| | There is a new flow step User Identification by Data Step. This step allows the identification of users in authentication and public self-service flows by the user's context data. Which context data to use is configurable on the step. |
| | Analogous to the Username Password Authentication Step, it is now possible to define a Custom Step UI to configure additional authentication buttons as well as self-registration and public self-service links, for the following steps: User Identification Step, Password-only Authentication Step, Fido Passwordless Authentication Step, and Airlock 2FA Usernameless Authentication Step. In the context of this issue, the plugin Username Password Authentication UI has been renamed to Link Configuration Authentication UI. |
| | There is a new IAM-wide REST endpoint, which returns all public keys used for signing JWTs in the Loginapp. - This includes public keys from the following plugins:
- JWT Ticket RSA Signer Settings
- JWT Ticket EC Signer Settings
- Oauth 2.0 and OIDC Private Key JWT Client Authentication
- OAuth 2.0 and OIDC JWT Access Token Private Key Signature
- OIDC ID Token Private Key Signature
For more details on this new JWKS endpoint, see JWKS endpoint. |
| | The FIDO Default AAGUID Mappings plugin provides a pre-defined list of known FIDO authenticators, which maps each AAGUID to a make and model. This list has been updated, based on data from the FIDO Alliance Metadata Service on 4 July 2024. |
| | It is now possible to define a list of FIDO transport types that are allowed for authentication. Thus, you can limit the number of FIDO transport types to be used in your setup. Examples of FIDO transport types are Bluetooth, NFC, USB, internal, etc. Limiting the allowed FIDO transport types is only possible if FIDO is used as second factor in an authentication flow. The feature doesn't work for FIDO passwordless authentication. To configure the allowed FIDO transport types in the Config Editor, go to MAIN Settings >> Authentication Settings >> FIDO Settings. Specify the list of FIDO transport types in section Authentication Settings, property Authentication Transports. |
| | The plugin Cronto Push Notification Sender no longer supports the property Android API Key, as Google removed support for this method in June 2024. For more information, see https://firebase.google.com/docs/cloud-messaging/migrate-v1. |
| | The new event Filtered Flow Event allows Loginapp event subscribers to filter events based on flow ID, step ID, or flow type (authentication, public self-service, etc.). Additionally, events that are emitted during a step with a step ID now always include this step ID in the event source data. This was not always the case in the past. For more information, see Filtered Flow Event. Note that the new event is not available for Adminapp event subscribers. |
| | Instead of being shown an error message, the user will now be redirected to the default login page when a maintenance message is no longer active. |
| | Loginapp: In some audit log messages, wrong Service Container prefixes appeared. These prefixes have been removed. |
| | Word template renderers now render replacements containing the ampersand character ("&") correctly. |
| | The following five new properties have been added to the Microgateway mapping templates: global.path.adminapp global.path.loginapp global.path.transactionApproval global.path.apiPolicyService global.path.serviceContainer
These properties define the paths to the respective IAM modules. Previously, the paths were hardcoded to the format <instanceName>-<module>/ , which was incompatible with the options available in the instance.properties file to change the module path (e.g., iam.adminapp.url.path ). |
| | When the domain-wide Active Directory Fine Grained Password Policies (FGPP) contained another policy than the DOMAIN_PASSWORD_COMPLEX policy in the pwdProperties LDAP field, it was misinterpreted. This issue has been fixed. |
| | Fixed an injection problem after an unsuccessful request authentication in the protected Loginapp self-service flows. |