News

February 22, 2024

New maintenance release: PIM 6.1.2

PhenixID are proud to announce the new release of PhenixID Identity Manager 6.1.2. The new release improves the stability, compatibility and security of your solution, and is recommended for all installations.
Maintence release

PIM 6.1.2. mainteance release resolves the following issues

PIM-1381 MULTILISTSTRINGCONTROL HANGS
PIM-1382 DEFAULT VALUE HIDDEN IS SENT TO AS EMPTY VALUE TO PIP
PIM-1382 DEFAULT VALUE HIDDEN IS SENT TO AS EMPTY VALUE TO PIP
PIM-1388 CUSTOM CONTROL FAIL TO RETURN DISPLAY NAME WITH SPECIAL CHARACTERS
PIM-1393 NO SCROLLBAR IN MAIN MENU IF YOU COLLAPSE THE WIDTH
PIM-1395 MULTILISTSTRING IS NOT DISPLAYED INTERMITTENTLY
PIM-1401 MANAGER SEARCH ENGINE STOPS WORKING WHEN INCORRECT NAME/LETTERS IS TYPED AND SEARCHED
PIM-1411 FORMS PATH IS SET TO OTHER FORM

 

Read the full release notes for Identity Manager 6.1.2 here


Show more
February 22, 2024

New release: PhenixID Signing Workflow 2.5.0

 

PhenixID Signing Workflow 2.5.0 improves the stability, compatibility and security of your solution, and is recommended for all installations.
HIGHLIGHTS

 

The highlight for the 2.5.0 release includes the ability edit already created errand

Edit errand

Prior to this release, the only thing that was possible to update on an errand was the expiration time. If the wrong person was invited as a signer, or someone was missing, a soliciotor had to delete the old errand and create a new one. Signers who had already signed the document had to sign again. This release adds the possibility for the solicitor (via GUI or API) to edit an already existing errand

  • Signers that hasnt yet signed can be removed
  • New signers can be added
  • The descirption of the errand can be updated
  • The priority order for signers who hasnt yet been invited (in queue) can be changed

Reminding signers

In the configuration its possible that a emial reminder is sent prior to the errand expires. Now a solicitor can also trigger a reminder email to a signer that hasnt yet signed by clicking a button in the GUI

 

IMPROVED FUNCTIONS

  • SWF graphical issues (mobile responsiveness) has been resolved

 

BUG FIXES

IGA-467 Do not log out when changing language’
IGA-504 Runtime error when uploading first document

Read the full release notes for Signing Workflow 2.5.0 here


Show more
February 14, 2024

Maintenance release – PAS 5.0.1

This new release includes defect fixes and addition of minor functions for the 5.0 release, and is recommended for all 5.0 installations.
 

Bug fixes

The 5.0.1 release includes important bug fixes for the 5.0 release, including

MSSQL using integrated authentication, ACS-URL validation, security vulnerabilities mitigation and TLS version for MiuLookupValveApp.

 

New/updated features

The 5.0.1 version does only contain defect fixes

See full patch release information for 5.0.1 here:

 


Show more
February 14, 2024

Maintenance release – PAS 4.7.3

This new release includes defect fixes and addition of minor functtions for the 4.7 release, and is recommended for all 4.7 installations.
 

Bug fixes

The 4.7.3 release includes important bug fixes for the 4.7 release, including SAML2SithsEid, SAML ACS-URL validation and DSS-signing.
See full maintenance release information for 4.7.3 release here:

 


Show more
December 22, 2023

New release: PhenixID Authentication Services (PAS) 5.0

PhenixID is proud to announce the new release of PhenixID Authentication Services (PAS) 5.0. The new release improves the stability, compatibility, and security of your solution, and is recommended for all installations.

 

HIGHLIGHTS

 
Finally the PAS 5.0 version see the light of day! This version is a major technical upgrade, compared to 4.7 and earlier versions. It brings significantly better security level as well as futureproofing and enabling of further enhancements. There are no significant changes in terms of functionality or usability in this initial 5.0 version.

 

Increased security

PAS 5.0 includes a significant reduction of software security vulnerabilities in third party librariues used. The build and testing of PAS software has been enhanced by a mandatory vulnerability (OWASP) check, meaning that the software build process will catch known vulnerabilities – in each recurring and scheduled build.

 

Upcoming features

As PAS 4.7 branch is moved to maintenance mode, new and enhanced features will be developed and released on this new 5.0 branch. This strategic move ensures that new features are built on a more modern platform.

