A newer version of this documentation is available.

Release information, detailed

5.6.0.31 / GUI 1.7.13

General

Added: Support for Microsoft Windows Server 2019.
Added: Support for Microsoft Windows Server 2016 Core.
Added: Support for Microsoft SQL Server 2017.
Added: Support and requirement of Microsoft .NET Framework 4.7.2.
Added: Support for Swedish Tax Agency Navet update January 2019.
Added: Support for YubiKey v5 PIV tokens.
Added: New token profile: IDEMIA AWP (IAS ECC 2.0.0).
Added: New token type: Other.
Added: Support for Inera PU-tjänst (RIV-TA service) version 3.1.
Added: Certificate & key recovery functionality [PROOF-OF-CONCEPT ONLY, not supported]
Updated: Database
Discontinued: Support for Windows Server 2008 R2 and SQL Server 2008 R2.

System

Added: PluginDeleteAllObjects (with ID 64) as new task action type property.
Added: Support for generating token key with any PIN-type.
Added: Support for Microsoft Enrollment Agent structure:
- Possible to use Microsoft Certificate Authority with signature agent certificate as CMC requests.
Added: Support for Microsoft Windows Server 2019:
- Microsoft Active Directory Domain Services 10.0 (17763).
- Microsoft Internet Information Services 10.0 (17763).
- Microsoft Certificate Authority 10.0 (17763).
Added: Tasks:
- Support for computer/server searching against LDAP:
  - Added Task: CreateServerBind.
- Support for certificate recovery structure:
  - Added Tasks: RecoverCertificate, RecoverCertificateToken and RecoverCertificateTokenSoft.
- Task.Action.Execute<RevokeUserTokens>.
  - Possible to revoke all tokens for a user.
- Task.Action.Execute<SendDeleteToPaperCut, 44>:
  - Possible to delete a user against PaperCut printer systems.
- Task.Action.Execute<SendRevertToPaperCut, 43>:
  - Possible to revert a temporary contactless value to a user’s original/standard smart card against PaperCut printer systems.
- Task.Action.Execute<SendToPaperCut>:
  - Possible to send card number and PIN for a user into PaperCut printer systems.
- Task.Action.Execute<UpdateToken, 210>:
  - Possible to update static token information from task.
- Task.Action.Prepare<GetTokenCertificates, 217>.
- Task.ObjectDescription into log search list.
- Task: UpdateOrganizationCertificate:
  - Possible to add multiple organization certificates for different kind of purposes (useful when mixing RSA and ECC).
Added: Verification of calling assembly when detecting external calls.
Enhanced performance:
- parallell audit-log calls.
- LogServer with enhanced performance against row id call.
Enhanced: Support for ECC (Elliptic Curve Cryptography) [PROOF-OF-CONCEPT ONLY, not supported]:
- Support: NIST_P256, NIST_P384 and NIST_P521 for ECDSA and ECDH.
- Support: Key derivation for certificates containing key agreement (useful for encryption).
- Support: Sign/verify of data.
- Support: Sign/verify of hash.
Enhanced: Support for Microsoft CNG (Cryptography Next Generation):
- Native XML signature structure will now use CNG instead of CAPI.
Updated: Structures:
- Certificate database table structure with indexed rows instead of GUID.
- Code-letter reprint order structure:
  - Code-letter reprint orders against Gemalto will use a web service interface instead of FTP.
- Derivation structure with verifying the encryption counter against session-ticket.
- External server object structure.
- LDAP-attribute filtering structure:
  - with returning items from DirectoryServices only, depending on configuration.
  - with using "OR" conditions for several values in same attribute.
- Login structure:
  - Possible to configurate allowed key usage for login certificates.
- Office structure:
  - Added: New task fields.
  - Added: New database tables and relations.
  - Discontinued: OfficeAddress object structure.
- PaperCut structure with possibility to specify http/https from task-configuration.
- Token order structure:
  - Check for office digest before creating office reference against token manufacturer.
  - Certificate template names will be included in order for personalized tokens.
Updated: Tasks:
- Create-/Update Organization tasks:
  - Added: Mediation task name (will be used as C/O address when ordering objects against token manufactuerer for users with secrecy).
- Create-/Update server tasks:
  - Added: Email and Phone input fields.
- Create-/Update TokenTemplate tasks:
  - Updated: CertificateTemplateId input fields to non-required.
- RevokeTokenCertificate and RevokeTokenCertificateDelete tasks:
  - Check for condition of additional info for CertificateTemplate/TokenKeyReference/ReadOnly when loading certificate list.
Updated: Configuration file (web.Config) with added secured tag for http-cookie.
Updated: CreateTokenBatch:
- Added support for multiple unlock password types (explicit for the IDEMIA AWP card only).
Updated: Create-/Update CertificateAuthority:
- Added: SignatureCertificateHash input fields.
Updated: Gemalto order interoperability module:
- Support for code letter reprint orders.
- Support for dynamic certificate template name list.
Updated: GemaltoOrderStatus:
- Changed manufacturer production status condition of process from DELIVERED to WAIT FOR PIN for personalized token orders.
- Extra error information (ErrorCode, ErrorText and ErrorDescription) saved into Task.State.Additional if present.
Updated: ICitizenService interface with mapping new flag ProtectedPopulation to user-flag 0x1 (secrecy).
Updated: LogServer with new API-calls.
Updated: Monitor, now possible to notify when server certificates is expiring.
Updated: Singleton instance declaration.
Updated: SynchronizeUser:
- Updates: Synchronize userPrincipalName LDAP-attribute when call SynchronizeUser.
Updated: Task.Action.Execute<CreateUser>: Changed AdditionalIdentity-UPN flag to be searchable.
Updated: Task.Action.Execute<RevokeUserTokens> with possible to add status reason.
Updated: TraceServer with new API-calls.
Discontinued Gemalto integrations (replaced with new WebServices):
- GemaltoCodeFetcher
- GemaltoCodeLetterOrder
- GemaltoProductionStatus
- GemaltoTokenImporter
Discontinued: Trace operations through the API.
Discontinued: Verification of serialNumber field content when call Create-/UpdateUser.

