Skip to content

Release notes older versions

5.2.0

Features

  • Extended response returned from Session API by two new fields (idp_id and external_id)
  • Extended Action Token Login functionality, please see Action token login for more details
  • Added link to login via Action Token Link feature on migration login view, please see Login in with action token link for more details
  • Extended Origins Whitelist functionality to validate additional URLs, therefore it was renamed to Redirect URL Whitelist, please see Redirect url whitelist for more details
  • API error code have been added: 1043 - Custom attribute's value is too long.

5.1.0

Features

  • API error codes have been updated:
    • Verify if person is coupled API: 1027 -> 1030
    • Fetch multiple persons profiles API: 1021 -> 1042
    • Bad request error response: 1020 -> 1041
    • Update person - attempt to define more than one primary email address: 1019 -> 1040
  • Added new INACTIVE person account status to support flows that require additional person activation. See person activation topic guide for detailed information. Please note that feature previously named Activation enabled related to invitation flow has been renamed to Accepting invitation enabled in the admin panel

Improvements

  • Removed Axon Event Replay functionality from the Onegini IdP admin console

Improvements

  • Made mobile callback url configurable via admin panel.

Bug fixes

  • Fixed SAML Single Logout functionality which in some cases was trying to communicate over a binding that was not supported by the SP

5.0.8

Bug fixes

  • Fixed authentication level not being returned as part of the SAML response when ECP binding is used

5.0.7

Bug fixes

  • SAML error will be returned on authentication with social Identity Provider failure

5.0.6

Bug fixes

  • Fixed blocked and inactive person credentials validation issue
  • Added missing prefix to partitioning feature property descriptor
  • Fixed non-unique list of translations in SAML metadata

Improvements

  • Updated LinkedIn API to version 2
  • Migrate from Google Plus Sign-In.

5.0.5

Bug fixes

  • Fixed SAML Single Logout functionality which did not redirect to origin url parameter

5.0.4

Improvements

  • Made mobile callback url configurable via admin panel

Bug fixes

  • Fixed an issue with coupling a person who has a / character within external id

5.0.3

Bug fixes

  • Unable to set ACCESS_EXTERNAL_SCHEMA property warning no longer appears in the logs
  • Fixed issue preventing some of the users to login with SAML ECP binding

5.0.2

Bug fixes

  • Fixed issue preventing users from logging in using FacebookApp

5.0.1

Improvements

  • Person partitioning support for certain edge case scenarios

Bug fixes

  • Changed error code for person coupling /api/persons/couple/ from 1027 to 1030

5.0.0

Features

  • Added support for brand specific messages:
    • message files can now contain brand information, so each brand can have different messages
  • Added support for person's partition:
    • person is unique within partition - by default the default partition will be created
    • extension providing mapping from hostname to person's partition id and related variant code
    • for API & SAML request the new header was introduced: X-Onegini-Persons-Partition-Id
  • Fully integrated with Onegini Insights which is a new application that gathers statistics data and presents results in easily readable charts
    • Statistics can be shown on admin Insights page
  • Introduced new endpoint to credentials API which allows to validate the Action Token
  • Added possibility to encrypt SAML assertion in case service provider metadata contains encryption credentials
  • Extended SAML CIM metadata by providing encryption assertion which allows to encrypt assertion returned by another IDP in case CIM works as service provider

Improvements

  • Extended post-process actions to support more sophisticated actions with ui-extensions
  • Changed the google endpoints used for google sign in to gather more user data - check update instructions for required configuration changes
  • Updated to OpenSAML v3
  • Moved ui-extension data to a new tab under Admin Console that allows to configure:
    • Base Ui-Extension url
    • Option to force login from Ui-Extension and to provide its path
  • Added last login date to connected devices dashboard
  • Added possibility to remove unmapped custom attributes in SAML response
  • Remove deprecated mail attribute from mapping configuration on the Identity Provider level in Onegini IdP admin console

