Release information, detailed

5.6.0.31 / GUI 1.7.13

General

  • Added: Support for Microsoft Windows Server 2019.

  • Added: Support for Microsoft Windows Server 2016 Core.

  • Added: Support for Microsoft SQL Server 2017.

  • Added: Support and requirement of Microsoft .NET Framework 4.7.2.

  • Added: Support for Swedish Tax Agency Navet update January 2019.

  • Added: Support for YubiKey v5 PIV tokens.

  • Added: New token profile: IDEMIA AWP (IAS ECC 2.0.0).

  • Added: New token type: Other.

  • Added: Support for Inera PU-tjänst (RIV-TA service) version 3.1.

  • Added: Certificate & key recovery functionality [PROOF-OF-CONCEPT ONLY, not supported]

  • Updated: Database

  • Discontinued: Support for Windows Server 2008 R2 and SQL Server 2008 R2.

System

  • Added: PluginDeleteAllObjects (with ID 64) as new task action type property.

  • Added: Support for generating token key with any PIN-type.

  • Added: Support for Microsoft Enrollment Agent structure:

    • Possible to use Microsoft Certificate Authority with signature agent certificate as CMC requests.

  • Added: Support for Microsoft Windows Server 2019:

    • Microsoft Active Directory Domain Services 10.0 (17763).

    • Microsoft Internet Information Services 10.0 (17763).

    • Microsoft Certificate Authority 10.0 (17763).

  • Added: Tasks:

    • Support for computer/server searching against LDAP:

      • Added Task: CreateServerBind.

    • Support for certificate recovery structure:

      • Added Tasks: RecoverCertificate, RecoverCertificateToken and RecoverCertificateTokenSoft.

    • Task.Action.Execute<RevokeUserTokens>.

      • Possible to revoke all tokens for a user.

    • Task.Action.Execute<SendDeleteToPaperCut, 44>:

      • Possible to delete a user against PaperCut printer systems.

    • Task.Action.Execute<SendRevertToPaperCut, 43>:

      • Possible to revert a temporary contactless value to a user’s original/standard smart card against PaperCut printer systems.

    • Task.Action.Execute<SendToPaperCut>:

      • Possible to send card number and PIN for a user into PaperCut printer systems.

    • Task.Action.Execute<UpdateToken, 210>:

      • Possible to update static token information from task.

    • Task.Action.Prepare<GetTokenCertificates, 217>.

    • Task.ObjectDescription into log search list.

    • Task: UpdateOrganizationCertificate:

      • Possible to add multiple organization certificates for different kind of purposes (useful when mixing RSA and ECC).

  • Added: Verification of calling assembly when detecting external calls.

  • Enhanced performance:

    • parallell audit-log calls.

    • LogServer with enhanced performance against row id call.

  • Enhanced: Support for ECC (Elliptic Curve Cryptography) [PROOF-OF-CONCEPT ONLY, not supported]:

    • Support: NIST_P256, NIST_P384 and NIST_P521 for ECDSA and ECDH.

    • Support: Key derivation for certificates containing key agreement (useful for encryption).

    • Support: Sign/verify of data.

    • Support: Sign/verify of hash.

  • Enhanced: Support for Microsoft CNG (Cryptography Next Generation):

    • Native XML signature structure will now use CNG instead of CAPI.

  • Updated: Structures:

    • Certificate database table structure with indexed rows instead of GUID.

    • Code-letter reprint order structure:

      • Code-letter reprint orders against Gemalto will use a web service interface instead of FTP.

    • Derivation structure with verifying the encryption counter against session-ticket.

    • External server object structure.

    • LDAP-attribute filtering structure:

      • with returning items from DirectoryServices only, depending on configuration.

      • with using "OR" conditions for several values in same attribute.

    • Login structure:

      • Possible to configurate allowed key usage for login certificates.

    • Office structure:

      • Added: New task fields.

      • Added: New database tables and relations.

      • Discontinued: OfficeAddress object structure.

    • PaperCut structure with possibility to specify http/https from task-configuration.

    • Token order structure:

      • Check for office digest before creating office reference against token manufacturer.

