Skip to main content
Version: 2.1

Release notes

nevisFIDO 2.1.1.2 - 24.11.2022

Changes and new features

  • FIXED: The nevisIDM user lookup was broken when using FIDO UAF only in the configuration. The use-case connects to nevisIDM using the soap interface where the detail level was incorrectly set to exclude. The detail level is now reset to low to fix the issue. (NEVISFIDO-1742)

nevisFIDO 2.1.0.3 - 16.11.2022

Changes and new features

  • UPGRADED: We upgraded Spring Boot third-party dependencies to version 2.7.3. (NEVISFIDO-1707)
  • UPGRADED: We updated the Checker Framework third-party dependency to version 3.25.0. (NEVISFIDO-1707)
  • UPGRADED: We updated the Jackson third party dependency to version 2.13.4. (NEVISFIDO-1707)
  • UPGRADED: We updated the Google-api-client third-party dependency to version 2.0.0. (NEVISFIDO-1687)
  • UPGRADED: We updated the Google-auth-library-oauth2-http third-party dependency to version 1.11.0. (NEVISFIDO-1707)
  • UPGRADED: We updated the Nimbus-jose-jwt third-party dependency to version 9.25. (NEVISFIDO-1707)
  • UPGRADED: We updated the Webauthn4j third-party dependency to version 0.20.3.RELEASE. (NEVISFIDO-1707)
  • UPGRADED: We updated the SnakeYaml third party dependency to version 1.32. (NEVISFIDO-1707)
  • FIXED: The client-id of the credential-repository is now parsed as a string, instead of as an integer. (NEVISFIDO-1715)
  • FIXED: We decreased the detail level of the username lookup query to nevisIDM using username-mapper. The fix affects UAF only, and provides performance increase on nevisIDM side. (NEVISFIDO-1665)
  • FIXED: Double query of nevisIDM credentials in case of UAF authentication is now reduced by request-scoped caching. (NEVISFIDO-1673)
  • FIXED: The expected position of extId inside username-mapper in the configuration is now validated at startup time. (NEVISFIDO-1701)
  • FIXED: From now on, REST query to nevisIDM is not sent to look up the extId if an empty or missing username is received from the client in the JSON request. (NEVISFIDO-1701)

nevisFIDO 2.0.1.6 - 17.08.2022

Changes and new features

Breaking changes

  • NEW: FIDO2 is now supported by the component. For more information, see Nevis FIDO2 / WebAuthn Concept and Integration Guide.
  • NEW: FIDO2 uses the nevisIDM REST API, configure the rest-url property for the credential-repository.
    • FIDO UAF still uses the SOAP endpoint, which requires administration-url to be configured.
  • CHANGED: Configuring FIDO2 and FIDO UAF leads to the following changes in the nevisFIDO instance configuration YAML file:
    • Both the fido2 and fido-uaf blocks have a Boolean property enabled.
      • For backwards compatibility, the change for fido-uaf is not mandatory, and if the enabled property is missing, then the deciding factor is whether the fido-uaf configuration block is present.
    • The top-level configuration block authorization is now present under the fido-uaf and fido2 blocks.
    • The top-level configuration block dispatchers is now present under the fido-uaf block.
    • Instead of deprecated the top-level configuration block dispatch-target-repository, use credential-repository instead.

General

  • UPGRADED: Jackson third party dependencies are upgraded to version 2.13.3. (NEVISFIDO-1623
  • UPGRADED: Jetty third party dependencies are upgraded to version 9.4.48.v20220622 (NEVISFIDO-1657)
  • UPGRADED: Google-api-client third party dependency is updated to version 1.35.2. (NEVISFIDO-1623)
  • UPGRADED: Checker framework third party dependency is updated to version 3.22.2. (NEVISFIDO-1623)
  • UPGRADED: Nimbus third party dependency is updated to version 9.23. (NEVISFIDO-1623)
  • UPGRADED: Google-auth-library-oauth2-http third party dependency is updated to version 1.8.0. (NEVISFIDO-1623)
  • UPGRADED: Zxing third party dependency is updated to version 3.5.0. (NEVISFIDO-1623)
  • FIXED: The facet configuration property is now not incorrectly logged as unknown. (NEVISFIDO-1631)
  • FIXED: The admin CLI now correctly lists instances located in a symlink directory. (NEVISFIDO-1635)
  • FIXED: Component version in jar manifest files and logs. (NEVISFIDO-1662)

nevisFIDO 1.18.0.4 - 18.05.2022

Changes and new features

Breaking changes

  • DEPRECATED: The configuration property dispatch-target-repository is no longer parsed by the server. The configuration of credential-repository is used as the configuration of the dispatch target repository instead. (NEVISFIDO-1444)

We removed the dispatch-target-repository entry because separate configurations for the dispatch and credential repositories provides no added value. You can safely remove the dispatch-target-repositoryentry in the configuration YAML file completely, then the credential-repository configuration block is used. If you keep the dispatch-target-repository,the configuration is ignored and a warning is logged.

