Release information, detailed
5.4.2.41 / GUI 1.6.52
Fixes
-
Fixed: Issue with tasks not being released when idle status is reached. (issue found in v5.3.2)
-
Fixed: Issue with permission/presentation/cache and session-id of AccessibleOrganizationList structure. (issue found in v.5.3.2)
-
Fixed: Issue with TimerService-trace not being written where expected.
5.4.1.37 / GUI 1.6.52
General
-
Added: Smart card support: Token profiles for Gemalto IDPrime MD:
-
IDPrime MD 830B 4.3.5 and IDPrime MD 3810 4.3.0 (compatibility for odd minor versions of the IDPrime MD tokens)
-
IDPrime MD 3841 4.2.0 (compatibility for even minor versions of the IDPrime MD tokens)
-
Note: Compabilty with Gemalto minidriver for IDPrime MD not verified, may be differnces in implementations.
-
5.4.0.34 / GUI 1.6.52
General
-
Added: Support for impersonated Kerberos authentication for Microsoft Certificate Authority services.
-
Added: Support for NTLM and impersonated Kerberos authentication for directory services (LDAP).
-
Enhanced: Microsoft Active Directory Lightweight Directory Services support.
-
Added: Support for Inera PU service version 2.1 and 3.0.
-
Added: Support for Inera HSA service.
-
Added: Support for Gemalto service for order status.
-
Added: Support for additional identities for objects.
-
Added: LDAP as CRL Distribution Point when verifying certificates.
-
Added: Possible to include Terms that user needs to approve.
-
Added: Smart card support: Token profiles for:
-
Buypass BEID6 (BeIDu 6.0.4).
-
Gemalto Instant IP10 (4.2.0).
-
System
-
Added: AdditionalInfo type into AdditionalIdentity structure.
-
Added: ActivityList for user’s ActiveTokenList.
-
Added: Publish issued certificates to external LDAP services:
-
Possible to specify LDAP attribute for LDAP object.
-
Possible to overwrite existing certificates.
-
Support multiple LDAP services.
-
-
Added: User group restriction structure.
-
Possible to restrict user groups in local system.
-
Possible to restrict user groups in external services (i.e. LDAP).
-
-
Added new service: CertificateVerifier:
-
Unattached from NiP-API and NiP application.
-
Support SOAP and RESTful (XML, JSON) interfaces.
-
Useful for verifying certificates from i.e. Net iD Access Server.
-
-
Enhanced Performance:
-
Updated: Notification of certificate expiration in TimerServie module.
-
Updated: PDF binary stream to prevent memory leaks.
-
Updated: Organization cache with complete additional info configuration instead of database calls.
-
Updated: GetObject<Token> with reduced call using serial number as identifier.
-
-
Enhanced: Report structure:
-
Added: StartDateTime and EndDateTime types when generating reports.
-
Possible to create reports from external databases (i.e. audit-log database).
-
-
Enhanced support for Active Directory and LDAP:
-
Added: Support for using RootDSE for directory service.
-
Possible to issue user certificates with OID:2.5.4.49 (X500 distinguished name) from LDAP.
-
Possible to call GetData with custom LDAP attributes (i.e. {directory.user.xxx}).
-
Possible to use LDAP-attribute filtering when search for users in LDAP.
-
-
Enhanced structure of user objects flagged as 'secrecy'.
-
Enhanced: TokenHistory structure:
-
Possible to view underlying certificates for a history token.
-
Terms is called as activity instead of task.
-
-
Updated: Log criteria types:
-
Added: SortOrder type (possible to sort the result in ascending/descending order) (default: ascending).
-
-
Updated: Structure for Qualified Certificates.
-
Updated: Task.Action.Execute<CreateToken>:
-
Uses conditon as Task.Type.Usage instead of Task.Type.Id when call CreateToken.
-
Possible to create i.e. customized enrollment task containing SoftToken.
-
-
Discontinued: HistoryToken as separated store (hist_tkns in database table).
-
Discontinued: HistoryToken as separated object structure.
System (Customer specific)
-
Added: HSA-ID type for user objects.
-
Enhanced: Merging between healthcare-/citizen services when searching for persons.
-
Added: Support for multiple Task-Bind users (i.e. multiple search result from Inera-HSA service).
-
Added: HealthcareItem.PassportNumber as AdditionalIdentity.
-
Added: HealthcareItem.PassportBirthDate as AdditionalInfo into AdditionalIdentity.
-
Added: HealthcareItem.PassportValidTo as AdditionalInfo into AdditionalIdentity.
-
-
Updated: Base URL against Inera-HSA service due to alternation in the Inera-HSA service API.
