Tulip component release notes

134

New features

• Added configuration to set the exp in the introspect response as the number of seconds since epoch time.

• Added the additionalData property for the eventPublisherTask.

• [UI] Added configuration to preserve text field content on backend errors.

Bug Fixes

• Fixed missing claims when using Access and a remote IdP in the persona selection flow.
• Fixed the occurredTime attribute format for OneEx events.

133

New features

• Added filtering for event APIs.

Bug Fixes

• Fix on OIDC logout if token is granted through a refresh token
• Fix on the ability to create users in the locked state due to multiple login attempts
• Configuration added to set issuer for token introspection
• Security improvements

132

New features

• Added new API to import OTP seeds.
• Added ‘Have I Been Pwned' UI acknowledgment messages.
• Support user creation using PBKDF2-HMAC-SHA256 hashed passwords.

Bug Fixes

• Fix on string attribute validation for SCIM API.
• Log improvements

131

New features

• NA

Bug Fixes

• Fix for successful post login action using TOTP as 2FA.
• Fix on authorization headers for HttpRequestor tasks.
• Security improvements.

R130

New features

• Added ‘Have I Been Pwned' password vulnerability check.

Bug Fixes

• Improved login page web accessibility for text fields and buttons.
• Security improvements

R129

New features

• Added support for encrypted passwords in the credential API.
• Added user email notification for admin password resets, including new email template.
• Added cache mechanism when requesting access token to external IDP.

Bug Fixes

• Improvement in workflow API logs.

R128

New features

• Allow cookie whitelisting

Bug Fixes

• Fixed email display in some reset password flow
• Expiration time added in generic token to ensure proper clean-up
• Fixed missing identifying value in Login Success event
• Fixed access and refresh token invalidation after session termination

R127

New features

• NA

Bug Fixes

• Fix in user management to avoid multi-valued attribute duplicates
• "Remember me" feature fix for 2FA push and QR code [UI]
• Fix on user deletion in GRACE state
• Miscellaneous security improvements

R126

New features

• NA

Bug Fixes

• Fixed the clean-up of stale account lockout entries
• Fixed password reset flow within the OIDC authentication flow
• OIDC persona-selection flow bug fixed to use remote IDP claims when the trigger expression is evaluated
• SAML fixes:
  • Computed claims support the boolean type
  • Persona-selection flow supports empty claims
  • Parsing valid SAML request fix
• Security improvement on cookies policy

R125

New features

• Support added to show text above text field input fields (configurable per translation).

Bug Fixes

• Security fixes

  • Added headers to enforce no-cache policy

  • Fix for CORS requests

R124

New features

• Just-in-time passkey creation:

  • Added support for creating passkeys after login.

• Post successful login action:

  • Allows conditional triggering of a workflow after user logins. An example use case is a mandatory password reset after login.

Bug Fixes

• Disabled autocomplete for the OTP screen during login

• Improved security on CORS requests

• Fixed my-page screen rendering

R123

New features

• Added the ability to configure which special characters are allowed in passwords

Bug Fixes

• NA

R122

New features

• Added support for passwords that contain the escape characters * and "*.

• Phone number and email masks are configurable.

Bug Fixes

• Logs improvements

• User management system (SCIM):

  • User-not-found response code set to 404

  • User-already-exists returns a 409

  • Boolean attributes improvements

R121

New features

• Added last time login on the user details page (DUMS).

• Added event information:

  • new_primary_phone_number in the 412 event

  • new_primary_email_number in the 409 event

Bug Fixes

• Event publisher health-check logs removal

R120

New features

• Added an API gateway filter that performs checks against a list of allowed hosts.

Bug Fixes

• Bug fixed on encoded state parameter during redirection

• Bug fixed on SAML flow redirection in Safari

• Added a missing clientId when calling the access_token in following cases:

  • SAML

  • OIDC with PrivateKeyJwt

  • OIDC with the client using client secret basic

R119

New features

• NA

Bug Fixes

• User deletion to delete the associated user consents

• User deletion to delete the associated identity link

• Security fix on information disclosure within the auth token

• [UI] Reinforce CSP security level

## R118

New features

• Introspection flow optimization for AWS deployments

• Added support for protecting workflow processes using OAuth 2.0 client credentials

Bug Fixes

• Bug fixed on displayed error during account migration flow

R117

New features

• Allow query input parameters for workflow

• Event added for FIDO authentications

Bug Fixes

• Security fix on CSP headers

• [UI] Removed the error state during redirection in the workflow process on username and password inputs

R116

New features

Validity period of Magic Link can now be configured.

