Rilasci

• Support 200 HRD domains on an authentication method with a total combined length of 2000 characters.
• Improve HRD selection and improve help text in Control Client.
• Add support for Elliptic Curve.

Resolve bug:

• HRD bug in Control Client making it impossible to add * instead of a domain.

Resolve bug:

• Failed while trying to generate certificate information if the key is Elliptic Curve (EC).

• Improve external user UI on authentication methods and add text about claims overwriting.
• Improve error handling if an external user is disabled.

Resolve bug:

• Correct master partition id in Mongo and PG repositories.
• Resolve DynamicElement type pascal casing bug.

• Remove the cache clean up logic from the seed logic because it is unused.
• Update and clean up Azure ARM template.

Resolve bug:

• PostgreSql data clean up loads incorrect objects and fails.

Resolve bug:

• The email selection field is not shown if needed if only OIDC and/or SAML 2.0 authentication methods is selected.

• By default, the SAML 2.0 application's Name ID value is the user's unique ID. With this release, if you configure urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress as Name ID Format, the Name ID value becomes the user's email.
• Improve SAML 2.0 signature validation certificate not configured error message.

Resolve bug:

• User id validation bug, which in some cases results in a incorrect session validation check.

• Automatically create mappings between JWT and SAML claim types (configurable).
• Support duplicated mappings of both JWT and SAML claim types.
• DK privilege claim transformers is default configured to replace claims in FoxIDs Control Client.
• Add a Client ID parameter in OpenID Connect RP-Initiated Logout Request.
• Support Amazon Cognito non-compliant OpenID Connect logout with workaround.
• Default not delete sequences to improve the browser back experience.

• Support profiles in the following authentication methods:
  • OpenID Connect
  • SAML 2.0
  • External API Login
  • Environment Link
• Change external API login to use error text on errors instead of only HTTP error codes.
• Support to change the technical name / Client ID / Resource ID on applications and authentication methods.
• Support to change the profile name in authentication methods.
• Support to disable login hint in SAML 2.0 authentication methods in authn request Subject.NameID.
• Increase K8s Nginx buffer size and limited the ID Token size in the authentication method session.
• ITfoxtec.Identity version 2.10.2
• ITfoxtec.Identity.Saml2 version 4.12.7
• NuGet package updates.

Resolve bugs:

• Null reference exception if a SAML 2.0 logout request is received without a NameID.
• SAML 2.0 authn context comparison types do not accept lowercase values.
• Do not update allowed authentication methods on environment links.

• Remove 2FA / KeyVault restriction from free plan.
• Add one day to OpenSearch 30 day logs to support months with 31 days.
• Add Operation ID to error page.
• Improve OpenID Connect auth method empty response error message.
• Default not adding content security policy (CSP) form-action instead of sending "*". Default disabled because Chrome/Safari block redirects and it is impossible to know about further redirects.
• Improve automatically update of OpenID Connect discovery and SAML 2.0 metadata.
• Remove two irrelevant API trace logs.

Resolve bug:

• Add TTL index to MongoDB based cache.