Versions

• Kubernetes deployment improved and tested on OVHcloud.
• Docker build libraries used in the GitHub action updated to the latest version.

• Authenticate external users in an External login authentication method by calling an external API. This makes it possible to place users outsight FoxIDs, for example in an existing user store. The username can be the users email or text-based username.
• Compare JsonWebKey (certificates) by the Kid parameter instead of the X5t parameter.
• Add SAML 2.0 authn request extensions XML support.

Updated to ITfoxtec.Identity version 2.9.0, the following two changes will only have effect on new certificates:

• Add the X5tS256 value in JsonWebKey according to: The "x5t" (X.509 certificate SHA-256 thumbprint) parameter is a base64url-encoded SHA-256 thumbprint (a.k.a. digest) of the DER encoding of an X.509 certificate [RFC5280].
• Change the X5c value in JsonWebKey to be: The "x5t" (X.509 certificate SHA-1 thumbprint) parameter is a base64url-encoded SHA-1 thumbprint (a.k.a. digest) of the DER encoding of an X.509 certificate [RFC5280].

Resolve bug:

• Set client authentication basic incorrect in OpenID Connect authentication method and use not quite correct encoding.

• If the client authentication post method is configured and a client secret is not received, default to use the client authentication basic method.

esolve bug:

• Read client authentication basic incorrect and use not quite correct encoding.

• By default, external users are linked to the sub claim type.

Resolve bug:

• Control client has invalid configured read certificate URL starting with pi/ instead of the correct api/.

• Test applications support custom domain without a custom primary domain.
• Test applications support master environment with a custom domain configured for the other environments.
• Add error page to Control Client to display server errors in a nice way.

Resolve bug:

• Can't create new application (down-party) https://github.com/ITfoxtec/FoxIDs/issues/847

• Add test support within the Control Client on both the Applications and Authentication Methods tabs.
• Count plan usage when the authentication method starts.
• Count user info requests as token requests.
• Persist data protection keys in the configured data store if not using Redis cache.
• Add support for the characters [] and in applications and authentication methods display names.
• Update Control Client applications and authentication methods button names.

SAML 2.0 bugs resolved:

• Remove local repeated SAML 2.0 namespace from Scoping, IDPList and IDPEntry.
• Resolve SAML 2.0 Scoping.RequesterID and IDPList.GetComplete created as an attributes instead of an elements bug.
• SAML 2.0 scoping error "Unable to convert element ITfoxtec.Identity.Saml2.Schemas.Scoping".

• Log warning and redirect back to the application if the OpenID Connect authentication method do not support logout.
• Default add technically names to applications and authentication method in FoxIDs Control Client.
  • New FoxIDs Control API for generating new technically names.
• Add the token endpoint to the Facebook OpenID Discovery to support OpenID Connect authorization code flow for the Facebook Authority 'https://www.facebook.com/' and 'https://limited.facebook.com'.
• FoxIDs Control Client support empty log details.
• FoxIDs Control Client add CORS for native clients if the redirect URL is on http or https.

• Resolve /api/swagger/v1/swagger.json not responding bug.
• The FoxIDs Control site support the settings TrustProxySchemeHeader.