Release information, detailed

5.4.2.41 / GUI 1.6.52

Fixes

  • Fixed: Issue with tasks not being released when idle status is reached. (issue found in v5.3.2)

  • Fixed: Issue with permission/presentation/cache and session-id of AccessibleOrganizationList structure. (issue found in v.5.3.2)

  • Fixed: Issue with TimerService-trace not being written where expected.

5.4.1.37 / GUI 1.6.52

General

  • Added: Smart card support: Token profiles for Gemalto IDPrime MD:

    • IDPrime MD 830B 4.3.5 and IDPrime MD 3810 4.3.0 (compatibility for odd minor versions of the IDPrime MD tokens)

    • IDPrime MD 3841 4.2.0 (compatibility for even minor versions of the IDPrime MD tokens)

    • Note: Compabilty with Gemalto minidriver for IDPrime MD not verified, may be differnces in implementations.

Configuration

  • Updated: Token profile list at administration:

    • Returns list of Token-Label and Token-Model in same item.

  • Updated: Behavior of create tokens with default unlock information in token profile:

    • Set the 'UnlockPassword' input field to '0' to search for default values in token profile.

GUI

  • Initial support for end-entity object type (preparation for functionality in v5.5)

5.4.0.34 / GUI 1.6.52

General

  • Added: Support for impersonated Kerberos authentication for Microsoft Certificate Authority services.

  • Added: Support for NTLM and impersonated Kerberos authentication for directory services (LDAP).

  • Enhanced: Microsoft Active Directory Lightweight Directory Services support.

  • Added: Support for Inera PU service version 2.1 and 3.0.

  • Added: Support for Inera HSA service.

  • Added: Support for Gemalto service for order status.

  • Added: Support for additional identities for objects.

  • Added: LDAP as CRL Distribution Point when verifying certificates.

  • Added: Possible to include Terms that user needs to approve.

  • Added: Smart card support: Token profiles for:

    • Buypass BEID6 (BeIDu 6.0.4).

    • Gemalto Instant IP10 (4.2.0).

System

  • Added: AdditionalInfo type into AdditionalIdentity structure.

  • Added: ActivityList for user’s ActiveTokenList.

  • Added: Publish issued certificates to external LDAP services:

    • Possible to specify LDAP attribute for LDAP object.

    • Possible to overwrite existing certificates.

    • Support multiple LDAP services.

  • Added: User group restriction structure.

    • Possible to restrict user groups in local system.

    • Possible to restrict user groups in external services (i.e. LDAP).

  • Added new service: CertificateVerifier:

    • Unattached from NiP-API and NiP application.

    • Support SOAP and RESTful (XML, JSON) interfaces.

    • Useful for verifying certificates from i.e. Net iD Access Server.

  • Enhanced Performance:

    • Updated: Notification of certificate expiration in TimerServie module.

    • Updated: PDF binary stream to prevent memory leaks.

    • Updated: Organization cache with complete additional info configuration instead of database calls.

    • Updated: GetObject<Token> with reduced call using serial number as identifier.

  • Enhanced: Report structure:

    • Added: StartDateTime and EndDateTime types when generating reports.

    • Possible to create reports from external databases (i.e. audit-log database).

  • Enhanced support for Active Directory and LDAP:

    • Added: Support for using RootDSE for directory service.

    • Possible to issue user certificates with OID:2.5.4.49 (X500 distinguished name) from LDAP.

    • Possible to call GetData with custom LDAP attributes (i.e. {directory.user.xxx}).

    • Possible to use LDAP-attribute filtering when search for users in LDAP.

  • Enhanced structure of user objects flagged as 'secrecy'.

  • Enhanced: TokenHistory structure:

    • Possible to view underlying certificates for a history token.

    • Terms is called as activity instead of task.

  • Updated: Log criteria types:

    • Added: SortOrder type (possible to sort the result in ascending/descending order) (default: ascending).

  • Updated: Structure for Qualified Certificates.

  • Updated: Task.Action.Execute<CreateToken>:

    • Uses conditon as Task.Type.Usage instead of Task.Type.Id when call CreateToken.

    • Possible to create i.e. customized enrollment task containing SoftToken.

  • Discontinued: HistoryToken as separated store (hist_tkns in database table).

  • Discontinued: HistoryToken as separated object structure.

System (Customer specific)

  • Added: HSA-ID type for user objects.

  • Enhanced: Merging between healthcare-/citizen services when searching for persons.

    • Added: Support for multiple Task-Bind users (i.e. multiple search result from Inera-HSA service).

    • Added: HealthcareItem.PassportNumber as AdditionalIdentity.

    • Added: HealthcareItem.PassportBirthDate as AdditionalInfo into AdditionalIdentity.