Bug fixes

  • Fixed problem with resolving default messages defined in extension
  • Fixed problem with accessing CIM via IP address
  • Fixed issue prevent the admin from defining a new organization when language with variant code was selected as default
  • The Onegini IdP when behaving as a SAML Service Provider will communicate that it expects the AuthnResponse to be provided with Artifact
  • Enlarged the textArea used for providing the SAML metadata shown in the Service Provider configuration view
  • Fixed problem with resolving default messages defined in extension
  • Added missing upgrade instructions for the 4.4.0 version

Database migrations

  • Please note that this version of the Onegini IdP contains database migrations which can take noticeable amount of time (few minutes) when run on large volume of data

4.5.0

Features

  • We have added new post-process actions that can be used to control flow of the application. You can now skip required email verification on certain scenarios by implementing an extension point. For more information please see: (topic guide)
  • We have added new optional properties connected to MailSender. This gives us the ability to configure smtp tls server connection:
    • IDP_SMTP_USERNAME
    • IDP_SMTP_PASSWORD
    • IDP_MAIL_SMTP_AUTH
    • IDP_MAIL_SMTP_STARTTLS_ENABLE
    • IDP_MAIL_SMTP_STARTTLS_REQUIRED

4.4.1

Bug fixes

  • Removed unnecessary logs which were spamming the console

4.4.0

Features

  • We have added new post-process actions that can be used to control the flow of the application. Now you can skip the required email verification step in some scenarios by implementing an extension point. For more information, see (topic guide).
  • We have added a new configuration option that delegates the login to the external application (ui-extension). By enabling the feature in the admin panel, this ensures that the Onegini IdP is always redirected to the configured URL whenever login view is requested.
  • We have added a new REST endpoint that returns Application configuration consisting of password-policy and various locales messages data.
  • We have added handling error responses from extension Api. Proper log is created and user is redirected to an error page.

Bug fixes

  • We have fixed the sub-messages resolution for texts provided by the Onegini IdP extension.

Features

  • We have added handling error responses from extension Api. Proper log is created and user is redirected to an error page.

4.3.0

Features

  • We have added the Action token functionality (topic guide) which allows Onegini IdP users to be logged in by the use of the REST API.
  • Added logging events on various login/sign up scenarios

4.2.0

Features

  • If your organization uses an external application you can delegate the user login to it. We have added a new configuration option allowing you to delegate a login to the external application (ui-extension). First, enable the feature in the admin panel so that Onegini IdP will always redirect to configured URL whenever login view is requested.
  • Extended couple status endpoint to return personId if given external identity is coupled.

Bug fixes

  • Returned broken backward compatibility for primary email used in create person api. It is not required anymore to mark primary email as primary.

4.1.0

Features

  • Modified password-transformation endpoint implementation
  • New feature Allow sign-up without invitation validation (topic guide)
  • Added new Identity Provider for iDIN (needs to be supported by extension)
  • Added metadata information about core flow context to every call to extension integration points (topic guide)
  • Person attributes related with Delegated User Management account are returned as JSON instead of XML

Bug fixes

  • Security improvements
  • Table statistics renamed to usage_statistics (statistics is a reserved name for SQL Server).

4.0.0

Features

  • Restyled Onegini IdP's admin console.
  • New iDIN identity provider added to admin panel.
  • New Person Api Endpoint for checking if external identity provider id is already coupled with given identity provider type

3.31.0

Features

  • Added possibility to specify the used redirect uri while fetching the Facebook authorization grant when completing the login flow using parameter used_redirect_uri.

3.30.0

Bug fixes

  • Fixed invalid mapping of Flowtype in email gateway extension implementation

Features

  • Changed structure of Delegated User Management person report returned in SAML response

3.29.1

Bug fixes

  • Fixed invalid handling of malformed json request in reset password endpoint (400 Bad Request is returned instead of 500 Server Error)
  • Facebook coupling extended by possibility to couple with CIM account that has different email than used in facebook

3.29.0

Features

  • Added API endpoint for checking migration status of a user (more info Check if user exists in idp or extension)
  • Added possibility to refer to user attributes returned by external IDP within templates (more info Templates)
  • Added possibility to select IDP language in SAML request

