Version 1.10.10

Resolve bug:

• User id validation bug, which in some cases results in a incorrect session validation check.

Version 1.10.9

• Automatically create mappings between JWT and SAML claim types (configurable).
• Support duplicated mappings of both JWT and SAML claim types.
• DK privilege claim transformers is default configured to replace claims in FoxIDs Control Client.
• Add a Client ID parameter in OpenID Connect RP-Initiated Logout Request.
• Support Amazon Cognito non-compliant OpenID Connect logout with workaround.
• Default not delete sequences to improve the browser back experience.

Version 1.10.6

• Support profiles in the following authentication methods:
  • OpenID Connect
  • SAML 2.0
  • External API Login
  • Environment Link
• Change external API login to use error text on errors instead of only HTTP error codes.
• Support to change the technical name / Client ID / Resource ID on applications and authentication methods.
• Support to change the profile name in authentication methods.
• Support to disable login hint in SAML 2.0 authentication methods in authn request Subject.NameID.
• Increase K8s Nginx buffer size and limited the ID Token size in the authentication method session.
• ITfoxtec.Identity version 2.10.2
• ITfoxtec.Identity.Saml2 version 4.12.7
• NuGet package updates.

Resolve bugs:

• Null reference exception if a SAML 2.0 logout request is received without a NameID.
• SAML 2.0 authn context comparison types do not accept lowercase values.
• Do not update allowed authentication methods on environment links.

Version 1.9.28

• Remove 2FA / KeyVault restriction from free plan.
• Add one day to OpenSearch 30 day logs to support months with 31 days.
• Add Operation ID to error page.
• Improve OpenID Connect auth method empty response error message.
• Default not adding content security policy (CSP) form-action instead of sending "*". Default disabled because Chrome/Safari block redirects and it is impossible to know about further redirects.
• Improve automatically update of OpenID Connect discovery and SAML 2.0 metadata.
• Remove two irrelevant API trace logs.

Resolve bug:

• Add TTL index to MongoDB based cache.

Version 1.9.25

• Accept to return CORS with custom schemes like capacitor://localhost.

Version 1.9.24

• Remove usage type logs from OpenSearch log query.
• Add usage count for external users.
• Not include the master environments in the environments usage count.

Version 1.9.23

• Change logging to make Application Insights optional and support OpenSearch for logging. Configured OpenSearch with the log option OpenSearchAndStdoutErrors.
• Log properties are changed to be more readable and not start with f_.
• Improve MongoDB support and add master data in separate collections.
• Change to use MailKit instead of System.Net.Mail to support implicit TLS.
• Add IgnoreProxyHeaderDomain setting to ignore a specific domain and by that support multi tenant deployment in K8s.
• Add support for 1000 values in processing claims.

Version 1.8.0

• Starting to phase out the use of KeyVault inside the FoxIDs application. KeyVault is still used for secrets in an Azure deployment.
• With this version, application elements are moved from KeyVault and into the database.

> IMPORTANT: Before updating to this version, grant the FoxIDs sites managed identity the Delete secret and Delete certificate permissions in Key Vaults Access policies.

Version 1.7.3

• Kubernetes deployment improved and tested on OVHcloud.
• Docker build libraries used in the GitHub action updated to the latest version.

Version 1.7.2

• Authenticate external users in an External login authentication method by calling an external API. This makes it possible to place users outsight FoxIDs, for example in an existing user store. The username can be the users email or text-based username.
  
• Compare JsonWebKey (certificates) by the Kid parameter instead of the X5t parameter.
• Add SAML 2.0 authn request extensions XML support.

Updated to ITfoxtec.Identity version 2.9.0, the following two changes will only have effect on new certificates:

• Add the X5tS256 value in JsonWebKey according to: The "x5t" (X.509 certificate SHA-256 thumbprint) parameter is a base64url-encoded SHA-256 thumbprint (a.k.a. digest) of the DER encoding of an X.509 certificate [RFC5280].
• Change the X5c value in JsonWebKey to be: The "x5t" (X.509 certificate SHA-1 thumbprint) parameter is a base64url-encoded SHA-1 thumbprint (a.k.a. digest) of the DER encoding of an X.509 certificate [RFC5280].

Resolve bug:

• Set client authentication basic incorrect in OpenID Connect authentication method and use not quite correct encoding.