Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

SafeNet IDPrime Virtual Server Release Notes

SafeNet IDPrime Virtual 2.7.0

search

SafeNet IDPrime Virtual 2.7.0

RELEASE NOTES

Issue Month: October 2024

Build Details

  • Server (Full version): 2.7.0

Product Description

SafeNet IDPrime Virtual (IDPV) is a PKI-based software authenticator that uses latest innovation in software-based smart token technology to combine the strong two-factor security of a smart card. It is cost effective and convenient for the software authentication. IDPV emulates the functionality of physical smart cards used for authentication, email, data encryption, and digital signing to enable the use cases such as VDI, BYOD, backup, and mobility on any device. It secures user private key on HSM with user authentication from OIDC compatible Identity providers (IDPs).

Release Description

SafeNet IDPrime Virtual v2.7.0 includes new features and bug fixes from the previous version.

New Features and Enhancements

IDPV Server

Two APIs have been added to the IDPV server:

  • Complete Provisioning API: This API allows administrators to complete the provisioning process for a Smart card.

    /IDPrimeVirtual/V1/Tenants/{tenantId}/Users/{userId}/Tokens/{tokenId}/CompleteProvisioning

  • GetTokens API V2: The updated version of the GetToken API provides token details and the provisioning status of the card.

    Get 

    /IDPrimeVirtual/V2/Tenants/{tenantId}/Users/{userId}/Tokens/{tokenId}

    Response

    
{
"tokenID": "string",
"metadata": "string",
"keyIDs": [
"string"
],
"isOfflineModeSupported": true,
"isProvisioned": true,
}

Default Password

Virtual IDPrime cards are supplied with the following default token password: “000000” (6 zeros) and the Administrator Password must be entered using 48 zeros.

Password Recommendations

We strongly recommend changing all device passwords upon receipt of a token/ smart card as follows:

  • User PIN should include at least 8 characters of different types.

  • PIN character types should include upper case, lower case, numbers, and special characters.

    For more information, refer to the ‘Security Recommendations’ section in SafeNet IDPrime Virtual Server-Client Product Documentation.

Compatibility Information

Operating Systems

Following operating systems are supported:

Server Operating Systems

  • Ubuntu 22.04

  • RHEL 8

Middleware

  • SafeNet Authentication Client 10.9.3693.0

  • SafeNet Minidriver 10.9.3120.0

IDPV Windows Client

  • Windows Client: 2.7.0.611

Virtual Smart Card Features

Below table specifies the various features that are supported by IDPV:

Features: Device: SafeNet IDPrime Virtual
Number of Keys 15 max
RSA Key Size 2048 bit
RSA Padding PKCS#1 v1.5
Hash and Signature Schemes

SHA-2 512-bit

CKM_SHA1_RSA_PKCS_PSS

CKM_SHA256_RSA_PKCS_PSS

CKM_SHA384_RSA_PKCS_PSS

CKM_SHA512_RSA_PKCS_PSS
Supported APIs PKCS#11 V2.20, PKCS#15, MS CryptoAPI and CNG(CSP,KSP), PC/SC
Supported cryptographic algorithms 3DES, SHA-256, RSA upto 2048, RSA PSS

Execution of Third-Party Security Tools

  • Aqua Trivy 0.34.0

  • Anchore Grype 0.53.1

  • Open Collective Dockle 0.1.16

  • Anchore Syft 0.62.1

  • Cisco ClamAV 2.6.5

Compatibility with Thales Applications

Virtual IDPrime cards can be used with the following products:

  • SafeNet Authentication Service Private Cloud Edition (SAS PCE) with Keycloak / SafeNet Trusted Access (STA)

  • SafeNet Authentication Client (SAC) 10.9.3693.0

  • SafeNet Minidriver 10.9.3120.0

Resolved and Known Issues

This section lists the resolved and known issues that exist in this release. The following table defines the severity of the issues listed in this section.

Severity Classification Definition
C Critical No reasonable workaround exists.
H High Reasonable workaround exists.
M Medium Medium level priority problems.
L Low Lowest level priority problems.

Resolved Issues

Issue Severity Synopsis
IDPV-7911 H MSSQL database is not working after migration.
IDPV-7202 H IDPrime virtual server API gives 200 response without response body, in case the database connection fails.
IDPV-6850 H JWT signing key rotation is not handled.

IDPV-8914

 M IDPV server is not returning error if wrong parameters are passed.

IDPV-6827

 M Refresh token behavior conflicting with Windows system level cookies in Azure IDPV Client.
IDPV-6579 M Only the Import API code is updated as it was having scope for code optimization.
IDPV-6118 M For Okta IDP, the redirect URL is opening in Internet Explorer.
IDPV-5983 M Provisioning API (Import Cert) is allowing the same certificate to be uploaded multiple times.
IDPV-7207 L Incorrect message on swagger interface in case of Generate CSR response-UI Issue.
IDPV-5746 L In Provisioning APIs, Import pfx certificate in case of wrong cert and wrong password is getting 500 error.

Known Issues

Below are the known issues that exist in this release.

Issue Severity Synopsis
IDPV-5072 H

Summary: DPoD is not working on Alpine based docker.

Workaround: None
IDPV-5710 H

Summary: Friendly name doesn't appear when certificate is imported via Import API.

Workaround: None

Related Product Documentation

The following documentation is associated with this release:

ThalesDocs

IDPV Documentation Homepage

We have attempted to make the documentation complete, accurate, and useful, but we cannot guarantee them to be perfect. When we discover errors or omissions, or they are brought to our attention, we endeavor to correct them in succeeding releases of the product.

On this page