3.28.0

Features

  • Added statistics for Facebook
  • Extended SAML response with DUM (Delegated User Management) person report if available
  • All unmapped user attributes returned by external IdP will be returned as custom attributes in the SAML response
  • Added mapping for additional Facebook attributes
  • Added support for multi domains in social login based on new property IDP_REDIRECT_URI
  • Added Just-In-Time Signup support for Facebook IdP type
  • Added parameter flow_type to password reset email
  • Added HTTP-Redirect binding support for SingleLogout
  • Migrated reCAPTCHA to version 2
  • Updated mobile authentication APIs to compatible with Token Server 6+
  • Added support for custom password transformation
  • Unknown authentication level is not returned with SAML response
  • Persons API extended by possibility to add alternative email address
  • Added possibility to change username while signing up via Facebook

Bug fixes

  • Successful SAML LogoutResponse status code does not inherit from urn:oasis:names:tc:SAML:2.0:status:Responder
  • Fixed oracle 3.26.00 migration
  • Fixed problems related with coupling one social account with two {book.productName}} accounts
  • Fixed issue with uncoupling social IdP

3.27.2

Features

  • Introduced MariaDB MySQL driver

Bug fixes

  • Exposed JDBC's defaultTransactionIsolation property, which can now be controlled by IDP_DATABASE_TRANSACTION_ISOLATION env variable

3.27.1

Bug fixes

  • Fixed password reset by api for already migrated users

3.27.0

Features

  • Added Just-In-Time Signup support for SAML IdP type
  • Added possibility to map person attributes returned by SAML IdP to profile attributes which are specific to Onegini IdP
  • All person attributes which have mappings defined will be synchronized when logging in with SAML or LDAP IdP
  • Attribute mappings for LDAP IdP has been moved from environmental variables to the admin console (more in upgrade instructions)
  • Migration triggered by password reset via api will set custom referenceId as personId when Onegini IdP is properly configured and extension return required data.

3.26.0

  • All person attributes which have mappings defined will be synchronized when logging in with SAML or LDAP IdP
  • Attribute mappings for LDAP IdP has been moved from environmental variables to the admin console (more in upgrade instructions)

Features

  • Property APPLICATION_ENVIRONMENT replaced with SPRING_PROFILES_ACTIVE. (more in upgrade instructions)
  • Added support for encryption keys up to 256 bits
  • Integration tests are now executed against Onegini IdP docker

3.25.0

Features

  • Application migrated from war to jar packaging with embedded tomcat
  • Property IDP_LOGGING_LEVEL replaced with properties logging.level.<package-name> (more in upgrade instructions)
  • Reworked API documentation which is currently based on Swagger
  • Sms related features extended by possibility to retry sending message in case of error
  • Introduced IdentityProvider of SAML type - Onegini IdP can now serve as an SAML ServiceProvider

Bug fixes

  • Fixed mobile login state not being set correctly after sign-up

3.24.0

Features

  • Added alternative mobile authentication type for mobile login
  • Configuration of authentication level specific for mobile login

Bug fixes

  • Fixed calculation of expiration date for auth token cleanup cronjob
  • Fixed user attribute for mobile authentication after changing ldap configuration
  • Fixed hierarchy of sending email notifications

3.23.0

Features

  • After choosing an alternative step-up method is saved as preferred
  • Introduced possibility to authenticate admin through custom authenticator implemented in extension
  • Logout user when cancelling step-up during SAML login or registration flows
  • Migrate to Spring Boot 1.5.3.RELEASE
  • Mobile login security improvements
  • Use TokenServer API V2 for Mobile login
  • Allow the user to decide whether the Mobile login should be enabled or not during login flow

Bug fixes

  • Removed duplicated / from callbackUrl's path provided to the Token Server in Mobile Authentication flows
  • Corrected Accepted invitations statistic and renamed it to Completed invitations
  • Fixed person phone number attribute synchronization on LDAP login