Bug Fixes

• [UI] Passkey deletion doesn't require re-login.
• Improvements on login API error handling.
• Bug fix on internal attribute metadata verification.

R115

New features

• Added support for adding Passkeys for an authenticated user.
• [UI] Self-service Passkey management (create, view, delete).

Bug Fixes

• Security improvements on password reset mail flow.
• Performance improvement on account lockout clean up.
• Bug fixed on special character SCIM filter.

R114

New features

• Added support for viewing Passkeys [ADMIN].
• Added support for deleting Passkeys [ADMIN]
• Added support for protecting workflow processes using basic and auth authentication.
• Added the possibility to include a customer redirect url in the sent email.

Bug Fixes

• Fixed bug on SLO for Access.
• Security improvements on password reset mail flow.
• Performance improvements.

R113

New features

• Add support for viewing Passkeys for authenticated user.
• Add support for deleting Passkeys for authenticated user.
• Token introspection within Notification hub.

Bug Fixes

• All custom fonts (Open Sans & Material Icons) are now coming from nginx instead of googlefonts.

R112

New features

• Notification hub logs enhancements.

Bug Fixes

• Fixed a bug on login API health endpoint.

R111

New features

• Fido passkeys authentication method support (registration & activation).
• Possibility to use persona-selection support extension.
• Tulip SLO notification support extension.

Bug Fixes

• Bug fixed on persona selection within an existing session.
• Stability improvements.

R110

New features

• Custom events retrieval through notification hub subscriptions.

Bug Fixes

• Fixed a bug for handling static content requests.
• Fixed a bug on email change confirmation.
• Fixed a bug on SAML Metadata endpoint.

R109

New features

• Reports generation.

Bug Fixes

• Fixed a bug for missing translation on change password.
• Fixed a bug on login UI redirect failure after registration.
• Additional logs have been added when mail is sent.

R108

New features

• It is now possible to show a numeric keypad on devices to fill out the OTP

Bug Fixes

• Fixed a bug in the implementation of SCIM filters that resulted in a 500
• Fixed a bug where the the label of the phone number field was never translated

R107

New features

• Inactive users can now use the reset password flow to get activated

Bug Fixes

• Fixed a bug where a user was blocked on system level and not on tenant level
• Fixed a bug where the UI froze during SAML redirection

R106

New features

• Errors coming from 3rd party IdPs will now be shown in a snackbar. Translations are possible. If a translation is not provided, the error coming from the IdP wil be displayed.
• Added a new API to return the available MFA options for a user by identifying value.

Bug Fixes

• Now if we have a goto/returnUrl in the process then it will redirect to provided goto url only instead going to the profile page after the end of the process

• Fix the issue where the user would see an error ‘expired smartLink’ instead of being logged in when the smartLink wasn't expired yet.

• Resolved an issue in which audience URI validation failed when using private__key__jwt auth method

• Fixed a problem with auto login where the code was swallowing some exceptions.

R105

New features

• Added new APIs to enable orchestrating some basic authentication methods.
• Opened up the API's to configure email templates

Bug Fixes

• Issue with filtering using booleans is fixed

R104

New features

• Added the possibility to configure the length of the OTP and the TOTP for the UI
• Synchronised the lockout meta data after removing the temporary block using SCIM

Bug Fixes

• Invalidated the refresh token on terminate session
• Fixed as issue for overridden cookies when using multiple tabs
• Fixed an issue when users cannot log in with TOTP on Chrome

R103

New features

• We changed the way how we're handling errors coming from 3rd party IdP's.
• We increased the timeout when waiting for an authentication using a 3rd party IdP
• Custom workflows now support private key JWT
• The custom event schema is now extended with location, device and client information
• We now show an error when the user name contains a space while this was not allowed
• Created CM SPI implementation to send out sms and voice OTP

