Note |
---|
Preview |
Info |
---|
This release also contains the changes from version 8.4.3 → https://itsense.atlassian.net/wiki/x/AYBRm |
CoreOne Admin User Interface
Features
Additional XSS attack mitigation strategies were implemented.
Bug Fixes
Fixed an issue on the resource provisioning configuration where it wasn’t possible to remove an existing workflow anymore
CoreOne Admin User Interface 2.0
Features
Employment attributes can now be managed in the new Admin Us
CoreOne Authentication Services
Features
Breaking change: Minor design changes have been applied to improve readability, usability and the overall look and feel. Among various changes, there is now a default background image. Please review your design after the update and adjust to your CI / CD. You can disable the background image by adding
background-image: none;
Breaking Change: In order to access the Permission API (
/api/permission
), users now must have theCoreOne Authentication Service API Read Permissions for any Application
resource assigned. As the name suggests, this endpoint allows to read all the permission of any applicationsA new Permission API that will only return the permission based on the token (and the associated client / application) has been added (
/api/permission/myapplication
). More information can be found here.There is a new
scope
to request a new minified version of theroles_with_context
claim. You can find more on this topic here: https://itsense.atlassian.net/wiki/spaces/IKB/pages/2036400151/Token+Assignment+Context#roles_with_context_min .Claim types can now be limited in size to make sure that tokens don’t surpass a certain size. You can find more on this topic here: https://itsense.atlassian.net/wiki/spaces/IKB/pages/1992982615/Token#Claims-in-access-token .
Logout propagation to external identity providers has been implemented. You can find more on this topic here: https://itsense.atlassian.net/wiki/x/KgDDm
The validation of the place of birth in the AHV verification method has been made optional. You can set
ValidatePlaceOfBirth
to false in the configuration to do so. You can find more on this topic here: https://itsense.atlassian.net/wiki/x/awADkwThere are two new quality of registration paths which don’t offer the manual option. You can find more on this topic here: https://itsense.atlassian.net/wiki/spaces/IKB/pages/2222456878/Quality+of+Registration+QoR#Configuration
Fidentity verification method
The users language is now passed to the identity verification service fidentity.
The evidence files are now being downloaded and can be stored locally using a workflow
When the user is being deleted, the evidence files can be deleted using a workflow
The default log configuration was adapted to keep the log files for 100 files and a maximum of 10 MB per file
Bug Fixes
Breaking change: The issued
roles_with_context
claim had aClaimValueType
ofCoreOne:iTsense.CoreLogin2.Shared.Models.RoleClaim.RoleClaim
instead ofurn:coreone:authentication:role:with_context
. Should you somewhere reference to the old, incorrect value, please adjust it.The
username
claim could not be used in theid_token
andaccess_token
because of its special storage type (multiple usernames are supported). It’s now possible to map theusername
to any scope.Fixed an issue in the registration process where it could lead to an error when changing the language
SMS sent while in the registration process did not always include the screen reader version
CoreOne Application Services
Features
There are new workflows available to define approval workflows for both roles and roles types. You can find more on this topic here: Role/Role Type Workflows .
Manual Role assignments can now be bound to an employment. If the user looses the employment, he will also loose the role assignment. Setting this relation is currently supported from within workflows but not yet from within the user interface. This feature will follow.
The default log configuration was adapted to keep the log files for 100 files and a maximum of 10 MB per file
The column
attribute_edit_mode_id
has been dropped from the tableservicedmcore_core_identity_type_attribute_mapping
as they are no longer needed
Bug Fixes
The anonymization of users did not anonymize the
read only email address
on the Core Identity and worked not correctly in some cases
CoreOne Self Service Portal
Features
A double submit issue in the web shop has been resolved. The issue could lead to ordering the items twice.
Breaking change: The permissions to read the QoR and QoA have been removed from the default
CoreOne Suite Self-Service User
security role and added to an own role calledCoreOne Suite Read Own QoR / QaA
. This security role will also give you permissions to the appropriate Self-Service widget. You can find more information on this topic here: https://itsense.atlassian.net/wiki/x/FYDDk
Bug Fixes
Orders could be executed multiple times when pressing the confirm button, this got fixed by hiding the order popup after clicking the button for the first time
When selecting a date on the Auto-Ident initialization screen, users might have been redirected to the wrong destination. This happend when users selected a date from the previous month. So for example, when the selector was in June but the user selected the last day of May
A feedback message is now being shown when a successful support request was started
CoreOne System Connectors
Bug Fixes
Fixed an issue with the WIKO system connector attribute bindings that were wrong
Deleting of CoreOne Suite users was throwing an error because of their authentication devices, this got fixed
The APIv2 method
find-object-id-in-target-system
wasn’t working when the searched attribute was the common name (CN) ← NOT YET FIXED
CoreOne Workflow Services
There are new DMS workflow activities to search, create and delete documents. You can finde more on this topic here: https://itsense.atlassian.net/wiki/x/awASm .
There are various new workflow activities you can use to manage approval from within workflows. You can finde more on this topic here: https://itsense.atlassian.net/wiki/x/DoHJlg
Tools
Features
SqlVersionExecutor now supports executing the SQL directly from the tool