 

Inclusion of additional modules and valves in the product

Prior the 5.0 release, some specific modules and valves were treated as standalone entities necessitating separate installation procedures. By consolidating these components into the core product, you benefit from a more cohesive and streamlined life cycle management process, guaranteeing the availability of the latest and most secure versions – thereby fortifying the overall integrity and security of the system

Known limitations

Initially we recommend this version for those using internal HSQLDB database or MSSQL only

 

Read the full release notes for Authentication Services here:

 


Show more
December 20, 2023

New release: PhenixID Signing Workflow 2.4.0

 

PhenixID Signing Workflow 2.4.0 improves the stability, compatibility and security of your solution, and is recommended for all installations.
HIGHLIGHTS

 

The highlights for the 2.4 release includes the ability invite external signers using email address as well as the possibility for the solicitor to validate current signatures wihtou downloading the document

Invite signers using email

Prior to this release, it was possible to invite signers from the organizations AD or to add them based on personal number. In some scenarios this could not be enough

  • Asking for, or storing, personal numbers can be sensitive. Organizations could for example have policies saying its not allowed
  • Sometimes the exact signer isnt known, for example in the case where someone at a subcontractor firm should sign

The 2.4 version allows the solicitor to invite a signer using only email address. Important to know is that anyone with access to the mail could open the mail and sign it, so it is important that the solicitor at completion verifies that the signee is expected.

Validation of signatures

PhenixID Authentication Service has a function to validate the authenticity and integrity of a signed document. Added in 2.4 release is the possibility to trigger such a validity check directly from SWF GUI.

 

IMPROVED FUNCTIONS

  • SWF SW shown for solicitors and administrators

 

BUG FIXES

IGA-470 Emails not sent when errand has expired
IGA-499 Tag values not reset after order created
IGA-500 Failed to decode downloaded font error

Read the full release notes for Signing Workflow 2.4.0 here


Show more
December 1, 2023

Maintenance release – PhenixID Authentication Services (PAS) 4.7.2

This new release includes defect fixes and addition of minor functtions for the 4.7 release, and is recommended for all 4.7 installations.
 

Bug fixes

The 4.7.2 release includes important bug fixes for the 4.7 release, including

App switching on iOS17 for BankID, Freja eID and SITHs, making sure the user doesnt manually have to switch back to the correect browser. Security vulnerabilities mitigated. Problems with internal federations at restart. SAML updates including support to handle large requests, handling missing scope and AuthnContectClassRef

 

New/updated features

More attributes available from Freja eID including documentType, documentSerialNumber and photo. Possiblity to force PipeAuthenticator to always be triggered

See full patch release information for 4.7.2 here:

 


Show more
October 18, 2023

Maintenance release – PhenixID Authentication Services (PAS) 4.7.1

This new release includes defect fixes and addition of minor functtions for the 4.7 release, and is recommended for all 4.7 installations.
 

Bug fixes

 

The 4.7.1 release includes the following fixes

  • PHX-2963 resp_attributes type 6 (Service-Type) value returned incorrectly

    Service-Type attribute in RADIUS always returned the wrong value.
    Now updated and the Service-Type attribute can now be set using PropertyAddValve

  • PHX-3030 Wrong language is show in PSS if brower is set to Swedish

    If Chromium based browser have Swedish as default language, the Password Selfservice service would show a mix of English and Swedish

  • PHX-3068 Signing, OCSP/CRL: Incorrect validation

    Validation of OSCP/CRL tokens failes since wrong value is compared

  • PHX-3110 BankID – 400 response when signing gives Java error

    BankIDSignValve and BankIDCollectValve woudl generate a java error if BankID returns a 400 response.
    The solution also includes an update where the errorcode of the 400 response is forwarded to the application

  • PHX-3122 IOS redirect to native browser when using non native browser

    Independent of which browser is used when initiating a BankID authentication, iOS devices will redirected back to default web browser

  • PHX-3170 Add loginhint to OIDC to auth-request

    Support for “login_hint” in OIDC auth-request is missing

  • PHX-3188 Clear “SAMLSignApproved” with the rest of the SAML attributes on a new SAMLRequest

    Attribute SAMLSignApproved is not cleared

  • PHX-3189 validateSchema for SAML SignMessage causes freeze/crash in some environments

    validateSchema function in SAMLAuthRequestDecoder freezes/chrashes, preventing SignMessage to be parsed

 

New/updated features

 

  • PHX-3021 Add support for basic authorization in bankid proxy module

    Support basic authorization header in BankID proxy/api

  • PHX-3102 SithsEidCollectAuthenticationStatusValve that returns Inera response intact as json

