Release information, detailed

5.0.1.76 / GUI 1.2.29

Card and certificate administration

  • Updated: TaskTypeList with an exception of RevokeToken if user has been flagged as ended/terminated.

Fixes

  • Fixed: Performance fixes including fix for handling of multiple requests

  • Fixed: Issue with user object when using organization delegation.

  • Fixed: Issue with RevokeTokenReset task type when unlock info is null.

5.0.0.72 / GUI 1.2.29

General

  • Renamed application to Net iD Portal including assembies and namespaces.

  • Requirement of Microsoft .NET Framework 4.5.X.

  • Added: Support for Oracle MySQL database server (developed and tested for version 5.6).

  • Added: Support for separated impersonation credentials for Microsoft SQL Server.

  • Added: Support for SQL Transaction commitments and roll backs against Microsoft SQL Server and Oracle MySQL Server.

  • Added: Support for SQL Parameter transaction structure against Microsoft SQL Server and Oracle MySQL Server.

  • Added: Support for Microsoft SQL Server 2014 Service Pack 1.

  • Added: Support for SSL/TLS for Microsoft Active Directory.

  • Added: Support for unlimited of multiple directory services.

  • Added: Support for cross-over directory services.

  • Added: Support for Microsoft Enrollment Computer Agent structure for Microsoft Certificate Authority.

  • Added: Support for search and revoke certificates directly to EJBCA database, as well as MSCA database.

  • Added: Support for Enterprise Java Beans Certificate Authority (EJBCA) 6.0.3.

  • Added: Support for Trace Server.

  • Added: Support for Gemalto card management and production system.

  • Added: Support for Nexus card management and production system (for initial tests).

  • Added: Support for Representational State Transfer Web Services (see the Enhanced Web Service Support section).

  • Added: Support for generating PDF files using Windows Presentaion Foundation library.

System

  • Enhanced Cryptography Support:

    • Support: SHA-1, SHA-256, SHA-384 and SHA-512 hash algorithms.

    • Support: SHA-1, SHA-256, SHA-384 and SHA-512 RSA signature algorithms.

    • Support: SHA-1, SHA-256, SHA-384 and SHA-512 ECDSA signature algorithms.

    • Support: SHA-1 DSA signature algorithms.

    • Added: Support for ECC (Elliptic Curve Cryptography):

      • Support: ECDSA_P256, ECDSA_P384 and ECDSA_P521 signature algorithms for Microsoft Certificate Authority.

      • Support: ECDH_P256, ECDH_P384 and ECDH_P521 encryption algorithms for Microsoft Certificate Authority.

      • Support: ECC curves: secp192r1, secp224k1, secp256k1, secp256r1, secp384r1 and secp521r1.

      • Support: Bitcoin transaction signatures with the secp256k1 curve.

      • Support: SHA-1, SHA-256, SHA-384 and SHA-512 ECDSA signature algorithms.

      • Support: ECC for Microsoft Certificate Authority 6.0, 6.1, 6.2 and 6.3.

      • Support: ECC for Enterprise Java Beans Certificate Authority (developed and tested for EJBCA 6.0.3).

      • Support: Signatures with X509 certificates and ECC.

      • Support: Client certificates with ECC.

      • Support: Server certificates with ECC.

    • Enhanced XML Digital Signature Support:

      • Support: SHA-1, SHA-256, SHA-384 and SHA-512 hash algorithms as Uniform Resource Identifiers (RFC3075 standard).

      • Support: SHA-1, SHA-256, SHA-384 and SHA-512 RSA signature algorithms as Uniform Resource Identifiers (RFC3075 standard).

      • Support: SHA-1, SHA-256, SHA-384 and SHA-512 ECDSA signature algorithms as Uniform Resource Identifiers (RFC4050 standard).

      • Support: SHA-1 DSA signature algorithms as Uniform Resource Identifiers (RFC3075 standard).

      • Support: DSA/RSA/ECDSA key value objects as well as X509Data as KeyInfo.