      • Certificate template names will be included in order for personalized tokens.

  • Updated: Tasks:

    • Create-/Update Organization tasks:

      • Added: Mediation task name (will be used as C/O address when ordering objects against token manufactuerer for users with secrecy).

    • Create-/Update server tasks:

      • Added: Email and Phone input fields.

    • Create-/Update TokenTemplate tasks:

      • Updated: CertificateTemplateId input fields to non-required.

    • RevokeTokenCertificate and RevokeTokenCertificateDelete tasks:

      • Check for condition of additional info for CertificateTemplate/TokenKeyReference/ReadOnly when loading certificate list.

  • Updated: Configuration file (web.Config) with added secured tag for http-cookie.

  • Updated: CreateTokenBatch:

    • Added support for multiple unlock password types (explicit for the IDEMIA AWP card only).

  • Updated: Create-/Update CertificateAuthority:

    • Added: SignatureCertificateHash input fields.

  • Updated: Gemalto order interoperability module:

    • Support for code letter reprint orders.

    • Support for dynamic certificate template name list.

  • Updated: GemaltoOrderStatus:

    • Changed manufacturer production status condition of process from DELIVERED to WAIT FOR PIN for personalized token orders.

    • Extra error information (ErrorCode, ErrorText and ErrorDescription) saved into Task.State.Additional if present.

  • Updated: ICitizenService interface with mapping new flag ProtectedPopulation to user-flag 0x1 (secrecy).

  • Updated: LogServer with new API-calls.

  • Updated: Monitor, now possible to notify when server certificates is expiring.

  • Updated: Singleton instance declaration.

  • Updated: SynchronizeUser:

    • Updates: Synchronize userPrincipalName LDAP-attribute when call SynchronizeUser.

  • Updated: Task.Action.Execute<CreateUser>: Changed AdditionalIdentity-UPN flag to be searchable.

  • Updated: Task.Action.Execute<RevokeUserTokens> with possible to add status reason.

  • Updated: TraceServer with new API-calls.

  • Discontinued Gemalto integrations (replaced with new WebServices):

    • GemaltoCodeFetcher

    • GemaltoCodeLetterOrder

    • GemaltoProductionStatus

    • GemaltoTokenImporter

  • Discontinued: Trace operations through the API.

  • Discontinued: Verification of serialNumber field content when call Create-/UpdateUser.

Configuration

  • Added: Activity: PersonalInformation:

    • Possible to search for personal information of a user. Useful for GDPR demands.

  • Added: Locality, State and Country attributes into organization object.

  • Added: New privilege: DirectoryUserSearchPretermit.

  • Added: New token type: Other.

    • Possible to use the token type Other for non-PKI tokens.

    • Possible to order non-PKI tokens as chipless cards from card manufacturer.

    • Added: New token profile with Label: Other and Model: Other.

GUI

  • Angular bootstrap and jquery libs updated

  • Issues regarding Oberthur cards with two PUKs:

    • Changing PUK2 for Oberthur cards with two PUKs

    • Changing two PUKs and one SO-key caused two attempts to change SO-key for Oberhur cards.

    • Unlocking PINs for Oberthur cards with two PUKs.

  • Added config.js configurations:

    • Search and List definitions (What is shown when you search for an object)

    • Reading of Mifare number.

    • Parameter(s) "genericName-XXX". Used for to display dynamic information regarding the object.

    • "autoBindUser": true will cause the task createuserbind to be called when opening an external user.

    • default "ObjectDescription" for search type log. To change this behavior use the parameter "SearchDefinitions"

  • Possible to create a local server object via CreateUserBind

  • Made Mifare Config configurable per task with parameter object "MifareConfig"

  • Removed "back button" since it caused problems.

  • New text strings

Fixes — API

  • Fixed: Issue with log calls.

  • Fixed: Issue with overriding validity of token when issuing certificates (certificate validity too long).

  • Fixed: Issue with multiple calls against DynamicInvoke structure.

Fixes — GUI

  • Issue with select single radio button label.

  • Issue where administrator’s YubiKey was wiped at initialization instead of user’s YubiKey.

  • Issue with firstname choice in updateuser.