3.22.0

Features

  • Introduced API endpoint to initialize password reset flow using email address of the user (more info)
  • Email address and phone number attribute will be synchronized with Active Directory when logging in with LDAP IdP
  • Multiple LDAP accounts can be coupled with one CIM account based on email address attribute (more info)

Bug fixes

  • Fixed issue with validating new types of TLDs for email addresses
  • Fixed captcha input validation issue

3.21.0

Features

  • Added code to password reset email object parameters
  • Added list of origins to which user is allowed to be redirected
  • Origin url will be used to determine redirect url after user logout
  • Mobile number validation can now be disabled via admin panel

3.20.0

Features

  • Added configuration of sending Welcome message after migration
  • Added code to password reset email object parameters

3.19.0

Features

  • Limit number of consecutive unsuccessful mobile login attempts
  • Changed LDAP password attribute encryption
  • Changed the way the LDAP attributes are looked up during mobile login
  • Introduce API endpoint to finalize password reset flow
  • Providing password for LDAP identity provider is not required in case the configuration is edited
  • Mobile login token details are stored in database

3.18.0

Features

  • Added support to use externally generated person identifier as internal one.
  • Added possibility to enable email verification notifications when sign-up is triggered via persons API.
  • Removed Mobile login Identity Provider type and introduced a separate section which allows to configure Mobile login as a login method.
  • The Mobile login functionality can now work with Identity Providers of other than LDAP types.

Bug fixes

  • Step-Up will be triggered in case person account is created with JIT sign-up functionality and used IDP has lower authentication level than requested by the Service Provider.
  • User is being redirect back to service provider when cancelling step-up during a SAML login.

3.17.0

Features

  • Added support for custom SAML Authentication Contexts which allows to log in with predefined social identity provider (more info).
  • Captcha configuration has been moved to administration panel (more info in upgrade instructions).
  • Added possibility to disable captcha.
  • Added possibility to enable welcome email notifications when sign-up is triggered via persons API.

3.16.2

Bug fixes

  • Fixed attribute validation in Jit-signup

3.16.0

Features

  • Added possibility to enable/disable email notifications via admin panel
  • Facebook graph API updated to version 2.9

Bug fixes

  • Fixed possible NPE in kerberos configuration when IDP_KERBEROS_SERVER_KEYTAB_PATH variable not set

3.15.0

Features

  • Extension can discover device type and serve appropriate messages for for mobiles and tablets

Bug fixes

  • Fixed Persistable Properties functionality when IDP is started within Docker
  • Fixed Kerberos Authentication when IDP is started within Docker

3.14.0

Features

  • Just-in-time migration extended by filling user's profile with LDAP mobile phone number.

3.13.1

Bug fixes

  • AD user attribute will be used instead of personId when communicating with Token Server

3.13.0

Features

  • Added support for Microsoft SQL Server database
  • Added just-in-time sign-up feature which can be used to perform automatic sign-up when logging in with LDAP identity provider
  • Added Mobile login functionality
  • Removed exclusive login page for Logging in with identity provider of LDAP type, it is done using standard (Username and Password) login form

Bug fixes

  • LDAP authentication possible by providing query like specified in documentation.

3.12.0

Features

  • LDAP account attributes are returned with SAML login response

Bug fixes

  • Fixed showing message box in the dashboard

Since this version the component versioning scheme does not contain leading zeros in the version numbers

3.11.00

Features

  • Remote cache provider changed to Redis
  • Added possibility to define multiple LDAP identity providers with configuration provided via admin panel

Bug fixes

  • Fixed cache replication

3.10.02

Bug fixes

  • Fixed issue with validating new types of TLDs for email addresses

3.10.01

Features

  • Added possibility to map SAML attributes name on Organisation and Service Provider level (more information in documentation
  • IDP will validate the SDK API version and log appropriate error in case of mismatch

Bug fixes

  • Fixed NPE in statistics module when IDP is started within a docker container and the DB is empty

3.09.00

  • Enhanced Client Proxy SAML (ECP) flow support added to IDP

3.08.00

Features

3.07.00

Compatibility

  • Compatiblity with idp-extension-sdk v3 dropped, please use v4. More information available in idp-extension-sdk documentation