Bug Fixes

• SameSite is now set regardless of the used flow
• When we hit a time-out during authentication using a 3rd party IdP, we will now return a correct error
• Calling the endSession endpoint with an expired token, now no longer returns an error but ends the session and redirects to the post logout URL.
• We now no longer allow '/' to be part of the name of a process to avoid unexpected behaviour
• we fixed an issue where the UDH no longer accepted 2 claims with the same name
• we fixed an issue where we disclosed information of underlaying components
• we fixed an error where re-submitting a form was not possible
• we fixed an issue where a user couldn't resend an email in the registration flow
• We fixed an issue where now the process will restart if the user click on back/forward button in e.g. the reset password process

R102

New features

• Improved the way how workflows can be managed

Bug Fixes

• fixed an issue where we redirected to a redirect URL that was only internally available
• streamlined the cookie configuration over the different flows
• streamlined the Language dropdown UI between Password Reset screen and the Login screen
• fixed a bug in the new component for the persona selection that was introduced in the version v101
• fixed a bug where we showed an incorrect message on the Registration screen when using auto fill
• removed redundant error message when a user uses a wrong OTP code

R101

New features

• improved the support for Flowmailer for sending out emails
• added support for sending out emails to email addresses that contain non-europeans characters
• support for SAML SLO when using computed claims in combination with the persona flow
• added the possibility to make new custom workflows external available by configuration
• a new version of the end session API is introduced so when a user is logged out from an OIDC SP, the connected SAML SPs will be notified out the logout so that the - - local SAML SPs will be invalidated as well.
• introduced a new password expiration module in order to provide more flexibility
• now the language selector highlights the selected language I the dropdown
• introduced a new component to select a persona/company with search options and styling options
• added the gotoURL in a secure way to the registration workflow

Bug Fixes

• aria-invalid issue fixed with noClear config and aria-errormessage attribute is also implemented with validations.
• fixed the issue where the errors from the backend never reached the frontend while trying to log in
• fixed an accessibility bug in Firefox where now the user is able to focus on links using Tab and can open them using Enter
• extended the account lock-out to the ROPC flow
• the state-parameter is now passed to the logout-redirect-url when end session is triggered
• fixed 2 bugs where error messages disappeared too soon
• fixed a bug where we validated the input before any input waas given
• UI validation issue fixed for the email field in both the smart link page and the help menu page
• fixed an issue in the step-up flow

R100

New features

• Added possibility to build RSA and HMAC signed JWT in a workflow process.

Bug Fixes

• fix issue when social login returns NPE

• fixed that fact that while creating ACTIVE users, they still received an activation email.

• fixed JIT to work with SAML on AWS

• fixed the fact that we allowed a space as the first character of an email address when creating a user using SCIM

• fixed styling for the OTP input field used across multiple workflow flows

• fixed aria-invalid attribute issue

• fixed an issue where the consent events were not received

R99

New features

• Made it configurable in the SCIM API to return or not to return the total count in order to make the call more performant.
• Allowed to skip some tests to make sure users can be created during import. This also improves the performance of the import. Note that the skipped rules are then the responsibility of the user importing the users.
• Authorise call for the account-link workflow that auto redirects to 3rd party contains gotoURL in request
• Improving the performance of the workflow by making sure that not too much data is set when the process starts
• Added PKCE to MyPage
• Enable the validation of username and password fields
• Non European languages (left-to-right and right-to-left) are now supported

Bug Fixes

• Fixed a bug where didn't pass the Bearer token in some cases
• Fixed a bug where the workflow doesn't return headers when the response isn't 200
• Fixed a bug where the enduser could choose a 2FA option that was not available
• Fixed a bug that made it impossible to use a tag manager is some places
• Excluded source map files from bundle for login-ui & workflow-ui
• Upgraded few libraries/packages to remove vulnerabilities in workflow-ui
• It is now no longer possible to create users with the same email address, even in all race conditions
• Fixed a bug that made one of the major components not to start

R98

New features

• "Remember my device". Allows a user to skip 2FA when using the same device. After successful authentication if the user is required to authenticate using second factor the user can tick ‘remember device’ checkbox on selected 2FA option screen. If the authentication is successful the user’s device metadata is stored in the database as trusted device. Next time authentication is performed and user skips 2FA using trusted device the Second factor authentication skipped event is generated.
• Added events for operations on trusted devices - creation (173), deletion by user (175) and deletion by admin (176).

