Release 6.0.6

Bugs

Ticket #922: Startup CSS - 404

Removed unused CSS files from the SimpleIdServer templates.

Ticket #929: Regression when sending notification after removing a group

Do not publish events when the corresponding property is set to false.

Ticket #926: SCIM performance issue

Fixed a performance issue.

Ticket #925: Minor issue with dotnet new template – configuration not working

Fixed configuration issue in the dotnet new template.

Ticket #928: Check for unique userName violation

Added validation to ensure userName uniqueness.

Features

Ticket #924: Add link component in the form builder

Added a link component to the form builder.

v6.0.5

Issues Fixed

Ticket #916: NullReferenceException in PasswordAuthenticationService when credential is null

Returns an error message when the user has no credential.

Ticket #920: Fix the idserverui .NET template

Ticket #914: PatchRequest for complex properties returns an incorrect response structure

When an update operation is executed with IsFullRepresentationReturned set to false, the returned representation will be incomplete.
To receive the full representation after an update, set IsFullRepresentationReturned to true.

Ticket #917: [SCIM] GET request returns 500 for non-existing resource with query filter

Now returns HTTP 404 when the excludedAttributes query parameter is provided and the resource does not exist.

Ticket #913: Ability to update the middle name

v6.0.4

Issues Fixed

#898 – Fixed an error in the template.

#893 – Resolved an issue where the Admin website could not add a profile mapper.

#909 – [SCIM] Fixed a "Size must be between 0 and 16793600 (16MB)" error when retrieving groups.

#912 – [SCIM] Fixed a parser issue where grouping with parentheses was ignored.

#896 – Fixed an issue where the password reset flow lost the returnUrl parameter, causing navigation problems.

#906 – Fixed a build failure when running ./psake dockerBuild on Ubuntu 22.04.

#907 – Fixed a build failure for the dotnet new scim template due to the missing SimpleIdServer.Scim.ApiKeyAuth package.

#910 – [SCIM] Fixed an issue where username uniqueness was incorrectly enforced across realms.

#913 – Added the middle_name field to the Users table.

v6.0.3

Features

Ticket #889: CAPTCHA Support

Add support for a CAPTCHA component in the form builder and update the documentation accordingly.

Ticket #891: Grid Component

Add support for a Grid component in the form builder and update the documentation.

Ticket #881: Support for Temporary Users

When a temporary user logs in for the first time, they are redirected to a screen to reset their password.

Ticket #897: Configurable Password Requirements

In the pwd authentication options, it is now possible to define password policies, such as:

• Require non-alphanumeric characters
• Require lowercase letters
• Require uppercase letters

etc.

Bugs

Ticket #890: Cannot Switch Language

When an error occurs during the authentication process, it is still possible to change the language.

Ticket #901: Update SCIM Documentation

Update the documentation to explain how to create a database and publish data from a SCIM server.

Ticket #896: Losing returnUrl Parameter

When resetting the password, the returnUrl parameter is lost from the query string.

Ticket #893: Cannot Add Profile Mapper

Some popup screens are empty when trying to add a profile mapper.

Ticket #884: Cannot Save CSS

In the form builder, it was not possible to save the CSS.

Ticket #883: Request Header Too Large

Avoid storing all claims in the authentication cookie. Store only the minimal required information.

v6.0.2

Release 6.0.2

Ticket #878 & Ticket #874

A client can now have one or more secrets. Different algorithms can be used to hash the client secret.

Ticket #880

The type of client (SPA, Website, etc.) can now be updated.

Ticket #851

A library has been created to migrate data from OpenIddict storage to SimpleIdServer.
Documentation : https://simpleidserver.com/docs/idserver/migrations/openiddict

Ticket #868

A library has been created to migrate data from Duende storage to SimpleIdServer.
Documentation : https://simpleidserver.com/docs/idserver/migrations/duende

Ticket #876

The PARExpirationTimeInSeconds property has been moved from the Identity Server options to the client configuration.

Ticket #875

The DeviceCodeExpirationTimeInSeconds property has been moved from the Identity Server options to the client configuration.

Ticket #873

The authorization code lifetime property has been moved from the Identity Server options to the client configuration.

Ticket #866

OpenTelemetry is now supported, and the documentation has been updated accordingly.
Documentation : https://simpleidserver.com/docs/idserver/logging/telemetry

Ticket #811

The redirect URL of the administration website can now be specified in the Identity Server's configuration file.
This change is particularly useful for running the solution in Kubernetes without requiring code changes.

Ticket #859

By default, the authentication cookie can be read by an iframe. This behavior can be disabled by calling the DisableSharingAuthCookie function, available in the fluent API.

Ticket #871

If no workflow is assigned to a registration method, it is now possible to create a new one directly from the administration website.

Ticket #872

Support has been added for different methods to hash user passwords.

Ticket #877

The properties MaxRequestParameterLifetimeSeconds, MaxBindingMessageSize, and DpopLifetimeSeconds have been moved from the Identity Server options to the client configuration.

v6.0.1

The migration process from version 5.0.4 to 6.0.0 is managed through migration scripts.
If you encounter any issues during the migration, please report them by creating a bug ticket.

Features

Ticket #795: Added support for advanced search in the administration website.

Ticket #827: Introduced the concept of FormBuilder and workflows. It is now possible to customize authentication and registration windows, as well as the workflow used for user authentication and registration.