Bug fixes

  • Fixed Infinispan cache replication

3.06.00

Features

  • Added support for authentication over Kerberos protocol
  • Added persistable properties functionality

Bug fixes

  • Corrected a bug where email_address request parameter was ignored unless include_fileds was provided in search API call

3.05.00

Features

  • Introduced additional parameters for person search api (last_modified and include_fields). Please read person search api documentation for more details.
  • Introduced api to create and automatically signup of users
  • Introduced api to set user password without current on verification

3.04.02

Bug fixes

  • SAML Artifact Binding wrong protocol error fixed by introducing additional properties (more in upgrade instructions)

3.04.01

Bug fixes

  • SAML Single Logout error fixed when custom subject name id is used

3.04.00

Features

  • Added support for LDAP authentication
  • SAML artifacts replication enabled after introducting infinispan replicated cache
  • SAML Artifact Resolution Service is served on port together with API
  • SAML Subject Name value configurable via admin panel

3.03.00

Features

  • Added support for SAML Artifact Bindings

Bug fixes

  • Read X-Forwarded-[Proto, Host, Port] headers on each redirect
  • Properties name format fixed (more in upgrade instructions)

3.02.00

Features

  • Switch from xml to env properties configuration
  • Introduce an option to configure HTTP-headers for responses
  • Password reset pages template reworked

3.02.01

Bug fixes

  • Fix missing custom headers in some responses

3.01.00

Features

  • Optional SAML Authentication
  • Previous successful authentication attempt time returned in SAML attributes
  • Introduce headless integration tests driver PhantomJs

3.00.00

Features

  • Overlays support removed
  • Added cleaning crone scheduler tasks on application shutdown
  • Automate documentation publishing
  • Number of dependencies updated
  • Login page template reworked

Bug fixes

  • Fixed email validation to include external services
  • Fixed unable to modify custom messages defined only in extension in administration panel

2.39.00

Features

  • Added statistics API
  • Added integration with BankId
  • Added ability to configure which attributes are visible on dashboard page
  • Added ability to verify invitation using letter or SMS
  • Splitted features tab in admin panel
  • Facebook Graph API 2.1 compatibility
  • Changed statistics generator to include all historical data

Bug fixes

  • Fixed not existing log file error during application startup
  • Fixed visibility of error message when external code is invalid on invitation verification page
  • Fixed too short delay for initial statistics generation

2.38.00

Features

  • Added statistics overview in admin panel
  • Added parametrization of custom messages configured in admin panel

2.38.01

Bug fixes

  • Fixed http 505 error on custom messages view for malformed messages
  • Fixed port forwarding when idp is used with external proxy

2.37.00

Features

  • Adjust session timeout with docker configuration
  • Access API, admin panel and personal site via different ports

2.36.00

Features

  • Multilingual support in custom messages
  • Create attribute configuration page in admin panel
  • Add extension points to connect to Extension API

Bug fixes

  • Fixed step-up process not cancelled on dead-end page
  • Fixed captcha error message not shown for the first time the captcha is shown

2.35.00

Features

  • Allow to disable notifications for certain attributes update
  • Allow to configure HTTP Strict Transport Security header
  • Improved captcha on login screen
  • Improvements for migration implementation
  • Added popover with mobile number requirement description on sign-up page

Bug fixes

  • Fixed response status on PersonApi delete person
  • Fixed missing available language in case only branding message file is defined

2.34.00

Features

  • Change user password through Person API
  • Sign up user through Person API
  • Redirect user to predefined URL after password reset procedure
  • Show password reset screen in preferred user language
  • Extension point for updating profile attributes in external service
  • Move identities icons to dashboard area

Bug fixes

  • Fixed not using default-locale when sending emails

2.33.00

Features

  • Inline SAML login with user credentials as SAML login request parameters
  • Removing authentication tokens on password change for all sessions besides the current one

Bug fixes

  • Added PIN backend validation
  • Fix conditions to show mobile number field on sign-up form

2.32.00

Features

  • Messages can be edited via the admin panel.
  • Delivery code view extended by initial view with information that code has been sent. The second view, where user can enter the code, will be shown after time specified in properties.