  • CHANGED: To address a potential performance bottleneck, we removed the dynamic reloading of the policy JSON configuration file. As a result, a nevisFIDO instance requires restart after changing the policy file. This is classified as a breaking change compared to previous behavior. The feature was not actively used, as nevisAdmin 4 and Kubernetes-based deployments restart the component after a configuration change. (NEVISFIDO-1591)

General

  • FIXED: nvluser, nvbuser, and members of the nevisadmin group could not use the nevisAuth Admin CLI commands. The issue is now fixed. (NEVISFIDO-1577)
  • UPGRADED: Spring-boot third party dependency is updated to version 2.6.7. (NEVISAUTH-3612)
  • UPGRADED: Google-api-client third party dependency is updated to version 1.34.0. (NEVISFIDO-1555)
  • UPGRADED: Guava third party dependency is updated to version 31.1-jre. (NEVISFIDO-1567)
  • UPGRADED: Jackson third party dependencies to version 2.13.2. and jackson-dababind to 2.13.2.2. (NEVISFIDO-1567)
  • UPGRADED: Auto-value third party dependency is updated to version 1.9. (NEVISFIDO-1567).
  • UPGRADED: Checker framework third party dependency is updated to version 3.21.4. (NEVISFIDO-1567)
  • UPGRADED: Reactive streams third party dependency is updated to version 1.0.3. (NEVISFIDO-1567)
  • UPGRADED: Rx java third party dependency is updated to version 2.2.21. (NEVISFIDO-1567)
  • UPGRADED: Nimbus third party dependency is updated to version 9.22. (NEVISFIDO-1567)
  • UPGRADED: Apache http client third party dependency is updated to version 4.5.13. (NEVISFIDO-1567)
  • UPGRADED: Bouncy castle third party dependency is updated to version 1.70. (NEVISFIDO-1567)
  • UPGRADED: MariaDB jdbc driver third party dependency is updated to version 2.7.5. (NEVISFIDO-1567)
  • UPGRADED: Google-auth-library-oauth2-http third party dependency is updated to version 1.6.0. (NEVISFIDO-1567)
  • UPGRADED: Zxing third party dependency is updated to version 3.4.1. (NEVISFIDO-1567)

nevisFIDO 1.17.0.1 - 16.02.2022

Changes and new features

  • CHANGED: The iOS push notification sent via Firebase explicitly requests the default sound to be played. This fixes an issue where no sound is played on iPhones upon receiving the authentication push message. (NEVISFIDO-1528)

nevisFIDO 1.16.0.8 - 17.11.2021

Changes and new features

  • NEW: The default metadata and policy of nevisFIDO now contains the new Android Nevis Access App biometric authenticator, identified with AAID F1D0#0003.

nevisFIDO 1.15.0.3 - 18.08.2021

Changes and new features

  • NEW: As of this release, jcan.Op logging is available in nevisFIDO. You can use the transaction ID (tID) to correlate log lines between nevisProxy, nevisIDM and nevisFIDO. To enable the jcan.Op logging, add the following snippet to the file /var/opt/nevisfido/<instance>/conf/logback.xml:
    <logger name="jcan.Op" level="INFO" additivity="false">
<appender-ref ref="STDOUT" />
<appender-ref ref="FILE" />
</logger>

The next code snippet shows an example output:

2021-06-07 10:39:17,362 10170 [qtp1638631856-21] INFO  jcan.Op 2 <<<<< rtCtx=defaultPackage/v1.0/defaultServerInstance, pCtx=7f000001/2995/6e4599c0, obj=ch.nevis.jca
n.optrace.web.RequestContextFilter, mth=GET /nevisfido/uaf/1.1/facets, tID=01000000-11aaf5-7f0100-179e5a047fb-00000094, pri=<anonymous>, sC=OK, dT=46ms, usedMem=276562808, freeMem=27
0269576, cR=0, httpSC=200, clID
  • CHANGE: From now on, the nevisFIDO API responds with the HTTP error code 405 Method not allowed in the case unsupported HTTP methods such as TRACE, HEAD and OPTIONS are used.
  • FIXED: The link dispatcher of nevisFIDO did not properly handle Custom URL Scheme with x-callback-url query parameters in the generated links, such as x-success, x-error and x-cancel. This bug is now fixed.
  • DEPRECATED: The Admin CLI command syntax is deprecated. The syntax will be standardized to match nevisAuth & nevisLogrend both in syntax and functionality with the November Rolling Release. For more information, see Admin CLI and RPM Installation Changes in 11.2021 RR Release]" on the NEVISDOC homepage. Note that the linked documentation does not mention the different syntax of nevisFIDO and its limited functionality.

nevisFIDO 1.14.0.1 - 05.05.2021

Changes and new features

  • NEW: There is a new configuration attribute: fido-uaf.transaction-confirmation.max-text-length. The default value is "200" (characters), as defined in the FIDO specification. "200" is also the minimum value. The maximum value is "2000".

This new feature allows longer transaction confirmation messages than defined in the FIDO specification ("200"), because in some cases 200 characters may not be enough.

However, note that a maximum text length above "200" is beyond the FIDO specifications, which could lead to incompatibility with other systems. So before you set any other value than the default one, we recommend checking the documentation of the other components in the setup for compatibility.

  • FIXED: When a user wanted to modify an existing dispatch target, and included the current name of this dispatch target in the modify dispatch target request, the system incorrectly returned an HTTP 422 error response. This bug has now been fixed.

nevisFIDO 1.13.0.1 - 08.02.2021

This is a technical release only.

Changes and new features

There are no changes or new features.