Initial release

Released 2019-11-26

Still on track with both adding new features, improving current ones, and fixing any bugs found. The relevant changes are listed below.

This list below is for the latest release.

New Features

1. Added the option to disallow identical values in users' name fields. The new option can be found in the namespace settings in the “core” tab. When enabled, user’s are disallowed from entering identical values to first name, middle name and last name fields.

2. Contacts REST API: add support for “memberOf” attribute (contacts can now be added to groups via REST API), interpret empty or blank “nsCode” and “locationSite“ values as not provided and silently ignore them.

3. Add support to either allow or deny changing Personal ID via interactive self-service strong indentification (namely suomi.fi-tunnistus in Finland). By default do not allow this change to protect the first strong identification. Shall there ever be a change to the Personal ID, it must come in the system either via automated master route, or via interactive managed strong identification.

4. HPA/YPA (henkilön/yrityksen puolesta asionti) confirm dialog confirm and cancel redirect URLs can be configured in the system preferences.

5. HPA/YPA can now be enabled for specific namespaces in the system preferences.

Improvements

1. Log new user account creation time initial data for easier troubleshooting. We got bit by this on one site. With this improvement, we have this seldom needed, but necessary data point. Sensitive data is not saved, of course.

2. Datastorage to and UI in Management UI to review existing datastorages. This is an important tool for troubleshooting, and auditing purposes.

3. Added auto-generated authorisation types for suomi.fi-valtuudet YPA in use in Finland.

4. Added more Lock settings boxes to protect from human errors.

5. Internal code refactoring to gain more speed.

6. Center all views under OpenID authorisation endpoint (incl. user creation, password forgotten view, error views etc.).

7. Add support for forced authentication for SAML user directories. This ensures that autentication is performed every time user uses SAML user directory authentication and no previous session information is used. Previous behaviour was to cache authentications for a while (time is dependent on external user directory).

8. Add support for electronic identification number (SaTu) via SAML user directory at Finnish suomi.fi-tunnistaminen. This is an supplemental unique personal ID.

9. Add support for multiple email addresses in MyData export JSON.

10. Add a button to role editor’s “groups” tab create a new group with the same name as the role. This makes role management slightly easier.

11. Authorisations with user as the object or subject are deleted when the user is deleted.

12. Authorisation types and sources are deleted when their owner namespace is deleted.

Bug fixes

1. Related to JWKS servlet, some duplicate and unnecessary dependencies (code regression) were removed. This bug never reached production, as it was catched in-flight during development cycle.

Business extension: Product management

1. Refactoring end-points before feature launch. This was the last time we could do it. Practically /sales was just changed to more descriptive /products. Note, /products is primarily for those who want to define their own WebUI to the product management engine we provide.

2. Added filtering and data searchabilty.

3. Added /sales end-point to better support web-shops ant other similar channels to quickly retrieve all permitted products and prices.

Update 3.2.1

Released 2019-11-26

Bug fixes

• Internal cache element regression-related fix.

• Finland: VRK PETP and MUPT related regression fixes.