Ticket #830: Added configuration options for the lifecycle of Hangfire jobs.

Ticket #852: Introduced a minimal API. A lightweight version of the SCIM/Identity server can now be set up with just 5 lines of code.

Ticket #858: Documentation updates.

Bug Fixes

Ticket #855: Resolved various issues in the administration website.

Ticket #861: SCIM – Updates to entitlement representations were not being reflected in user representations.

Ticket #863: Ignored the oth parameter present in the JWKS endpoint, which caused compatibility issues with the NextAuth.js library.

v5.0.4-rc1

Bugs

Ticket #849

Fixed various operations in the SCIM server related to group manipulation.

Ticket #850

Resolved an issue where self-referencing groups (e.g., when Group A is a member of itself) caused a timeout.

Ticket #855

Fix the following issues :

• Updated the workflow for removing a realm—now correctly redirects the user-agent to the appropriate URL.
• Users can now manage their sessions via the following URL: https://localhost:5001/Sessions.
• Standardized the session management URL for user sessions.
• Fixed the link in the error message displayed when the number of active sessions exceeds the allowed limit.

Ticket #853

• Fixed the SimpleIdServer.CredentialIssuer.Startup template by adding the missing PublicDid property in appsettings.json.
• Added a logout feature to the SimpleIdServer.CredentialIssuer.Startup project.

v5.0.3

Bugs

Ticket #822

The version attribute in the SCIM metadata response does not comply with the RFC. According to the RFC, the ETag attribute must be a string, not an integer.

Ticket 839

Update System.Text.Json to version 8.0.5. The previous version used by SimpleIdServer has two high-severity vulnerabilities.

Ticket 837

Group hierarchies and deletion are not functioning correctly.
Direct and indirect references from the removed representation are now deleted

Ticket 836

When the realm is enabled in SCIM, filtering on representations did not work correctly.

Ticket 835

When using the angular-oauth2-oidc library, the silent refresh is not working properly.
Reason : The expiration time of a cookie is equal to the expiration time of a token. As a result, when the identity/access token expires, the user session also expires, preventing the authorization endpoint from being used to obtain a new access token.

Solution : Now, the Client has two properties:

• UserCookieExpirationTimeInSeconds: Defines the expiration time of a cookie in seconds.
• TokenExpirationTimeInSeconds : Defines the expiration time of an access token in seconds.

Ticket 829

Updating or deleting a resource as part of a bulk request throws an exception.

Ticket 828

Duplicate claims in the UserClaims table when adding via Postman or the UI.

Ticket 824

Missing SCIM endpoint /Schemas/{id}

Ticket 825

Incorrect location for SCIM resource creation with realm enabled

Ticket 826

Include the realm in all integration events used by the SCIM server.

Ticket 814

The following required configuration was missing from the SimpleIdServer template:

"UserLockingOptions": {  
  "LockTimeInSeconds": "300",  
  "MaxLoginAttempts": "5"  
} 

Ticket 829

Cannot pass null value in SCIM request.

Ticket 821

When a user authenticates with their email, the cookie format was incorrect and appeared as:
.AspNetCore.Cookies.-.

As a result, authentication with an email was invalid because certain characters, such as '@', are not supported. For example:
[email protected] was not a valid format.

The new format now follows this structure:
.AspNetCore.Cookies.-.

Ticket 794

Fix various problems present in the administration website.

Ticket 809

Add the following configuration to the appsettings.json file of the identity server to forward the client certificate to the server

"IsClientCertificateForwarded" : "true"

Ticket 843

Fix the Swagger endpoint of the SCIM server.

Features

Ticket 818

Implement the SAML2.0 logout url.

Ticket 796

When the user is authenticated and the realm is enabled in the Identity Server, display the list of active realms on the home page of the Identity Server.
This new view is accessible via the following URL https://localhost:5001.

Ticket 807

Limit the number of active sessions a user can have. The maximum number of sessions is defined by the MaxNbActiveSessions property of IdServerHostOptions.
An authenticated user can view their active sessions via this URL: https://localhost:5001/master/Sessions.

Ticket 797

Azure Blob Storage can be used by a SCIM server to store very large messages.
Add the following configuration to the appsettings.json file:

"MassTransitStorageConfiguration": {
  "IsEnabled": true,
  "Type": "AZURESTORAGE",
  "ConnectionString": "https://{accountName}.blob.core.windows.net"
}

Ticket 802

Add a build.sh script to build the entire solution.

v5.0.2

Features

• Ticket 777 : EBSI - holder wallet - request and present verifiable credentials
• Ticket 780 : Pass EBSI wallet conformance test
• Ticket 781 : Support FastFed
• Ticket 782 : Refactor the settings view of the mobile application.

Bug Fixing

• Ticket 791 : PostgreSQL issue in migrations.

v5.0.1

Features

• Ticket #765: Add permissions to the administration website.
• Ticket #771: Support OPENID federation.
• Ticket #775: Create a fake wallet to request "CTIssueQualificationCredential".
• Ticket #768: Ensure compliance with the ESBI - Issuer - Credential Issuance.
• Ticket #759: Ensure compliance with the ESBI - Issuance - In-Time credential.
• Ticket #758: Block the user account after multiple login attempts.
• Ticket #776: SCIM - Return a list of PATCH operations in the integration event.

Bug Fixing

• Ticket #760: Fix various bugs in the administration website.