ID Server

Introduces a new FIDO credential provider that allows users to sign in to Windows desktops using a FIDO authenticator, enabling secure, passwordless access.

Provides self-service certificate enrollment to Yubikeys through the User Portal for issuing and revoking certificates. The Admin Portal allows enrollment on-behalf of users.

Introduces a dedicated API endpoint for system status details, enabling external monitoring and health checks. Details depend on final configuration.

Updates the API endpoint for disabling and removing users to accept requests that do not contain a full user object, allowing operations based solely on user ID when appropriate.

Extends CSV import to support base32-encoded secrets in addition to existing base64 and hex formats, improving interoperability with more token suppliers.

Support for discoverable credentials, enabling username-less logins.

Extends the Admin Portal search functionality to include FIDO tokens when searching by serial number.

Updates ID Server to support SQL Express 2022 as a database option.

Allows administrators to configure the challenge or reject message used by the ADFS provider, improving end-user communication during sign-in failures.

Optimizes how user attributes are read from user storage (typically LDAP attributes such as (memberOf). Attributes are no longer re-fetched for each function, reducing unnecessary round-trips and improving performance.

Improves handling of Entra ID POST/DELETE operations in the Web API when the configured user attribute is empty by using the incoming username as the Entra ID username.

Allows users to register FIDO authenticators for Entra ID directly in the User Portal, supporting standalone Entra ID FIDO registration scenarios.

Fixes an index exception that occurred when a client sent an Authorization: Negotiate header and the ID Server NTLM backend responded with WWW-Authenticate: NTLM. The NTLM negotiation flow now handles this scenario correctly.

Changes the default User Portal setting for hardware tokens from HOTP to TOTP by setting USE_TIME_BASED_SECURITY_TOKENS to true.

Adds the missing <httpRuntime targetFramework="4.8"/> configuration in AP web.config, ensuring TLS 1.2 can be used correctly by HttpClient.

Resolves a null pointer exception that occurred when a search returned an existing PSID user record that no longer existed in the underlying user storage.

Fixes an issue where a new ActiveSync device with a pending authorization timeout was incorrectly denied with "no device".

Replace library functions to correctly handle special characters.

Corrects an issue in the Admin Portal where accessing the serial number could cause an error.

Fixes FIDO origin checks for websites that use non-default ports, preventing legitimate requests from being rejected.