Unit4 Identity Services 4.4.0 release notes

*Release 2021-05-03

About this release

This release is version 4.4.0 of the Unit4 Identity Services (U4IDS). These release notes contain important information about U4IDS and provides an overview of features included in this release, important information, bug fixes and known issues.

About Unit4 Identity Services

U4IDS is the single Identity Solution and architecture for the Unit4 eco-system​, allowing users to have one single identity for log on across multiple applications.

  • It provides as a federation gateway​ to each customer organization’s Identity Provider or identity solution
  • It standardizes on OpenID Connect for authentication​
  • It supports multi-tenant applications
  • It supports the following external identity provider protocols:
    • SAML 2.0 protocols
    • WS-Federation
    • OpenID Connect
  • It allows web API and Powershell based administration of tenants, clients and scopes
  • It allows external claims transformation/harmonization and introduces Unit4 Identity claim​
  • It supports native clients and browser-based clients (through Implicit flow and Hybrid flow​)
  • It enables secure machine-to-machine communication between services (through Client Credentials flow)
  • It supports cloud deployment only

IdentityServices 4 builds on asp.net core 3.X and extends IdentityServer 4. More about IdentityServer 4 can be found here: https://identityserver4.readthedocs.io/en/latest/ More about Asp.net core can be found here: https://docs.microsoft.com/en-us/aspnet/core/?view=aspnetcore-3.1

Features included in this release

  • Update IDS to IdentityServer4 version 4.
  • Redesign of UI according to new Design guidelines.
  • Updated Redis cache handling to make it more resilient.

Known issues

  • From 4.1.13 existing data protection key in Redis is replaced with new data protection key in database. Users that are already logged in may get an error when logging out. After reconnecting there should be no more problems.

Note

  • Admin api version 2 endpoints are obsolete and will be removed in the future.
  • Scope settings AlwaysIncludeInIdToken and IncludeAllClaimsForUser is not supported in IdentityServer4. Instead you can add the claims you want in the identity token in requested identity scopes and the claims you want in the access token in requested resource scopes. However, we recommend using the user-info-endpoint instead, to keep the tokens small.

Patches

Authentication service

  • 4.4.1 The username field and logout button have returned to the consent screen due to popular demand.
    • Partial login input field will get focus.
    • Resolved dependencies to vulnerable assemblies.
  • 4.4.2 Failed to log in using OpenID Connect with any other IDP than Azure AD.
    • If getting OpenID Connect metadata from cache during login failed for any reason the login also failed.

Administration API

  • 4.4.1 Resolved dependencies to vulnerable assemblies.

Administration Portal

Powershell cmdlets