      • Added: Interface for creating signed XML for external use (i.e. signing XML with Net iD Enterprise).

    • Enhanced XML Encryption Support:

      • Support: SHA-1, SHA-256, SHA-384 and SHA-512 hash algorithms.

      • Support: Elliptic Curve Diffie Hellman with AES, Blowfish and Twofish block cipher.

  • Enhanced Certificate Authority Support:

    • New implementation of EnrollmentMode structure:

      • AgentSigner.

      • Modifier.

      • Stamping.

    • New implementation of SubjectName attribute enum structure with auto OID parsing:

      • CommonName (2.5.4.6)

      • GivenName (2.5.4.42)

      • Surname (2.5.4.4)

      • Initials (2.5.4.43)

      • UnstructedName (1.2.840.113549.1.9.2)

      • Email (1.2.840.113549.1.9.1)

      • StreetAddress (2.5.4.8)

      • UnstructedAddress (1.2.840.113549.1.9.8)

      • SERIALNUMBER (2.5.4.5)

      • Title (2.5.4.12)

      • OrganizationalUnit (2.5.4.11)

      • Organization (2.5.4.10)

      • DomainComponent (0.9.2342.19200300.100.1.25)

      • Locality (2.5.4.7)

      • State (2.5.4.8)

      • Country (2.5.4.6)

    • New implementation of X509Extensions structure:

      • SubjectAlternativeName (2.5.29.17) with auto IA5 string parsing:

        • OtherName: PrincipalName.

        • OtherName: Global Unique Identifier.

        • RFC822Name.

        • DNSName:

        • Uniform Resource Identifier.

        • DirectoryName.

        • IPAddress.

        • Registered OID (support MS ADCS only).

    • KeyUsage (2.5.29.15) with auto flag parsing:

      • NoKeyUsage (0)

      • DigitalSignature (0x80)

      • NonRepudiation (0x40)

      • KeyEncipherment (0x20)

      • DataEncipherment (0x10)

      • KeyAgreement (0x8)

      • CertificateSigning (0x4)

      • OfflineCrlSigning (0x2)

      • CrlSigning (0x2)

      • EncipherOnly (0x1)

      • DecipherOnly (0x80 << 8)

    • ExtendedKeyUsage (2.5.29.37) with auto OID parsing:

      • BitLocker Drive Encryption (1.3.6.1.4.1.311.67.1.1)

      • ClientAuthentication (1.3.6.1.5.5.7.3.2)

      • ServerAuthentication (1.3.6.1.5.5.7.3.1)

      • EmailProtection (1.3.6.1.5.5.7.3.4)

      • SmartCardLogon (1.3.6.1.4.1.311.20.2.2)

      • EncryptingFileSystem (1.3.6.1.4.1.311.10.3.4)

      • FileRecovery (1.3.6.1.4.1.311.10.3.4.1)

    • SEIS Card Number (1.2.752.34.2.1)

    • Qualified Certificate Statements (1.3.6.1.5.5.7.1.3)

    • Enhanced support of: Microsoft Active Directory Certificate Service Enterprise type (MSCA / ADCS):

      • Support: EnrollmentMode > AgentSigner.

      • Support: EnrollmentMode > Modifier.

      • Support: Enrollment with Computer Enrollment Agent against Microsoft UserLogon objects with default templates.

      • Support: Enrollment with Computer Enrollment Agent against Microsoft UserLogon objects with customized templates.

      • Support: DSA/RSA/ECC (more information in the "Enhanced Cryptography Support" section in this document).

      • Enhanced: Modified enrollment structure against non-Microsoft user objects.

    • Enhanced support of: Microsoft Active Directory Certificate Service Stand-Alone type (MSCA / ADCS):

      • Support: EnrollmentMode > Modifier.

      • Support: EnrollmentMode > Stamping.

      • Support: Modified enrollment structure against non-Microsoft user objects.

      • Support: Server certificates enrollment as well as user certificates.

      • Support: Key recovery.

      • Support: DSA/RSA/ECC (more information in the "Enhanced Cryptography Support" section in this document).