    Return the intact Inera response as json

  • PHX-3108 BankID 6.0 Phoneauth via proxy/api

    Phoneauth endpoint according to BankID 6.0 added in BankID proxy/api

  • PHX-3112 OpenID Connect Session Management 1.0

    Support for OpenID Connect Session management 1.0 implemented

  • PHX-3126 Add BankIDPhoneSignValve

    Add BankIDPhoneSignValve according to BankID 6.0

  • PHX-3127 Make it possible to expand requirement from request in BankIDAuthenticateValve and BankIDSignValve

    Add the possibility to add requirements in a request when using HTTP API with BankID valves

  • PHX-3171 BankID 6.0 Phonesign via proxy/api

    Add Phonesign endpoint according to BankID 6.0 to BankID proxy/api

  • PHX-3187 Make AssertionConsumer strict scoped attribute validation option

    Let the administrator decide by config if AssertionConsumer should use strict scoped valdiation or not

See patch release information for 4.7.1 and read the full release notes for PhenixID Authentication Services 4.7 here:

 


Show more
September 20, 2023

PhenixID – New Release: Identity Provisioning 6.3.3

PhenixID is proud to announce the new release of PhenixID Identity Provisioning (PIP) 6.3.3. The new releases improves the stability, compatibility, and security of your solution, and is recommended for all installations.
 

MAINTENANCE RELEASE

IMPROVED FUNCTIONALITY

  • PIP-721 Add a body option to the REST DELETE Handler action
    REST DELETE Handler now have the possibility to include a body to the delete requests
  • PIP-723 Add a Copy post action
    Select a post in the LDAP tree that you want to create an copy of and point to the OU where the copy should be saved
  • PIP-731 Improve SQL action to handle errors
    Any errors in a SQL write action is now also included as an attribute in the return value of the action

BUG FIXES

  • PIP-720 Syntax Attribute Validation is not emptied after a successful syntax is read
  • PIP-722 Retrieving large multivalues will eventually take the enumerating LDAP connection, causing corruption and closed LDAP connection
  • PIP-724 WriteToLDAP: Not always setting error attribute on failure
  • PIP-725 Policy Debugger: Large text attributes are slow to render
  • PIP-726 Settings multiple schedules from policy tab does not get saved
  • PIP-727 Import objects dialog: No error handling for missing icons
  • PIP-729 Import Prefix writes to Schedule reassign
  • PIP-732 Write to LDAP action sometimes does not write Binary to ldap
  • PIP-735 Session transmitter does not work

Read the full release notes for Identity Provisioning 6.3.3 here

 


Show more
August 31, 2023

New Release: PhenixID Signing Workflow 2.3.0

 

PhenixID Signing Services Workflow 2.3.0 improves the stability, compatibility and security of your solution, and is recommended for all installations.
HIGHLIGHTS

 

The highlights for the 2.3 release includes the ability to delete signing errands and the possibility to anonymize the information about a specific user (GDPR compliance)

Deleting errands

All errands are saved in the SWF database for future reference, althought the actula document can be deleted after a configured lifetime. Organizations might have policiys to delete information about digital errands after a specific time.  It could also be that errands that arent successul (maybe someone refused to sign) chould be removed right away to avide clutter. Added in 2.3 there are 3 different ways to delete an errand

  • Scheduled jobs – configure the lifetime of errands for a specific state
  • Delete signing errand via GUI
  • Delete siging errand via API

Anonymizing signer

Siging errands in SWF database include information about the people set to sign, information that could include AD usernaname,  e-mail address or social security number (“personnummer”). General Data Protection Regulation (GDPR) adopted by European Union in 2016 regulates the use and ownership of personal data. It includes the right for any person to be forgotten and have their information removed from any data storage.

To help the administrator to comply with GDRP, SWF 2.3.0 includes the possibility to anomynize a user. The administrator can execue a job to anonymize a user based on either UUID, personnummer, username or email address. At anonymization, errans including the user that has asked to be forgotten are updated and all information about this user are replaced with “anonymized”, however still present in the errand database. For example, a errand including users john.doe and jane.doe, where john.doe is anonymized will still be present but when opened it says that the signers are “jone.doe” and “anonymized”.

 

IMPROVED FUNCTIONS

In addition, several features have received minor improvement including:

  • Added additional Java arguments for Hazelcast in the startup scripts to get the best performance results
  • Set notifyUser parameter via API
  • Minor GUI improvements

 

BUG FIXES

IGA-434 Can’t change language
IGA-438 Empty defaultLanguage config value cause crash

Read the full release notes for Signing Workflow 2.3.0 here


Show more
Load more news