    • Added: HealthcareItem.PassportValidTo as AdditionalInfo into AdditionalIdentity.

  • Updated: Base URL against Inera-HSA service due to alternation in the Inera-HSA service API.

  • Updated: Behavior of adding user from IHealthcareService containg IHealthcareService.PassportNumber: Uses IHealthcareService.HSAID as User.SerialNumber instead of IHealthcareService.PassportNumber.

  • Updated: Task: CreateUserBind:

    • Possible to load HSA-ID, UPN and Passport from Inera HSA service.

  • Updated: Task.Action.Prepare<GetData> with condition of User.Id <> User.ServiceTypeId when call for external services.

Configuration

  • Added: New privileges:

    • CreateTokenBatch (possible to upload batch file with tokens from manufacturer).

    • UserModeSecrecy (possible to view user objects flagged as secrecy).

    • UserRestriction (possible to override user group restriction structure).

    • ManageAdminPrivileges (possible to restrict roles containing administration privilges).

  • Added: New Tasks:

    • ImportCertificate (import external certificate for expiration notifications).

    • GetTokenHistoryReceipt (access receipts of tokens in history list).

    • CreateTokenBatch: (upload batch file with tokens from manufacturer).

  • Added: New Task.Action.Prepare: InsertRow:

    • Possible to add additional values to to already generated lists formatted as InputField.Type<List>.

  • Added: New Task.Action.Execute: SaveTokenTerms.

    • Possible to add terms at enrollment for an end-entity user.

    • Possible for an end-entity user to sign the terms action.

  • Enhanced administration usage:

    • Possible to duplicate templates when creating new objects.

    • Updated all IDs to InputField.Type<List>

    • Privilege list is separated as Officer and Administrator.

    • Added: IsVisible parameter for TokenTemplate objects:

      • Possible to hide inactive token templates for officers.

    • Added: IsVisible parameter for CertificateTemplate objects:

      • Possible to hide inactive certificate templates for officers.

    • Added: ServiceType into NationalRegister objects.

    • Updated: GenericSettings with InputField.Type<Boolean> true/false (1/0) values.

    • Updated: GenericSettings with LogCertificateStore as type instead of numeric value.

    • Updated: GenericSettings with no requirement of ImageId and Image types.

    • Updated: GenericSettings with ValidFrom/ValidTo types for SystemMessage.

    • Updated: CertificateAuthority with OCSP/CRL types.

  • Updated: CreateCertificateTemplate admin task with updated policy for AdditionalTaskInfo type.

  • Updated: UpdateCertificateTemplate admin task with updated policy for AdditionalTaskInfo type.

  • Updated: Task type rule structure:

    • Possible to add client info as rule conditions for task types.

  • Updated: Task:

    • CreateUserBind (possible to load image attribute from external service).

    • CreateCertificateAuthority / UpdateCertificateAuthority with credential types.

    • EnrollUserAdditional (possible to enroll multiple certificates from several certificate template id’s).

    • CreateDirectoryService / UpdateDirectoryService (possible to add/edit credentials as NTLM or impersonated Kerberos authentication.

  • Updated: Task.Action.Execute<NotifyUser>:

    • Possible to send notifications against SMS as well as SMTP.

  • Updated: Task delegation structure:

    • Possible to delegate task to self user.

  • Updated: TaskTypeList<Token>:

    • Possible to use RevokeTokenReset task if unlock info is missing.

  • Updated: User.TokenList with certificate validity if token validity if not present.

  • Updated: TimerService configuration:

    • Possible to simulate token orders against manufacturer.

    • Possible to simulate order status from manufacturer.

Officers

  • Added: Support for token receipts as HTML as well as PDF.

  • Updated: User search structure:

    • Possible to search for additional identities.

    • Possible to dynamically use the like-operator in with * characters in search argument.

    • Possible to use several national register types as external services (i.e. Swedish Tax Agency / Inera RIV-TA / Inera HSA).

    • Combines search calls in database and directory services for merged result list.

  • Updated: User/Token search and object structure:

    • Users flagged as secrecy cannot be searched or opened without specified privilege.

    • Tokens bounded to user with secrecy flag cannot be opened without the specified privilege.

  • Updated: Behavior of presenation of active roles and usages in GUI:

    • Discontinued: Possibility to switch roles.

    • Roles are merged into one usage list.

  • Discontinued: INSTANT IP10 token profile (use Instant IP10 instead).

GUI

  • Added: Configuration parameters to update presentation of objects.

  • Added: Optional seed value from task, may be used by random generator if possible to import seed value (usually not possible).

  • Updated: Presentation of reports.

  • Updated: Text strings table

  • Changed: All soft token key generation set to non-extractable keys.