Bug fixes

  • Externally delivered code step-up was failing for account without address attribute defined.
  • Service provider metadata wasn't recreated after changing it.
  • Changing the attributes via Person API won't send the notification to the user anymore.
  • Email validation via Person API improved.

2.31.00

Features

  • Externally delivered code step-up method.
  • Reason can be set while blocking or deleting person via person api.
  • The configuration for the link on the logo has been separated from the link on the "Go to home" buttons in the dashboard, e-mail verification and error pages.
  • Authentication token is removed on SAML validation failure.

Bug fixes

  • Fixed deleting custom attributes on person signed up and person enriched.

2.30.00

Features

  • Remove authentication token in specific scenarios
  • Allow to suppress post login action through url parameter.
  • Removed message about attributes to verify during sign-up
  • During sign-up message is shown that sending email send failed in case email verification is mandatory and mail service is not available.

Bug fixes

  • Correct setting authentication token to support all login flows.
  • Fixed content page cache configuration.
  • Fixed person id not visible in admin-console when last name is not filled.

2.29.00

Bug fixes

  • Email sending bug fixed (mails weren't sent due to missing message prefix)
  • Updating custom attributes via person api fixed (error 500 was shown)
  • Message shown after mail change update updated

2.28.00

Features

  • SAML cookie based authentication using SAML PreviousSession context (alpha version)
  • Replace phone number control to use intl-tel-input component

Bug fixes

  • Fixed not showing message regarding attributes on sign-up form after reopening the form

2.27.00

Features

  • Providing custom HTML fragment in <head> section of every page in admin panel
  • Last username is no longer remembered in cookies
  • Add cancel link to step-up page which allows not to proceed with step-up and gracefully return to Service Provider
  • Add option to make mobile number optional with mobile number field shown on sign-up page

Bug fixes

  • Fixed returning wrong total results count in Events API
  • Fixed redirection after login and sign-up in case email verification is required

2.26.00

Features

  • New Event API to retrieve events that were triggered via the Person API by a specific agent
  • Restrict access to the admin console on IP address

Bug fixes

  • SAML SLO gives an error page for some requests
  • Set default country in mobile number form when a user has no mobile number
  • Error handling when updating an e-mail address via the Person API leads to a conflict

2.25.01

Bug fix

  • Column name for Post login action is too long for Oracle databases

2.25.00

Features

  • Post login actions (enrich attributes after second login)
  • Support for SAML passive authentication
  • Mark mail as verified for account created by invitation
  • Required mark (*) removed from all fields ('optional' mark added to optional fields)
  • Login page can be opened without registration link visible

Bug fixes

  • 'PartialLogout' returned by SAML SLO if at least one SP can't be logged out
  • Error message is shown once after failed login
  • Feedback for Remind username via SMS shown in new screen

2.24.00

Features

  • Single log-out for all SAML Service Providers in the current session
  • Send username reminder via SMS
  • Add Cancel button to Password forgotten page

Bug fixes

  • Account notifications should only be sent to activated users
  • Accepting Terms and Conditions can be bypassed
  • Incorrect HTTP status code response from Credential API when it is disabled
  • Long device names break UI in Connected devices list

2.23.00

Features

  • User can reset password using SMS code instead of link sent by email
  • Search person in Person API by phone number

Bug fixes

  • Fixed CSRF Token missing in case name, mobile number and pin are not required

2.22.01

Bug fixes

  • Sign up could not be completed under certain conditions
  • Remove menu for logged in users on page to verify the email address

2.22.00

Features

  • Add option to register an account without providing a name
  • Add option to register an account without providing a mobile number
  • Add option to migrate an account without providing a date of birth
  • Add option to only allow persons with a verified email address to log in
  • Show if the password meets the policy when setting a password
  • Add support for searching a person via Person Search API by a part of their email address

Bug fixes

  • Fix to clear maintenance notification message

2.21.01

Bug fixes

  • Fixed not storing custom attributes in database after just-in-time migration
  • Fixed error on creating person via Person API in case custom attributes is set to null

