Versions

• Authenticate external users in an External login authentication method by calling an external API. This makes it possible to place users outsight FoxIDs, for example in an existing user store. The username can be the users email or text-based username.
• Compare JsonWebKey (certificates) by the Kid parameter instead of the X5t parameter.
• Add SAML 2.0 authn request extensions XML support.

Updated to ITfoxtec.Identity version 2.9.0, the following two changes will only have effect on new certificates:

• Add the X5tS256 value in JsonWebKey according to: The "x5t" (X.509 certificate SHA-256 thumbprint) parameter is a base64url-encoded SHA-256 thumbprint (a.k.a. digest) of the DER encoding of an X.509 certificate [RFC5280].
• Change the X5c value in JsonWebKey to be: The "x5t" (X.509 certificate SHA-1 thumbprint) parameter is a base64url-encoded SHA-1 thumbprint (a.k.a. digest) of the DER encoding of an X.509 certificate [RFC5280].

Resolve bug:

• Set client authentication basic incorrect in OpenID Connect authentication method and use not quite correct encoding.

• If the client authentication post method is configured and a client secret is not received, default to use the client authentication basic method.

esolve bug:

• Read client authentication basic incorrect and use not quite correct encoding.

• By default, external users are linked to the sub claim type.

Resolve bug:

• Control client has invalid configured read certificate URL starting with pi/ instead of the correct api/.

• Test applications support custom domain without a custom primary domain.
• Test applications support master environment with a custom domain configured for the other environments.
• Add error page to Control Client to display server errors in a nice way.

Resolve bug:

• Can't create new application (down-party) https://github.com/ITfoxtec/FoxIDs/issues/847

• Add test support within the Control Client on both the Applications and Authentication Methods tabs.
• Count plan usage when the authentication method starts.
• Count user info requests as token requests.
• Persist data protection keys in the configured data store if not using Redis cache.
• Add support for the characters [] and in applications and authentication methods display names.
• Update Control Client applications and authentication methods button names.

SAML 2.0 bugs resolved:

• Remove local repeated SAML 2.0 namespace from Scoping, IDPList and IDPEntry.
• Resolve SAML 2.0 Scoping.RequesterID and IDPList.GetComplete created as an attributes instead of an elements bug.
• SAML 2.0 scoping error "Unable to convert element ITfoxtec.Identity.Saml2.Schemas.Scoping".

• Log warning and redirect back to the application if the OpenID Connect authentication method do not support logout.
• Default add technically names to applications and authentication method in FoxIDs Control Client.
  • New FoxIDs Control API for generating new technically names.
• Add the token endpoint to the Facebook OpenID Discovery to support OpenID Connect authorization code flow for the Facebook Authority 'https://www.facebook.com/' and 'https://limited.facebook.com'.
• FoxIDs Control Client support empty log details.
• FoxIDs Control Client add CORS for native clients if the redirect URL is on http or https.

• Resolve /api/swagger/v1/swagger.json not responding bug.
• The FoxIDs Control site support the settings TrustProxySchemeHeader.

IMPORTANT - Before updating if deployed in Azure: Open Azure Portal and navigate to the app services one at the time (including the test slots) . Add the following application setting with the Deployment slot setting checked:

   Name: "Settings:Options:Log", Value: "ApplicationInsights"
   Name: "Settings:Options:DataStorage", Value: "CosmosDb"
   Name: "Settings:Options:KeyStorage", Value: "KeyVault"
   Name: "Settings:Options:Cache", Value: "Redis"
   Name: "Settings:Options:DataCache", Value: "Default"

The master branch is renamed to main and you need to update the deployment configuration (delete and recreate the deployment configuration) to read from the main branch.

• Support deployment with docker and Kubernetes (K8s).
  • On-premises or with any Cloud Vendor providing Kubernetes support.
  • You may need a self-hosting license. Free for development, testing, small companies, including personal projects and non-profit educational institutions.
• Support to use MongoDB and PostgreSQL as database and cache, configurable.
• Support to seed a main tenant.
• Optionally run without a KeyVault.
• Optionally log to Stdout.
• Always log to Stdout if in development mode.
• Default run with a file store as database and cache in development and optionally a memory cache.
• Invalidate the environment cache if the master certificate becomes too old and needs to be forcibly renewed.
• SAML 2.0 authn request include ACS URL.
• SAML 2.0 issuer error text improved.
• Authentication methods data class change to always use a list of Issuers instead of SAML 2.0 using issuer.
• CosmosDb seed moved to CosmosDbDataRepositoryClient constructor.
• A tenant and an environment can not have the name "control" or "health"
• Support X-FoxIDs-Secret as query parm.

If deployed in Azure Consider changing you Azure App Services to use Azure App Service Container deployment with a Linux App Service plan. It is significantly cheaper to use a Linux App Service plan instead of a Windows App Service plan.
You need to create two new App Services for the FoxIDs site and FoxIDs Control site and a new Linux App Service plan.

• Select single container and deploy from Docker Hub
• Add the two new App Services to the VLAN data subnet
• Create and configure managed identities for the two new App Services
• Grant the two new managed identities access to Key Vault and Log Analytics workspace