Skip to main content
Version: 2.3.x.x RR

Release notes

nevisFIDO 2.3.0.8 - 17.05.2023

Breaking changes

  • REMOVED: We removed the vmargs legacy command in administrative cli. Use the nevisfido <instance> config env to configure the JAVA_OPTS. (NEVISAUTH-3134)
  • UPGRADED: We upgraded the mariadb-java-client third-party dependency to version 3.1.2. In case you used configuration parameters in the JDBC url check the removed options here. Other notable difference is that the driver no longer sets certain properties including the autocommit, check your database configuration and add the ?autocommit=true to your connection url if needed. The new driver also allows better logging options, see here. This release note was missing from the 2022 August release. (NEVISFIDO-1769)
  • CHANGED: We greatly simplified the username mapping in nevisFIDO to avoid integration pitfalls and potential use-case errors. The credential-repository.username-mapper configuration block is now replaced by a single property user-attribute.

Changes and new features

  • FIXED: The nevisfido-server CLI not properly parsing multiple options specified in the JAVA_OPTS. (NEVISFIDO-1786)
  • FIXED: Dispatch token issue with push dispatching in the OutOfBandFidoUafAuthState where the dispatcher property was set as auth state property but the dispatchTargetId was not provided. (NEVISFIDO-1855)
  • UPGRADED: We updated the Checker Framework third-party dependency to version 3.32.0. (NEVISFIDO-1833)
  • UPGRADED: We updated the Jackson third-party dependency to version 2.15.0. (NEVISFIDO-1761)
  • UPGRADED: We updated the Google-api-client third-party dependency to version 2.2.0. (NEVISFIDO-1833)
  • UPGRADED: We updated the Google-auth-library-oauth2-http third-party dependency to version 1.16.1. (NEVISFIDO-1833)
  • UPGRADED: MariaDB jdbc driver third party dependency is updated to version 3.1.3. (NEVISFIDO-1833)
  • UPGRADED: We updated the Nimbus-jose-jwt third-party dependency to version 9.31. (NEVISFIDO-1833)
  • UPGRADED: We upgraded Snakeyaml third-party dependencies to version 2.0. (NEVISFIDO-1761)
  • UPGRADED: We upgraded Spring Boot third-party dependencies to version 2.7.11. (NEVISFIDO-1844)
  • UPGRADED: We upgraded Spring third-party dependencies to version 5.3.27. (NEVISFIDO-1833)
  • UPGRADED: We updated the Webauthn4j third-party dependency to version 0.21.1.RELEASE. (NEVISFIDO-1833)
  • UPGRADED: We updated the Woodstox-core third-party dependency to version 6.5.1. (NEVISFIDO-1844)
  • NEW: The Fido2AuthState now supports usernameless authentication. Note, that this is not yet supported in the Admin4 patterns. (NEVISFIDO-1789)

nevisFIDO 2.2.1.0 - 17.05.2023

  • FIXED: Dispatch token issue with push dispatching in the OutOfBandFidoUafAuthState where the dispatcher property was set as auth state property but the dispatchTargetId was not provided. (NEVISFIDO-1855)

nevisFIDO 2.2.0.8 - 15.02.2023

Breaking changes

  • CHANGED: The nevisFIDO AuthStates delivered in the nevisfidocl package use the HttpClient introduced in nevisAuth. This means that the configuration of the key material for the AuthStates has changed.
    • Instead of trustStoreRef use httpclient.tls.trustStoreRef.
    • Instead of keyStoreRef and keyObjectRef use httpclient.tls.keyObjectRef. If the previous keyObjectRef was unique, you can drop the value in keyStoreRef. Otherwise, use the value in the new property like the following: value of keyStoreRef / value of keyObjectRef

