Changelog
4.4. Airlock IAM 7.6 - Changelog

The following tables show the changes from Airlock IAM 7.5 to 7.6.

If not noted otherwise, Loginapp listed features are only available for the Loginapp REST UI and the Loginapp REST API (but not for the JSP-Loginapp).

Airlock IAM 7.6.1

Bugfixes and improvements
Bugfix
AI-15724
Updated Java 17 to include the fix for ECDSA signature validation (see CVE-2022-21449)
Bugfix
AI-15700
Corrected a bug in the configuration migration logic that may cause migrations to fail.
Table 6: Authentication

Airlock IAM 7.6

Airlock 2FA
New
AI-14998
Flow step to order an Airlock 2FA activation letter.
New
AI-13864
Option to lock user upon fraudulent Airlock 2FA authentication attempts.
Change
AI-15210
Display button on Airlock 2FA activation pages for app-to-app activation workflows.
Change
AI-12228
New Adminapp REST endpoint to retrieve Airlock 2FA activation QR codes.
Bugfix
AI-15259
Interpret Token Assignment Additional Where Clause when calculating token statistics.
Table 7: Authentication
New
AI-14269
OAuth authorization server and Open ID provider for authentication flows (AS-centric only). See 17.7.1. OAuth AS configuration - AS-centric for details.
New
AI-13581
OIDC/OAuth authorizations- and sessions management self-service for the Loginapp REST API and UI (AS-centric only).
New
AI-14814
Support for acr_values in flow-based OAuth / OIDC authorization server (AS-centric only). See 17.7.1.5. AS-centric AS - ACR configuration with flows for details.
New
AI-15096
Support for certificate-bound access tokens (RFC8705) in OAuth/OIDC authorization server (AS-centric only).
Bugfix
AI-15094
Fixed context-data handling in OAuth 2.0 Access Token Authenticator.
Table 8: OIDC / OAuth
New
AI-14702
SAML 2.0 IdP support in authentication flows. See 17.2.6. SAML IDP setup with the Loginapp REST API for detail.
Table 9: SAML
New
AI-13101
Remember-Me functionality in authentication flows (REST and UI). See 10.3. Remember-Me in authentication flows for details.
New
AI-15019
Role provider to filter and transform roles.
New
AI-15037
Flow conditions for string and boolean values.
New
AI-13472
Support for user-specific timeouts for Gateway roles after authentication flow.
Change
AI-13605
More flexible username transformation for identity propagation.
Change
AI-14209
Made authentication timestamp available to identity propagators.
Change
AI-14232
Made geolocation available to custom flow steps (not used in product plugins so far).
Change
AI-14836
Generic message providers can select resource key based on variables.
Change
AI-15065
Possible next action codes are documented in the configuration of flow steps.
Change
AI-15133
Used mTAN number or email address are included in relevant REST responses.
Change
AI-12307
Enabled mapping of input fields to nested JSON attributes in UI (Loginapp REST UI).
Change
AI-13482
Reduced loading time and added loading indicator in Loginapp REST UI.
Change
AI-14221
Support for dynamic step activation in Loginapp REST UI.
Change
AI-15121
Support for boolean and date fields in data steps in Loginapp REST UI.
Change
AI-15084
Error IDs from REST requests are logged. (CASE-32371)
Bugfix
AI-15364
AI-15410
Fixed deletion of fields on user data edit and mTAN edit REST endpoints.
Bugfix
AI-15022
Correctly handle user-specific flash SMS settings in flow API. (CASE-32316)
Bugfix
AI-14784
Correctly set auth token ID after mTAN registration during authentication flow.
Bugfix
AI-15431
Fixed validation for password check without username on REST endpoint.
Bugfix
AI-14586
Fixed logout from Loginapp REST UI when no authentication UI is configured.
Bugfix
AI-15316
Fixed Loginapp UI SDK startup problems.
Bugfix
AI-13570
Fixed potential memory leak in flow infrastructure. (CASE-31260, CASE-32188)
Bugfix
AI-15158
Correctly handle all types of credentials in Credential Based Authenticator Selector. (CASE-32400)
Bgfix
AI-15171
Prevent infinite loops in REST UI when clicking a Goto Target button on a polling page. (CASE-32512)
Table 10: Loginapp REST API and UI
New
AI-15269
Support for Privilege Escalation Protected Administrator Roles (PEPAR) in Adminapp.
Change
AI-6805
Option in JWT Ticket Encoder to enforce JWT ID (jti) claims.
Change
DOC-416
Information about the development of custom IAM extensions is no more part of the IAM manual but available as separate documentation.
Change
AI-15392
An INFO logline is now logged after every REST request reporting the path, status, and processing time.
Change
AI-15043
Improved handling of concurrent updates of the user database table. (CASE-32007)
Bugfix
AI-15105
Fixed encoding of multiple roles in SSO tickets. (CASE-32363)
Bugfix
AI-14892
Fixed handling of roles with a timeout (JSP Loginapp).
Bugfix
AI-15386
Fixed sorting of large numbers of log messages in Adminapp. (CASE-32694)
Bugfix
AI-15107
Fixed inconsistent filename suffix handling in renderer tasks. (CASE-32418)
Bugfix
AI-15166
AI-15168
Fixed logging inconsistencies in service container tasks and RADIUS server. (CASE-32608)
Bugfix
AI-15471
Fixed handling of empty passwords over RADIUS (client and server). (CASE-32744)
Bugfix
AI-15606
Fixed Config Migration of empty SkipConditionTag lists.
Table 11: Miscellaneous