Bug Fixes

• Fixed an issue when identity links API fail with “Peer not authenticated“ when connecting to remote https service
• Upgraded all services to latest java 11
• Fixed id token validation when token is signed with Elliptic Curve (EC)
• User-info is now updated when the profile is changed and when using the persona flow
• Fixed an issue where sending an XSS payload through client side request (CSR) resulted in reflected XSS.
• Improved performance for several SCIM requests
• Fixed an issue where enhancing OAuth claims with RITM data failed for attributes defined with URN schema.
• Fixed an issue where successful 1FA with QR-code with mandatory 2FA was throwing a NullPointerException.
• Fixed issue with form not being submitted and instead showing errors when workflow form is autofilled with data

R97

New features

• Added events for 2FA voice confirmation (valid [170] / invalid [171] code entered) that were missing.
• Added option to control which fields (username/password/both/none) are cleared after failed authentication.
• The language selector has been made more accessible.

Bug Fixes

• Fixed issue with prompt=select_account which did not trigger the persona switch
• Fixed prompt select_account issue when multiple scopes present
• Fixed cross segment issue for the oauth protected APIs
• Performance improvement for SCIM filters
• Streamlined event generation for OTP validation during authentication with 2FA. (aka Improved login performance when multiple users have the same phone number)

R96

New features

• Added support to skip the second factor if first factor is considered strong enough.

• Updated introspect endpoint to return also the persona selected if this is configured

• Added two PUT endpoints for computed claims OIDC/SAML and updated the POST for computed claims to throw an error if the same entry is already present

• Added support to start a workflow process with an additional parameter, returnUrl.

• Allow introspecting Access access tokens

• Added support to link/unlink/login with an Apple account

• The text for TwoFA voice and snackbar can be configured now via translations.

• Improved accessibility for accordions that are used in help-menu page

• Disabled spell-checker for all fields in order not to share any data

Bug Fixes

• Fixed the introspect token endpoint (400 Bad Request) which causes SCIM traffic to fail
• Fixed social account linking if remote IdP claims mapping was enabled
• Fixed an issue with dropping emails when service can’t connect to the mailserver by re-queueing and retrying specified amount of times and if that fails then sending the message to parking queue.
• Fixed issues with step up authentication for SAML
• Fixed an issue which resulted in duplicates complex objects when patched complex values that have no value property
• Fixed OIDC end session when id_token_hint is expired
• Added SamlAuthRequestParser for SAML to extract the issuer
• Added missing information in events
• Added missing state transition events
• Enabled functionality of an already logged-in user to switch between personas without having to log-out and log back in.
• Boolean attributes are now supported in introspect/id_token
• Fixed social unlinking issue
• Fixed deleting address from a profile

R95

New features

• Make it possible to rate limit a POST endpoints and exclude IP addresses
• Additional UI accessibility improvements

Bug Fixes

• Fixed a SCIM issue where no decimals could be used during the creation of a user
• Updated the PKCE verifier to comply with the specs
• Improved the performance of the login-api
• Fixed the intermittent failure of the auto-login after account verification
• Fixed the app-scheme as redirect-URI

R94

New features

• Added API to elevate SSO session in case of set-up authentication requested by a customer application
• Multiple improvements in the UI concerning accessibility
• Support for all the most common language code

Bug Fixes

• Fixed Single Log Out for SAML
• Fixed Full Message Encryption for external IDP when auto redirect is enabled
• fixed an issue when Push Notification fails if there is only one (1) device enrolled