Changes and new features

  • NEW: The OutOfBandFidoUafAuthState now supports the Usernameless Authentication scenario. We recommend configuration of this use case using nevisAdmin4 patterns. (NEVISFIDO-1765)
  • FIXED: The session reaper does not fail with an ERROR_REAPING_SESSIONS_FROM_SQL_STORAGE error when FIDO2 is not configured. (NEVISFIDO-1748)
  • UPGRADED: We upgraded Apache HttpClient third-party dependencies to version 5.2.1. (NEVISFIDO-1735)
  • UPGRADED: We upgraded jcan-sectoken to not use jcan-commons. jcan-commons is no longer shipped. (NEVISAUTH-3861)
  • UPGRADED: We upgraded Spring Boot third-party dependencies to version 2.7.7. (NEVISFIDO-1734)
  • UPGRADED: We updated the Checker Framework third-party dependency to version 3.29.0. (NEVISFIDO-1734)
  • UPGRADED: We updated the Jackson third-party dependency to version 2.14.1. (NEVISFIDO-1734)
  • UPGRADED: We updated the Google-autovalue third-party dependency to version 1.10.1. (NEVISFIDO-1734)
  • UPGRADED: We updated the Google-api-client third-party dependency to version 2.1.3. (NEVISFIDO-1734)
  • UPGRADED: We updated the Google-auth-library-oauth2-http third-party dependency to version 1.14.0. (NEVISFIDO-1734)
  • UPGRADED: We updated the Nimbus-jose-jwt third-party dependency to version 9.29. (NEVISFIDO-1734)
  • UPGRADED: We updated the SnakeYaml third-party dependency to version 1.33. (NEVISFIDO-1734)
  • UPGRADED: We updated the Webauthn4j third-party dependency to version 0.20.7.RELEASE. (NEVISFIDO-1734)
  • UPGRADED: We updated the Woodstox-core third-party dependency to version 6.5.0. (NEVISFIDO-1758)
  • UPGRADED: We updated the ZXing third-party dependency to version 3.5.1. (NEVISFIDO-1734)
  • REMOVED: We removed the internal dependency to nevis-i18n. (NEVISFIDO-1722)

nevisFIDO 2.1.1.2 - 24.11.2022

Changes and new features

  • FIXED: The nevisIDM user lookup was broken when using FIDO UAF only in the configuration. The use-case connects to nevisIDM using the soap interface where the detail level was incorrectly set to exclude. The detail level is now reset to low to fix the issue. (NEVISFIDO-1742)

nevisFIDO 2.1.0.3 - 16.11.2022

Changes and new features

  • UPGRADED: We upgraded Spring Boot third-party dependencies to version 2.7.3. (NEVISFIDO-1707)
  • UPGRADED: We updated the Checker Framework third-party dependency to version 3.25.0. (NEVISFIDO-1707)
  • UPGRADED: We updated the Jackson third party dependency to version 2.13.4. (NEVISFIDO-1707)
  • UPGRADED: We updated the Google-api-client third-party dependency to version 2.0.0. (NEVISFIDO-1687)
  • UPGRADED: We updated the Google-auth-library-oauth2-http third-party dependency to version 1.11.0. (NEVISFIDO-1707)
  • UPGRADED: We updated the Nimbus-jose-jwt third-party dependency to version 9.25. (NEVISFIDO-1707)
  • UPGRADED: We updated the Webauthn4j third-party dependency to version 0.20.3.RELEASE. (NEVISFIDO-1707)
  • UPGRADED: We updated the SnakeYaml third party dependency to version 1.32. (NEVISFIDO-1707)
  • FIXED: The client-id of the credential-repository is now parsed as a string, instead of as an integer. (NEVISFIDO-1715)
  • FIXED: We decreased the detail level of the username lookup query to nevisIDM using username-mapper. The fix affects UAF only, and provides performance increase on nevisIDM side. (NEVISFIDO-1665)
  • FIXED: Double query of nevisIDM credentials in case of UAF authentication is now reduced by request-scoped caching. (NEVISFIDO-1673)
  • FIXED: The expected position of extId inside username-mapper in the configuration is now validated at startup time. (NEVISFIDO-1701)
  • FIXED: From now on, REST query to nevisIDM is not sent to look up the extId if an empty or missing username is received from the client in the JSON request. (NEVISFIDO-1701)

