Unit4 Identity Services release notes

Released January 29th 2018

About this release

This release is version of the Unit4 Identity Services (U4IDS). These release notes contain important information about U4IDS and provides an overview of features included in this release, important information, bug fixes and known issues.

Important: On premise installation of U4IDS is not supported

Unit4 Identity Services is not available as an installable service. Unit4 only provides U4IDS as a multi-tenant cloud service. On premise support has been removed from U4IDS.

Features included in this release

The following features are included in this release:

Support for multiple SAML-SP Identities

U4IDS can now be configured to have multiple SAML-SP identities. This is useful when several tenants use SAML against the same SAML-IDP federation, and each have to be configured separately on the IDP side. Tenants can be assigned to one of the additional SAML-SP entities using 'saml2-sp1', 'saml2-sp2' and so on in the protocol setting of their tenant configuration.

Send id_token_hint to external OIDC providers at logout

U4IDS will now keep external id_tokens encrypted in the database, and pass them as id_token_hint to the external provider at logout. This makes U4IDS support logout from OIDC providers like OKTA that operate with id_token_hint as a mandatory parameter.

Support for discovery when clients do not send tenant id to authorize endpoint

U4IDS will now provide a partial login experience when clients do not send acr_values. Only tenants that enroll / configure to participate in the partial login will be discoverable (AllowPartialLogin).

Verified IdPs

This version has been tested and verified with the following IdPs:

Note that this is not an excluding list.

Bugs fixed in this release


Known issues