2.21.00

Features

  • Add option to plug in just-in-time migration after login
  • Add option to migrate user on Credentials API call
  • Add option to migrate user on password reset request
  • Add option to verify external user repository to check whether username is available on sign-up and email change
  • Allow to search for user using partial match on email in Person API
  • Add basic authorization properties for external email gateway

Bug fixes

  • Fixed error message on password change screen when provided current password is invalid

2.20.00

Features

  • Hook to check check user existence in external user repository

Bug fixes

  • Fixed Person Search API returning non-empty list with null for search with no results

2.19.00

Features

  • Credentials REST API to verify person credentials
  • Password policy configurable in admin panel

Bug fixes

  • Added metadata to step-up related events
  • Added explanation for verification code removed event
  • Showing correct status of mobile number verification on change mobile number page
  • Spaces are removed from mobile numbers when stored and when used to send SMS message

2.18.02

Bug fixes

  • Don't show icon for mobile number verification in change mobile number form

2.18.01

Bug fixes

  • Correct FormValidatorUtils bean include that broke the overlay

2.18.00

Features

  • Placeholder for analytics script in the head section

Bug fixes

  • Prevent iOS devices from zooming in when an input field is selected
  • Catch all exceptions when sending an email to a removed person
  • Do not allow to create a person with an empty or invalid email address via the person API

2.17.00

Features

  • Application events can be viewed as a list filtered by properties in admin console
  • Links in pages and email can be configured in admin console
  • Mobile number without country code allowed in confirmation field

Bug fixes

  • Removed invalid links in admin console
  • Case sensitive email address confirmation
  • Redirection error after step-up authentication for device removal

2.16.00

Features

  • Sending verification email after changing email address
  • Add Oracle support for Docker
  • Allow to disable mobile number verification
  • Allow to send emails by connecting external service

2.15.01

Bug fixes

  • Always send a person signed up command on invitation complete even when no attributes are changed.

2.15.00

Features

  • Allow to resend invitation when previous invitation is still unexpired
  • Introduced api to reset person and remove identities
  • Allow change security related person attributes via person api

Bug fixes

  • Error responses in Person Search API don't contain specific error code
  • Do not show organisation name and logo on login page when in single tenant mode
  • Fixed email and mobile number confirmation on invitation sign up
  • Do not allow storage of empty mobile number via update functionality when pin disabled or pin not available

2.14

Features

  • Improved documentation
  • A default login success URL can be configured
  • Confirmation of an email address at sign-up and change email can optionally be enabled
  • Confirmation of a mobile number at sign-up and change mobile number can optionally be enabled
  • Authentication level required to change password can be configured
  • Authentication level required to change mobile number can be configured

Bug fixes

  • While creating an account, the phone number does not disappear anymore when selecting the country

2.13

Features

  • Added popovers with mobile number explanation, password disclaimer, migration
  • Configure a default URL after login into Onegini IdP
  • Limit long display names in the header to 50 characters to prevent breaking the UI

2.11

Features

  • Onegini IdP can be overwritten to have a similar look and feel as a customer:
    • Links in logo, security indicator and footer configurable
    • There is a document which messages can be overridden for content links
  • All links to content pages to go to my own website

Bug fixes

  • Updated the documentation of Onegini IdP with the new stub
  • SingleTenant last logins are fixed
  • Fix the authentication loop in Onegini IdP
  • Risk based authentication is not passed with Mobile Authentication on a new device
  • JSON response can be vulnerable to JS Array constructor overrides
  • On some pages there was no cancel button
  • Risk based authentication not passed via Mobile authentication
  • Improved text of security page

2.10

Bug fixes

  • Don't want to show when a password reset was triggered with an invalid email address for security reasons

2.09

Features

  • Make it possible to disable the PIN step-up

Bug fixes

  • Change email functionality does not indicate a duplicate email address
  • Styling of emails contained a bug

2.08

Bug fixes

  • Replicate the cache for storing SAML request id in order to prevent SAML request replay attacks