Versions

• By default, the SAML 2.0 application's Name ID value is the user's unique ID. With this release, if you configure urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress as Name ID Format, the Name ID value becomes the user's email.
• Improve SAML 2.0 signature validation certificate not configured error message.

Resolve bug:

• User id validation bug, which in some cases results in a incorrect session validation check.

• Automatically create mappings between JWT and SAML claim types (configurable).
• Support duplicated mappings of both JWT and SAML claim types.
• DK privilege claim transformers is default configured to replace claims in FoxIDs Control Client.
• Add a Client ID parameter in OpenID Connect RP-Initiated Logout Request.
• Support Amazon Cognito non-compliant OpenID Connect logout with workaround.
• Default not delete sequences to improve the browser back experience.

• Support profiles in the following authentication methods:
  • OpenID Connect
  • SAML 2.0
  • External API Login
  • Environment Link
• Change external API login to use error text on errors instead of only HTTP error codes.
• Support to change the technical name / Client ID / Resource ID on applications and authentication methods.
• Support to change the profile name in authentication methods.
• Support to disable login hint in SAML 2.0 authentication methods in authn request Subject.NameID.
• Increase K8s Nginx buffer size and limited the ID Token size in the authentication method session.
• ITfoxtec.Identity version 2.10.2
• ITfoxtec.Identity.Saml2 version 4.12.7
• NuGet package updates.

Resolve bugs:

• Null reference exception if a SAML 2.0 logout request is received without a NameID.
• SAML 2.0 authn context comparison types do not accept lowercase values.
• Do not update allowed authentication methods on environment links.

• Remove 2FA / KeyVault restriction from free plan.
• Add one day to OpenSearch 30 day logs to support months with 31 days.
• Add Operation ID to error page.
• Improve OpenID Connect auth method empty response error message.
• Default not adding content security policy (CSP) form-action instead of sending "*". Default disabled because Chrome/Safari block redirects and it is impossible to know about further redirects.
• Improve automatically update of OpenID Connect discovery and SAML 2.0 metadata.
• Remove two irrelevant API trace logs.

Resolve bug:

• Add TTL index to MongoDB based cache.

• Accept to return CORS with custom schemes like capacitor://localhost.

• Remove usage type logs from OpenSearch log query.
• Add usage count for external users.
• Not include the master environments in the environments usage count.

• Change logging to make Application Insights optional and support OpenSearch for logging. Configured OpenSearch with the log option OpenSearchAndStdoutErrors.
• Log properties are changed to be more readable and not start with f_.
• Improve MongoDB support and add master data in separate collections.
• Change to use MailKit instead of System.Net.Mail to support implicit TLS.
• Add IgnoreProxyHeaderDomain setting to ignore a specific domain and by that support multi tenant deployment in K8s.
• Add support for 1000 values in processing claims.

• Starting to phase out the use of KeyVault inside the FoxIDs application. KeyVault is still used for secrets in an Azure deployment.
• With this version, application elements are moved from KeyVault and into the database.

> IMPORTANT: Before updating to this version, grant the FoxIDs sites managed identity the Delete secret and Delete certificate permissions in Key Vaults Access policies.

• Kubernetes deployment improved and tested on OVHcloud.
• Docker build libraries used in the GitHub action updated to the latest version.