    • Enhanced support of: PrimeKey Enterprise Java Beans Certificate Authority (EJBCA):

      • Support: EnrollmentMode > Modifier.

      • Enhanced: Server certificate enrollment.

      • Enhanced: Key recovery.

      • Support: DSA/RSA/ECC (more information in the "Enhanced Cryptography Support" section in this document).

    • Enhanced support of: Certificate validation against CDP (CRL Distribution Points):

      • New improved: Web client for downloading CRL through HTTP.

      • Possible to validate certificate of its own CDP.

      • Possible to validate certificate of static CDP list.

    • Added support of: Certificate validation against OCSP (Online Certificate Status Protocol):

      • Support: OCSP requests with HTTP POST verb.

      • Possible to validate certificate of its own AIA.

      • Possible to validate certificate if static OCSP list.

  • Enhanced Authentication Provider support:

    • New improved internal server ticket structure.

      • Server ticket handler for Microsoft Windows authentication:

        • Microsoft Kerberos.

        • Microsoft NTLM.

        • Microsoft Negotiate Layer.

        • X509 certificate.

      • Server ticket handler for non-authentication:

        • X509 certificate.

    • New improved internal client ticket structure:

      • Client ticket handler for Net iD Enterprise:

        • X509 certificate.

  • Enhanced ISO 8601 date time standard support:

    • All date objects always returns as ISO 8601 sortable pattern string (YYYY-MM-DD).

    • All time objects always returns as ISO 8601 sortable pattern string (HH:MM:SS).

    • All date-time objects always returns as ISO 8601 sortable pattern string (YYYY-MM-DD HH:MM:SS).

    • All date-time objects will stored in database as ISO 8601 sortable pattern objects (YYYY-MM-DD HH:MM:SS).

  • Enhanced Trace:

    • Dynamic set of current class and method.

    • Simplier reading of trace:

      • All operations logs properties before invoking.

      • All operations logs "begin" and "end" for each thread of operation.

    • Trace Server:

      • Possible to call the Generic Service interface to asynchronously write logs to file.

      • Better performance for large amount of users at the same time.

    • Trace Constructor:

      • Looking for current calling assembly for default runtime.

      • Looking for the attribute "UseAPI" in license file for non-default runtime.

  • Enhanced Microsoft Active Directory Lightweight Directory Services support.

  • Enhanced Microsoft Active Directory Federation Service support.

  • Enhanced Claims Principal support as SAML 2.0 security token receiving.

  • Enhanced Impersonation support:

    • Possible to impersonate third party services with different service accounts:

      • Microsoft Active Directory Service.

      • Microsoft Active Directory Lightweight Directory Service.

      • Microsoft Certificate Authority Service.

      • Microsoft SQL Server service.

  • Enhanced Web Service support (ongoing):

    • Support: Simple Object Access Protocol (SOAP).

    • Support: Representational State Transfer (REST).

      • Uses HTTP 1.1 verbs (GET, POST, PUT, and DELETE).

      • Possible to return output data as XML.

      • Possible to return output data as JavaScript Object Notation (JSON).

    • Multiple endpoints:

      • basicHttpBinding for SOAP with possibility to use SSL/TLS transfer with certificates and none transfer.

      • webHttpBinding for REST and XML with possibility to use SSL/TLS transfer with certificates and none transfer.

      • webHttpBinding for REST and JSON with possibility to use SSL/TLS transfer with certificates and none transfer.

      • Dynamic endpoints configuration in configuration file that will be used by IIS.

  • Discontinued: Support for Microsoft Windows NT 5.X:

    • Discontinued: Support for Microsoft Windows Server 2003 (Microsoft Certificate Authority 5.2 is still supported).

    • Discontinued: Support for Microsoft Windows Server 2003 R2 (Microsoft Certificate Authority 5.2 is still supported).

    • Discontinued: Support for Microsoft Internet Information Services 6.0.

  • Discontinued: Support for Novell eDirectory LDAP wrapper.

  • Discontinued: Support for ASMX Web Services.