Version 1.0.7

ARM deployment updates:

• Only App services is accessible from the Internet.
• VLAN with subnets.
• Subnet for App services, Cosmos DB and Key Vault.
• Subnet with Private Link to Redis.
• Subnet with Azure Monitor Private Link Scope (AMPLS) to Application Insights and Log Analytics workspace. Logs are not accessible insight the Azure Portal.

Logging:

• Do not log to Application Insights from client JavaScript.

Version 1.0.6

• Support Home Realm Discovery (HRD)
  • Support selecting all allowed up-partis using a star (*) in round brackets.
  • Support selecting 4 up-parties by name.
• Cache tracks, down-parties and up-parties in Redis.
• Handle OIDC up-party GET error response.
• Add use = sig to OIDC Discovery keys.
• Add kid to keys from KeyVault in OIDC Discovery keys.
• Login dialog support bigger CSS containing up to 20,000 characters.
• Increase max claim value length. Default form 300 to 1000 and embedded JWT tokens from 2000 to 4000.
• Danish translations added.
• Resolve: Unable to delete the last allow CORS origins in Control Client down-party.
• Resolve search user bug
• Texts are sorted by ID.

Version 1.0.5

• Add improved support for installing FoxIDs with a reverse proxy.
• Support for empty Accept-Language HTTP header.
• Resolve upload p12 certificate bug.
• Move risk password upload from Control Client to seed tool.
• Resolve test risk password bug in Control Client.
• Support up-party OpenIDConnect without token endpoint (Facebook).

IMPORTANT - Before installing:
Navigate to the FoxIDs App Service in Azure Portal, select Configuration and add the new setting Settings:FoxIDsEndpoint with either the FoxIDs App Service site domain (including https://...) or the custom primary domain used for the site.

Version 1.0.4

• Add support for and require Workspace-based Application Insights instead of Classic Application Insights.

IMPORTANT - Before installing:

1. Upgrade your Classic Application Insights to Workspace-based Application Insights.
2. Navigate to the new Log Analytics workspace and read the Workspace ID on the Overview page.
3. In the new Log Analytics workspace, select Access control (IAM) --> Role assignments and grant the FoxIDs Control managed identity the Reader role.
4. Navigate to the FoxIDs Control App Service, select Configuration and add the new setting Settings:ApplicationInsights:WorkspaceId with the Workspace ID as the value.

Version 1.0.3

• Support custom domain.
• Support reverse proxy - read standard HTTP headers and the FoxIDs X-FoxIDs-Secret HTTP header.
• OAuth 2.0 creation flow in Control Client improved.
• Not require to add a redirect URI when creating a OAuth 2.0 clients, matters for Client Credentials Grant.

Version 1.0.2

• Add support for multi-factor authentication (MFA) by adding support for two-factor authentication (2FA) with an authenticator app like Anthy, Google Authenticator, Microsoft Authenticator and others.
• Support wildcard: claims accept in up-parties and claims issue in down-parties.
• Add support for if not output claim in map and regex map claim transform action.
• Add support for external images in Login CSS.
• Keep the Control Client dialog open on create / update and show toast on successfully create / update.
• Change default login up-party OIDC sub format / SAML 2.0 name Id format - from email to persistent.
• Configuration CollectionId and TtlCollectionId changed to ContainerId and TtlContainerId.

> IMPORTANT: Before installing, grant the FoxIDs managed identities additional Key Vault secrets permissions. Grant the FoxIDs site the Set secret permission and grant the FoxIDs Control the Set and Delete secret permissions in Access policies.

Version 1.0.1

• FoxIDs is upgraded to .NET 6.0.
• More certificate handling functionality added in the Control API.
• The Control Client do less certificate handling.
• Control Client and API support .P12 certificate format (certificate conversion tool has been removed).
• HttpClient in FoxIDs site and Control API is configured with smaller max download size and timeout value.
• Read SAML 2.0 metadata use IHttpClientFactory and the metadata XML size is validated.
• ARM deployment sourcecontrols bug has been resolved.

If you are upgrading an existing FoxIDs installation please change the .NET version to .NET 6 on all four App Services after successfully upgrading to this version. However, this version runs fine on both .NET 5 and .NET 6.
The .NET version is set to .NET 6 under the App Service General settings.

Version 1.0.0

First fully featured FoxIDs release

Supporting:

• All tokens are JSON Web Token (JWT) (RFC 7519)
• OpenID Connect 1.0 supported in both down-parties and up-parties
  • OpenID Connect Core 1.0
  • OpenID Connect Discovery 1.0
  • OpenID Connect Session Management 1.0
  • OpenID Connect Front-Channel Logout 1.0
  • OpenID Connect RP-Initiated Logout 1.0
• Proof Key for Code Exchange (PKCE) (RFC 7636) supported in OpenID Connect down-parties and up-parties
• SAML 2.0 supported in both down-parties and up-parties
  • SAML 2.0 Core
  • SAML 2.0 bindings limited to POST and redirect binding
  • SAML 2.0 metadata
• OAuth 2.0 (RFC 6749) limited to down-party Client Credential Grant
• Authentication / login
• A user repository per track
• UI customization and cultures
• Convert between OpenID Connect and SAML 2.0
• Claims transformations