• FoxIDs Control Client support empty log details.
• FoxIDs Control Client add CORS for native clients if the redirect URL is on http or https.

• Resolve /api/swagger/v1/swagger.json not responding bug.
• The FoxIDs Control site support the settings TrustProxySchemeHeader.

IMPORTANT - Before updating if deployed in Azure: Open Azure Portal and navigate to the app services one at the time (including the test slots) . Add the following application setting with the Deployment slot setting checked:

   Name: "Settings:Options:Log", Value: "ApplicationInsights"
   Name: "Settings:Options:DataStorage", Value: "CosmosDb"
   Name: "Settings:Options:KeyStorage", Value: "KeyVault"
   Name: "Settings:Options:Cache", Value: "Redis"
   Name: "Settings:Options:DataCache", Value: "Default"

The master branch is renamed to main and you need to update the deployment configuration (delete and recreate the deployment configuration) to read from the main branch.

• Support deployment with docker and Kubernetes (K8s).
  • On-premises or with any Cloud Vendor providing Kubernetes support.
  • You may need a self-hosting license. Free for development, testing, small companies, including personal projects and non-profit educational institutions.
• Support to use MongoDB and PostgreSQL as database and cache, configurable.
• Support to seed a main tenant.
• Optionally run without a KeyVault.
• Optionally log to Stdout.
• Always log to Stdout if in development mode.
• Default run with a file store as database and cache in development and optionally a memory cache.
• Invalidate the environment cache if the master certificate becomes too old and needs to be forcibly renewed.
• SAML 2.0 authn request include ACS URL.
• SAML 2.0 issuer error text improved.
• Authentication methods data class change to always use a list of Issuers instead of SAML 2.0 using issuer.
• CosmosDb seed moved to CosmosDbDataRepositoryClient constructor.
• A tenant and an environment can not have the name "control" or "health"
• Support X-FoxIDs-Secret as query parm.

If deployed in Azure Consider changing you Azure App Services to use Azure App Service Container deployment with a Linux App Service plan. It is significantly cheaper to use a Linux App Service plan instead of a Windows App Service plan.
You need to create two new App Services for the FoxIDs site and FoxIDs Control site and a new Linux App Service plan.

• Select single container and deploy from Docker Hub
• Add the two new App Services to the VLAN data subnet
• Create and configure managed identities for the two new App Services
• Grant the two new managed identities access to Key Vault and Log Analytics workspace

Bugs resolved:

• Control Client unable to delete e.g. environment bug.

• Create and link external user in the authentication methods OpenID Connect, SAML 2.0 and environment link.

  • External users can be created automatically through the login flow where an optionally dialog with dynamic elements can request the user to e.g. enter their name. It is possible to add / change claims with claim transformations.
  • External users can be created manually / provisioned through the Control Client / Control API.
  • A unique ID is added to each external user.
  • Claims can be added to the external user.

• Optionally pipe the external ID (sub or email claim) in an environment link to achieve ID separation.

• SAML 2.0 to JWT claim mapping maps from all SMAL 2.0 claims although if two SAML 2.0 claims is mapping to the same JWT claim.

• Add support for display name in addition to the technical name (Client ID, Resource ID), the technical name can be auto generated if the display name is provided.
• Support disabling absolute URIs/URLs for OpenID Connect OAuth 2.0 and SAML 2.0 applications.
• Limit to maximum 1,000 up-parties and 1,000 down-parties per environment (track).
• Add IDistributedCacheProvider interface to allow future caching alternatives in place of Redis.
• Add Microsoft Entra ID (Azure AD) multi-tenant support by supporting * to accept all issuers in OIDC and OAuth 2.0 auth. methods. Only possible if the issuer is edited.
• Default include additionally claims in access token.
• Add auth_method and auth_method_type claims to the claim pipeline.
• License changed to Business Source License 1.1.

Control Client updated with more user-friendly design and name changes (the naming is changed in Control Client and docs but not in the code and Control API):

• Down-party is change to Application
• Up-party is changed to Authentication method
• Track is change to Environment

Bugs resolved:

• OpenID Connect EndSession not validating if URL is in client.PostLogoutRedirectUri bug.
• Not logging if the tenant is not connected to a plan or the plan is without a application insights connection bug.
• Correct empty secret error message bug in OIDC and OAuth 2.0

• Responsive two-factor design improved on mobile devices.
• Control Client support users with foxids:tenant:basic.read access.
• Control Client add a version to recurses URLs based on last build.
• Show the master track as the last item in Control Client track drop-down.

• The Control Client master tenants default login session lifetime change from 0 to 10 hours.

Bugs resolved:

• OpenID Connect up-party client secret bug.