Unit4 Identity Services 1.3.0 release notes

Release 31st March 2017

About this release

This release is version 1.3.0 of the Unit4 Identity Services (U4IDS). These release notes contain important information about U4IDS and provides an overview of features included in this release, important information, bug fixes and known issues.

Features included in this release

The following features are included in this release:

User consent

U4IDS now supports the concept of user consent. User consent is applicable in scenarios where applications would like or need consent (permission) from a user to use their data. For more information see Consent overview and the Consent guide.

Improved act-as custom grant flow

The act-as custom grant flow has been changed so that all claims (excluding standard open-id connect claims) from the incoming access token are transferred to the new access token. This fix is only provided as a temporary solution for applications using the act-as flow. The act-as custom grant flow is deprecated and will be removed or changed in the next release. Please migrate to user impersonation custom flow.

User impersonation custom grant flow

The new user impersonation custom grant flow is an extension of the act-as flow. This custom grant flow will check whether the user has consented the requested scopes. If the user has not given consent to a scope, it will be removed from the access token and the connected claims will not be included in the token. We recommend that all applications using the act-as flow migrate to the user impersonation flow. The act-as flow will be removed or changed in the next U4IDS release.

Note

The act-as custom grant flow in its current form will be discontinued in the next release of U4IDS.

Bugs fixed in this release

• Fixed: An error occurred when a client was registered with an empty claim. It was possible to register a client with an empty claim through the Admin API. When registering a client with a claim, the claim type property is now required.
• Fixed: Configurable Swagger (API Explorer and Swagger specification). API explorer is now by default deactivated.
• Fixed: Improved strategy for situations where WS-federation middleware is unable to read meta data.
• Fixed: Admin API will not accept special characters (space and .) in Client ID, Tenant ID and Scope name.
• Fixed: Admin API now returns status code 404 rather than 500 when using PUT for non existing client and scope.
• Fixed: Identified memory leak has been removed by changing Autofac configuration.

Enhancements

• Upgraded IdentityServer3 from version 2.5.0 to version 2.6.0 for bugfixes, enhancements. See releases for details.

  • Possible to get ID token in a refresh token request: Include id_token in response from refresh token request

• Upgraded Newtonsoft.Json from version 8.0.3 to 9.0.1

• The unit4_id claim is a vital part of U4IDS. If for any reason U4IDS is unable to map the claims from the external IDP to the unit4_id claim, then it will fallback to the sub claim.

• Azure deployment scripts from version 1.0.0 is no longer supported.