R93

New features

• Improved the "persona flow" for OIDC

Bug Fixes

• Solved an issue where Full Message Encryption resulted in an error

R92

New features

• Choose to clear the password field when entering incorrect credentials

Bug Fixes

• Fixed the issue where OTP validation did not work on the second attempt
• Fixed the issue where it was not possible to search for integer attributes using the SCIM API both in single and complex attributes
• Fixed the issue that meta attributes were displayed in date format instead of timestamp format
• Mapped the external claims from userInfo endpoint to OW id token when auto redirect is enabled

R91

New features

• Added support for jti claim for authenticating clients using private key jwt
• Added support for 'persona' during SAML authentication

Bug Fixes

• Fixed a bug where the nonce was not available when stateless tokens were enabled
• Addressed memory leak in nginx causing nginx to restart
• Fixed an issue with a checkbox for a consent not being conditional at registration
• updated the syslog publisher in order to make syslog events v2 do arrive at the customers
• Addressed a number of smaller security issues

R90

New features

• Removed both the Service Desk and the Config UI
• Added JIT user migration when a user doesn't exist
• Added JIT user migration when only the password was incorrect and the user did't perform the JIT procedure yet
• Added new config to allow enable/disable attribute hashing functionality

Bug Fixes

• Update default registration BPMN
• Fixed an issue when SCIM filter attribute hashing wasn't working when the attribute is complex
• Fixed null pointer exception when terminate session is called
• Fixed issue when id_token validation during remote IdP authentication fails if the validation is done using jwk uri and the x5t (x509 certificate) is used to verify the signature
• Fixed issue when PATCH request fails for complex attributes, with subattributes having values other than String, such as integer or boolean

R89

New features

• Added possibility to hash a specific attribute value before storing it, including

  • support in the SCIM API
  • support in the workflow
  • Added the possibility to decrypt the id_token and user info response from an external IdP

Bug Fixes

• Fixed authentication issue when two accounts have the same socialId on different segments
• Fixed issue when acr_values are send and response type none
• Invalidate all the access tokens when the user is deleted.
• Fixed the issue that sms code validation was allowed once more than configured
• Cookies are now set with SameSite=none, to accommodate certain cross-domain javascript requests while retaining cookies

R88

New features

• Added fi-FN country code for the workflow UI
• Add UI support in login-ui for displaying TOTP in a MFA flow or step-up flow
• Removed 'unsafe-eval' from the Content Security Policy
• Added support in nginx to have a base-uri in the Content Security Policy. By default it's set to self.
• Added the possibility to send air_values during registration
• Added user info to the OneWelcome IDToken coming from the 3rd party IdP used to authenticate

Bug Fixes

• fixed a bug that showed an error message when entering an OTP while it shouldn't been shown

R87

New features

• created a sample registration BPMN that requires TOTP enrolment

Bug Fixes

• fixed a bug that made SAML login to fail when using 2FA

R86

New features

• improve the UI when handling errors in the OTP flow
• add support for SAML step-up authentication
• improve support for TOTP

Bug Fixes

• fixed a bug that stored and used the goto parameter in the UI
• fixed a bug that allowed SMS flooding when requesting a SMS code for an OTP
• made the Content Security Policy more strict by removing “unsafe-inline” from it

R85

New features

• TOTP support

Bug Fixes

• fixed a bug that didn’t allow using booleans in a complex sub attribute in SCIM
• fixed an issue with smart links

R84

New features

• N.a.

Bug Fixes

• Fixed an issue where step up auth sometimes failed after a password reset
• Fixed an issue with the SAML RelayState url where sending an opaque value instead of an url in the request as a value to the relay state parameter, which caused the SAML request to fail
• Fixed a UI issue with a greyed out button which should be active
• Security fixes

R83

New features

• N.a.

Bug Fixes

• Fixed an issue in the SCIM search option which sometimes failed if a complex attribute had duplicate data
• Fixed an issue where remote idp's like social provides would sometimes fail across multiple segments
• Changed PBKDF2 hashing algorithm to be able to authenticate users with passwords being hashed with salt in front of the hash

R82

New features

• Introduced options in the Credential API to verify a phone number without the need to make it primary

Bug Fixes

• Fixed an issue where the issuer value in the ID token could deviate from the wellknown endpoint value

R81

New features

• Added support for redirecting the user to a configured page in case an external attribute request fails
• Added support for QR codes in Image file types rather than raw data

Bug Fixes

• Fixed UI issue where MFA options screen did not auto select the first option
• Fixed some minor security bugs
• Fixed some issues where resending the activation email did not work properly

R80

New features

• Added the ability for users to obtain a new activation email from a previous received, expired, activation email. This allows users to request a new activation email when their original activation token expired.
• Added support for token enrichment of the ID token with claims from an external IDP (OIDC)
• Added the ability to define a redirect URL in the authentication request when signing in with Smartlink through an API request so that the user is redirected to the requested URL rather than the default redirect URL.

