Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Release notes and FAQ

Identity broker release notes

search

Identity broker release notes

The identity broker is a module on the Thales OneWelcome Identity Platform. The identity broker allows you to federate to an external identity provider (IDP). By acting as an intermediary service, the identity broker connects apps with different IDPs, so that administrators don't have to integrate every IDP into their apps.

In the identity broker, you configure which IDPs are available for user registration and login. For information about configuring external IDPs in the identity broker, see the identity provider documentation.

The releases are backwards compatible. A release does not require downtime and occurs during European business hours.

The release notes describe new features and bug fixes. If anything is unclear, contact Thales Support.

2025-09-04

Bugs

  • Resolved an issue where web sessions were not properly cleaned up following unsuccessful authentication or logout requests.

2025-09-01

Improvements

  • When a SAML identity provider returns an error during Single Logout (SLO), users are now redirected to the post-logout URL with an error message parameter, rather than being shown a generic error page.

Bugs

  • The oAuth identity providers that require Private Key JWT now correctly receive a generated JWKS endpoint.

2025-08-28

Improvements

  • Reduced the size of Access Tokens issued by the Identity Broker to improve efficiency and performance.

Bugs

  • Added a JWKS endpoint for oAuth identity providers requiring Private Key JWT.

2025-08-20

Improvements

  • Improved the naming of Log Events sent by the Identity Broker for better clarity and traceability.

2025-07-31

New Features

  • Added support for JWT-secured authentication requests (RFC 9101) for oAuth and OIDC identity providers.

Improvements

  • The DigiD and eHerkenning identity providers now return a persistent subject identifier.

  • The eHerkenning identity provider now returns nested attributes under ActingSubjectID and LegalSubjectID.

Bugs

  • The RequestedAuthnContext is no longer sent to the DigiD identity provider, as this is already defined during service registration with Logius.

Release date 2025-07-02

Improvements

  • We now support retrieving email and name attributes for the Login with Apple identity provider. These claims are only available during the first authentication.

Bugs

  • Fixed the generated metadata for a DigiD IDP

Release date 2025-05-06

Improvements

  • Adjusted the admin interface to make it easier to configure new external identity providers.

Release date 2025-03-11

Improvements

  • Enhanced security by adding support for key rotation for OpenID Connect (OIDC) Relying Parties (RPs) and SAML Service Providers (SPs).

Release date 2025-03-11

Features

  • Extended compatibility by adding support for the social identity provider (IDP) X, previously known as Twitter.

Release date 2025-02-13

Features

  • Introduced API integration alongside the existing redirect integration, facilitating easier integration of the Identity Broker within mobile applications and custom User Journey Orchestration (UJO) flows.

  • Expanded DigiD capabilities by adding support for DigiD App2App flow via DigiD Combi Connect, leveraging the newly added API integration.

Release date 2025-01-30

Features

  • Expanded DigiD capabilities by adding support for DigiD Machtigen through DigiD Combi Connect.

  • Provided the ability to return original assertions or access tokens in responses from the Identity Broker.

  • Enhanced Generic OAuth implementation to support opaque tokens.

Release date 2024-12-17

Features

  • Added compatibility for the social identity provider (IDP) Facebook.

Release date 2024-12-02

Features

  • Implemented support for DigiD Combi Connect.

  • Enhanced generic OAuth capabilities to facilitate connections to social identity providers (IDP) like Amazon.

  • Introduced the concept of variants, enabling support for multiple use cases within a single connection.

  • Added support for the Dutch Node of eIDAS 1.0 via eHerkenning.

  • Introduced Sign in with Apple.

  • Provided support for asynchronous signed ID tokens, resulting in compatibility with France Connect and LINE.

Release date 2024-09-09

Features

  • Implemented Client TLS authentication for OIDC.

  • Added support for Pro Sante Connect.

Release date 2024-06-05

Features

  • Enhanced security with the addition of Proof Key for Code Exchange (PKCE).

  • Incorporated support for ITSME.

Release date 2024-05-17

Features

  • Implemented single logout functionality.

  • Added compatibility for the ID.me identity provider.

Release date 2024-03-20

Features

  • Generic SAML capabilities, including redirect, post, and artifact binding, along with signing and encryption and mTLS support.

  • Generic OIDC functionalities including private key JWT, client secret post, client secret basic, ID token and Userinfo encryption, ACR_values, and claim requests.

  • eHerkenning support.

On this page