-
Updated: Behavior of adding user from IHealthcareService containg IHealthcareService.PassportNumber: Uses IHealthcareService.HSAID as User.SerialNumber instead of IHealthcareService.PassportNumber.
-
Updated: Task: CreateUserBind:
-
Possible to load HSA-ID, UPN and Passport from Inera HSA service.
-
-
Updated: Task.Action.Prepare<GetData> with condition of User.Id <> User.ServiceTypeId when call for external services.
Configuration
-
Added: New privileges:
-
CreateTokenBatch (possible to upload batch file with tokens from manufacturer).
-
UserModeSecrecy (possible to view user objects flagged as secrecy).
-
UserRestriction (possible to override user group restriction structure).
-
ManageAdminPrivileges (possible to restrict roles containing administration privilges).
-
-
Added: New Tasks:
-
ImportCertificate (import external certificate for expiration notifications).
-
GetTokenHistoryReceipt (access receipts of tokens in history list).
-
CreateTokenBatch: (upload batch file with tokens from manufacturer).
-
-
Added: New Task.Action.Prepare: InsertRow:
-
Possible to add additional values to to already generated lists formatted as InputField.Type<List>.
-
-
Added: New Task.Action.Execute: SaveTokenTerms.
-
Possible to add terms at enrollment for an end-entity user.
-
Possible for an end-entity user to sign the terms action.
-
-
Enhanced administration usage:
-
Possible to duplicate templates when creating new objects.
-
Updated all IDs to InputField.Type<List>
-
Privilege list is separated as Officer and Administrator.
-
Added: IsVisible parameter for TokenTemplate objects:
-
Possible to hide inactive token templates for officers.
-
-
Added: IsVisible parameter for CertificateTemplate objects:
-
Possible to hide inactive certificate templates for officers.
-
-
Added: ServiceType into NationalRegister objects.
-
Updated: GenericSettings with InputField.Type<Boolean> true/false (1/0) values.
-
Updated: GenericSettings with LogCertificateStore as type instead of numeric value.
-
Updated: GenericSettings with no requirement of ImageId and Image types.
-
Updated: GenericSettings with ValidFrom/ValidTo types for SystemMessage.
-
Updated: CertificateAuthority with OCSP/CRL types.
-
-
Updated: CreateCertificateTemplate admin task with updated policy for AdditionalTaskInfo type.
-
Updated: UpdateCertificateTemplate admin task with updated policy for AdditionalTaskInfo type.
-
Updated: Task type rule structure:
-
Possible to add client info as rule conditions for task types.
-
-
Updated: Task:
-
CreateUserBind (possible to load image attribute from external service).
-
CreateCertificateAuthority / UpdateCertificateAuthority with credential types.
-
EnrollUserAdditional (possible to enroll multiple certificates from several certificate template id’s).
-
CreateDirectoryService / UpdateDirectoryService (possible to add/edit credentials as NTLM or impersonated Kerberos authentication.
-
-
Updated: Task.Action.Execute<NotifyUser>:
-
Possible to send notifications against SMS as well as SMTP.
-
-
Updated: Task delegation structure:
-
Possible to delegate task to self user.
-
-
Updated: TaskTypeList<Token>:
-
Possible to use RevokeTokenReset task if unlock info is missing.
-
-
Updated: User.TokenList with certificate validity if token validity if not present.
-
Updated: TimerService configuration:
-
Possible to simulate token orders against manufacturer.
-
Possible to simulate order status from manufacturer.
-
Officers
-
Added: Support for token receipts as HTML as well as PDF.
-
Updated: User search structure:
-
Possible to search for additional identities.
-
Possible to dynamically use the like-operator in with * characters in search argument.
-
Possible to use several national register types as external services (i.e. Swedish Tax Agency / Inera RIV-TA / Inera HSA).
-
Combines search calls in database and directory services for merged result list.
-
-
Updated: User/Token search and object structure:
-
Users flagged as secrecy cannot be searched or opened without specified privilege.
-
Tokens bounded to user with secrecy flag cannot be opened without the specified privilege.
-
-
Updated: Behavior of presenation of active roles and usages in GUI:
-
Discontinued: Possibility to switch roles.
-
Roles are merged into one usage list.
-
-
Discontinued: INSTANT IP10 token profile (use Instant IP10 instead).
GUI
-
Added: Configuration parameters to update presentation of objects.
-
Added: Optional seed value from task, may be used by random generator if possible to import seed value (usually not possible).
-
Updated: Presentation of reports.
-
Updated: Text strings table
-
Changed: All soft token key generation set to non-extractable keys.