Bug Fixes

• Fixed a bug that prevented to remember the preferred MFA option for returning users
• Fixed a bug where external attribute collection would sometimes throw errors in case of SAML initiated authentication requests

Performance improvements

• Fixed an issue where users couldn't be unblocked using account lockout functionality
• Notification hub API updated with additional scopes for accessing the API
• Fixed an issue to default to a configured language when an identity has no preferred language set
• Fixed an issue where SAML requests with a large RelayState did not work properly
• Fixed an issue where the KID header was missing in some scenarios for the Access and Refresh tokens

R79

New features

• Small UI update to allow styling of individual words
• Added support to verify an email address without making it primary

Bug Fixes

• Fixed an issue in the UI which let the cursor jump to the end of the form field for OTP entry
• Fixed UI issue on Push notification screen in step up scenarios
• Fixed UI issue to correctly display very long email address
• Fixed UI issue for MFA with email
• Fixed mismatch in polling interval for QR authentication
• Improved Notification hub documentation
• Improved cashing for external attribute collector
• Addressed Log4J issues

R78

New features

• Event mapper updates
• Improved logging on 404 events, request_uri now also available

Bug Fixes

• Fixed a UI bug where specific MFA options sometimes where missing during step up
• Small UI fix on color scheme
• Small UI fix for accessibility on the password reset OTP page
• UI fix when navigating back to MFA option screen after selecting an option
• Fixed issue where invitations failed if inviter did not have primary email set
• Performance improvements on SCIM search when starting with 'emails'

R77

New features

• Added additional Events on the users Timeline for Social Account Linking

Bug Fixes

• Small UI fixes on Login page where cursor would not be placed inline of provided username
• Performance improvements on Authentication
• Input validation fixes

R76

New features

• OAuth 2.0 documentation update
• Introduced the ability for Just In Time (JIT) provisioning with automatic redirects for OAuth and OpenID Connect external Identity Providers

Bug Fixes

• Fixed an issue which caused the flag icons to be broken when choosing a country
• Fixed issue with introspect endpoint when using a remote IDP

R75

New features

• Updated IMI documentation to OMI documentation
• Added PUT operation for Dynamic Client Registration

Bug Fixes

• UI fix for better feedback when user declines push notification
• Fixed small issue with error messages for address, phone number and email address verification

R74

New features

• Added 'verified' status in 'Get' response for primary email and phone number indicating whether or not a primary phone number or email address has been verified
• Introduced and updated API's for OneWelcome Mobile Identity based on former Onegini technology

Bug Fixes

• UI fixes for Persona Flow
• Fixed issuer which was no correctly calculated when using create session tokens based on Mobile issued access token

R73

New features

• Improved events on user timeline to be more verbose on attribute updates
• Added specific event for declined push notifications in the authentication flow rather than 'Authentication failed'

Bug Fixes

• Fixed issue with AAL value settings for push notification as second factor
• Updated API documentation for Event API
• Security fixes

R72

New features

• Persona flow; providing the ability for a user to select what persona (s)he would like to be during a session, when a user has multiple values on a specific attribute, we allow the user to choose from a list what value to use, resulting in a different assertion / token content issued to the requesting application. Enabled for SAML initiated flows. OIDC will follow soon.

