Wydania

Linux releases are configured to be deployed with a reverse proxy like e.g., Nginx or Apache. The FoxIDs websites is default configured for incoming traffic on port 80. Read the request domain in the X-Forwarded-For header and read the schema in the X-Forwarded-Proto header. Log are default written to the /var/log/ folder.
The Linux releases found in FoxIDs-x.x.x-linux-x64.tar.gz is self-contained and you do not have to install the .NET runtime.

Deployment descriptions:

• Host ASP.NET Core on Linux with Nginx https://learn.microsoft.com/en-us/aspnet/core/host-and-deploy/linux-nginx

• QuickStart: Deploy a .NET Core on Linux application to Elastic Beanstalk - AWS Elastic Beanstalk https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/dotnet-linux-quickstart.html

• Make Control Client prettier when using least privilege.
• Make it possible to query environments with least privileges and get a result based on the access.
• Log and show request method in logs.

Bugs fixed:

• Spelling mistakes in code, change the scope/role access rights element from Base to Basic and thus follow the documentation.
• Add missing access rights for environments to accept the overall scope/roles foxids:tenant:track and foxids:tenant:track[xxxx] instead of only access rights with least privileges.

• When a new tenant is created, an administrator user is added to the master environment with the admin role. If the administrator user does not need to change the password. The administrator user is now also added in the other environments in the tenant as basic users without the admin role.

Bugs fixed:

• The FoxIDs logo was displayed with incorrect font on iOS due to missing imbedded font.

• Support OpenSearch with self-signed certificate by using the setting Settings.OpenSearch.AllowInsecureCertificates: true.
• Support OpenSearch migration with optional OpenSearch query configuration and cross-cluster search.
• Support SMTP without username and password authenticate.

• Support IIS deployment on Windows server.
• Support both HTTP and HTTPS, but you should always use HTTPS in production.
• When a new user is created in the login UI. Changed to not confirm the account if not configured.

• Support Home Realm Discovery (HRD) based on IP addresses, IP Ranges and regular expressions, docs.
• Full support for SAML 2.0 IdP-Initiated Login in OpenID Connect applications with IdP-Initiated Login grant functionality to avoid an extra round-trip to the external IdP, docs.

• Support matching issuer and authority with application specific issuers in OpenID Connect and OAuth 2.0 applications.

• Add refresh_token_expires_in in token response. Contains the number of seconds remaining until the refresh token expires. Not included if the refresh token has unlimited lifetime.

Bugs resolved:

• https://control.foxids.com/api/swagger/v1/swagger.json return blank page because incorrect namespace in API method.

• Support SAML 2.0 IdP-Initiated login in SAML 2.0 authentication methods and forward the login to SAML 2.0 and OpenID Connect applications.
• Control API methods to list users locked for an observation period and remove the user from the observation period.
• Control Client UI to show users locked for an observation period and remove the user from the observation period.
• Not send emails and SMS if the user are locked for an observation period.
• Delete the users refresh token grants in all Login authentication methods (it is possible to configure more then one).

• Control API methods to list and invalidate refresh token grants.
• Control Client UI to list and invalidate refresh token grants.

Bugs resolved:

• Not invalidating track cache when the JWT to SAML 2.0 claim mapping is updated automatically.
• Refresh token grants is not deleted on logout in environment links.