Configuration

Added: Activity: PersonalInformation:
- Possible to search for personal information of a user. Useful for GDPR demands.
Added: Locality, State and Country attributes into organization object.
Added: New privilege: DirectoryUserSearchPretermit.
Added: New token type: Other.
- Possible to use the token type Other for non-PKI tokens.
- Possible to order non-PKI tokens as chipless cards from card manufacturer.
- Added: New token profile with Label: Other and Model: Other.

GUI

Angular bootstrap and jquery libs updated
Issues regarding Oberthur cards with two PUKs:
- Changing PUK2 for Oberthur cards with two PUKs
- Changing two PUKs and one SO-key caused two attempts to change SO-key for Oberhur cards.
- Unlocking PINs for Oberthur cards with two PUKs.
Added config.js configurations:
- Search and List definitions (What is shown when you search for an object)
- Reading of Mifare number.
- Parameter(s) "genericName-XXX". Used for to display dynamic information regarding the object.
- "autoBindUser": true will cause the task createuserbind to be called when opening an external user.
- default "ObjectDescription" for search type log. To change this behavior use the parameter "SearchDefinitions"
Possible to create a local server object via CreateUserBind
Made Mifare Config configurable per task with parameter object "MifareConfig"
Removed "back button" since it caused problems.
New text strings

Fixes — API

Fixed: Issue with log calls.
Fixed: Issue with overriding validity of token when issuing certificates (certificate validity too long).
Fixed: Issue with multiple calls against DynamicInvoke structure.

Fixes — GUI

Issue with select single radio button label.
Issue where administrator’s YubiKey was wiped at initialization instead of user’s YubiKey.
Issue with firstname choice in updateuser.