Unit4 Identity Services 3.4.0 release notes

Released September 4th 2019

About this release

This release is version 3.4.0 of the Unit4 Identity Services (U4IDS) that consists of IDS Core, IDS API, IDS API SDK, IDS PowerShell, AccessManagement SDK and the IDS Portal. These release notes contain important information about U4IDS and provide an overview of features included in this release, important information, bug fixes and known issues.

Features included in this release

The following features are included in this release:

Portal support for importing and exporting localized scope texts

From the localized scope text screen in the portal you can now import, or export created texts. The name of the file must be the scope name and the format must be json.

Portal shows current IDS Uri

On the start page of the portal you can see the authorization and metadata Uri's of the current IDS.

IDS send client id to external IDP on login

The ids client id will be in the response header to the external IDP when you log in. The name is u4_ids_client

IDS Increased allowed length for redirect Uri

The allowed length of redirect_uri has been changed to 1024

API Should handle backslash in secrets when reading from the Tenant store

We now escape \ and " characters when we read from the store.

Bugs fixed in this release

• Fixed: U4IDS Authorize request's tenant parameter is case sensitive, should be case insensitive..
• Fixed: U4IDS API Fix HttpContextEnricher. If certain query string parameters, or certain claims are missing, we throw an unhandled exception.
• Fixed: U4IDS API Cant update AllowedForTenantSpecificClients flag after scope has been created.
• Fixed: U4IDS Portal XSS vulnerability in history
• Fixed: U4IDS Portal Fix Confirm form resubmission error when first searching for clients, selecting one and then go back.
• Fixed: U4IDS An attempt has been made to fix the login issue that requires a restart on ws-federation. Since we havent been able to recreate it we cant be sure that it will fix the issue.

Known issues

• U4IDS does not have a feature to store SAML IdP metadata. IdP metadata must be accessible publicly on the provider site, or placed on a publically available place (e.g. DropBox, Azure Storage, OneDrive or similar).
• Since IDS 3.1.0 we no longer support the v1 administration interfaces
• Migration from v1 administration interfaces must be done on IDS 2.1 first. There is no migration solution from 1.x directly to 3.3.0.
• Migrating from 3.0/3.1/3.2 to 3.4 can take a long time if the Audits table is large
• The Redis reconnect functionality in 3.1 have been removed.
• IDS Portal Client/Scope Secret history is no longer a separate command, but can be found in the scope and client history.
• There is a bug on redirect on logout that redirects to the wrong application sometimes. A patch will be created as soon as it has been fixed.

Patches

Authentication service

• 3.4.1 - Fixed the wrong redirect on logout for ws-federation.
• 3.4.2 - Fixed the wrong redirect on logout for OpenID Connect.
• 3.4.3 - Fixed only to see Tenants that allow partial login in the partial login screen.

Portal

• 3.4.1 - Fixed a bug with getting an exception while trying to log in without being a registered user, preventing users from requesting access.
• 3.4.2 - Fixed the "Validating the 'at_hash' failed" error when logging in to IDS4