Bug Fixes

• Security fix
• Fix on schema API with additional scope to get access to (part of) the schema
• Changed default error pages to be non-descript

R71

New features

• Added ability to add dynamic text in user journey flows in form titles and descriptions. Allowing for more personalised registration and activation flows

Bug Fixes

• Security fixes
• Fixed an issue to add the phone number type 'Other' as default when user adds new phone number

R70

New features

• Added support for OMI as multi factor option
• Added API scopes for OMI

Bug Fixes

• Fix issue with leading characters of phone numbers breaking primary phone number settings when using + symbol instead of leading 00
• Fixed issue for push notifications
• Fixed OAuth device flow issue for validating scopes

R69

New features

• IMI api updated to allow to specify parameter format for receiving the QR code either as RAW data or as encoded data

Bug Fixes

• Security fixes
• Fixed a glitch in the MFA flow where QR option during step up flow did not properly rendered

R68

New features

• Attribute grouping and attribute transformation now bound to entityID rather than brand. Allowing for more control over attribute (Claims / Scopes) mapping and transformation on a fine grained level per client rather than per brand.
• Added support for sending OTP's through email in human readable format rather than just a link
• Primary phone number no longer has to be unique when updating primary number through credential API allowing for multiple users to use the same phone number to receive their OTP. Setting based on configuration, default mandates uniqueness

Bug Fixes

• Security fixes
• Error handling improvements for workflow API
• YML updates on developers.iwelcome.com for OAuth 2.0 & OpenID Connect API
• Stability improvements
• Authentication with UTF-8 characters no longer allowed

R67

New features

• Updated sensible defaults for MFA screen to show IMI options
• SCIM event improvements to always contain user ID of delegated user acting on behalf of a user

Bug Fixes

• n.a.

R66

New features

• Push notification as MFA option
• QR code authentication as MFA option

Bug Fixes

• Event improvements
• Added * character on deny list for username / email
• Security improvements

R65

New features

• Auto redirect to external IDP now available on brand level rather than segment level
• IMI UI improvements

Bug Fixes

• Stability and performance improvements
• Changed default behaviour when changing primary email and phone number to not delete the previous values by default but retain them as separate entry
• Security fixes

R64

New features

• Confirmation email on phone number change added as default configuration
• Added Delete IMI user API
• IMI events improvements

Bug Fixes

• UI spinner issue solved
• Security fixes

R63

New features

• IMI documentation update

Bug Fixes

• Fixed a bug that updated "lastModified" date on empty patch
• Security fixes

R62

New features

• IMI Status endpoint response update when nonce expired
• Documentation update

Bug Fixes

• Various

R61

New features

• Added scopes to the Set Password operation in the Credential API for fine grained authorisation to the API
• Added several IMI events
• Added API for issuing Access, ID and SSO tokens based on IMI session ID
• Extended IMI API response with accountID

Bug Fixes

• Fixed UI bug caused by Google Translate adding the option for discarding Google Translate on the pages
• Various security fixes

R60

New features

• Added the Push notification login module
• Added UI components for QR code authentication

Bug fixes

• Various small bug fixes

R59

New features

• Added core capabilities for IMI

Bug fixes

• Fixed redundant schema configuration
• Small bug fixes

R58

New features

• Added a feature for RITM to be able read specific parts of the configuration
• Introduced new version of the SCIM API which is protected by fine grained OAuth 2 scopes indicating the scope of control on a per segment, attribute schema or attribute level. See #SCIM API V1/V2 reference for more details.

Bug fixes

• Fixed a bug that caused Google Translate to translate non-translatable components rendering the page blank
• Updated the credential API with correct access scopes describing the operation
• Fixed a meta data schema issue
• Fixed an issue that caused some multi valued attributes indexes to wrongfully interpret uniqueness requirements

R57

New features

• Added support for QR authentication in the LoginAPI
• Added configurable time out to the QR authentication module

Bug fixes

• Fixed a bg where the Rendering of input fields on login page mis-aligned
• Blank page on timeline in Self Service UI on language change
• Fixed translation issues on timeline page which caused the Month value in dates to be translated incorrect
• Fixed issue which denied the Middle Name field to be empty after updating it
• Fixed duplicate event issue which displayed specific events to be shown twice in the users timeline
• Fixed an issue with blocked users in relation to external IDP's
• Fixed an issue where the Resource Owner Password Credential grant in OAuth incorrectly updated the meta data for lastSuccesfulLogin
• Various security fixes