nevisFIDO 2.0.1.6 - 17.08.2022

Changes and new features

Breaking changes

  • NEW: FIDO2 is now supported by the component. For more information, see Nevis FIDO2 / WebAuthn Concept and Integration Guide.
  • NEW: FIDO2 uses the nevisIDM REST API, configure the rest-url property for the credential-repository.
    • FIDO UAF still uses the SOAP endpoint, which requires administration-url to be configured.
  • CHANGED: Configuring FIDO2 and FIDO UAF leads to the following changes in the nevisFIDO instance configuration YAML file:
    • Both the fido2 and fido-uaf blocks have a Boolean property enabled.
      • For backwards compatibility, the change for fido-uaf is not mandatory, and if the enabled property is missing, then the deciding factor is whether the fido-uaf configuration block is present.
    • The top-level configuration block authorization is now present under the fido-uaf and fido2 blocks.
    • The top-level configuration block dispatchers is now present under the fido-uaf block.
    • Instead of deprecated the top-level configuration block dispatch-target-repository, use credential-repository instead.
  • UPGRADED: We upgraded the mariadb-java-client third-party dependency to version 3.1.2. In case you used configuration parameters in the JDBC url check the removed options here. Other notable difference is that the driver no longer sets certain properties including the autocommit check your database configuration and add the ?autocommit=true to your connection url if needed. The new driver also allows better logging options, see here. (NEVISFIDO-1769)

General

  • UPGRADED: Jackson third party dependencies are upgraded to version 2.13.3. (NEVISFIDO-1623
  • UPGRADED: Jetty third party dependencies are upgraded to version 9.4.48.v20220622 (NEVISFIDO-1657)
  • UPGRADED: Google-api-client third party dependency is updated to version 1.35.2. (NEVISFIDO-1623)
  • UPGRADED: Checker framework third party dependency is updated to version 3.22.2. (NEVISFIDO-1623)
  • UPGRADED: Nimbus third party dependency is updated to version 9.23. (NEVISFIDO-1623)
  • UPGRADED: Google-auth-library-oauth2-http third party dependency is updated to version 1.8.0. (NEVISFIDO-1623)
  • UPGRADED: Zxing third party dependency is updated to version 3.5.0. (NEVISFIDO-1623)
  • FIXED: The facet configuration property is now not incorrectly logged as unknown. (NEVISFIDO-1631)
  • FIXED: The admin CLI now correctly lists instances located in a symlink directory. (NEVISFIDO-1635)
  • FIXED: Component version in jar manifest files and logs. (NEVISFIDO-1662)

nevisFIDO 1.18.0.4 - 18.05.2022

Breaking changes

  • DEPRECATED: The configuration property dispatch-target-repository is no longer parsed by the server. The configuration of credential-repository is used as the configuration of the dispatch target repository instead. (NEVISFIDO-1444)

We removed the dispatch-target-repository entry because separate configurations for the dispatch and credential repositories provides no added value. You can safely remove the dispatch-target-repositoryentry in the configuration YAML file completely, then the credential-repository configuration block is used. If you keep the dispatch-target-repository,the configuration is ignored and a warning is logged.

  • CHANGED: To address a potential performance bottleneck, we removed the dynamic reloading of the policy JSON configuration file. As a result, a nevisFIDO instance requires restart after changing the policy file. This is classified as a breaking change compared to previous behavior. The feature was not actively used, as nevisAdmin 4 and Kubernetes-based deployments restart the component after a configuration change. (NEVISFIDO-1591)

General

  • FIXED: nvluser, nvbuser, and members of the nevisadmin group could not use the nevisAuth Admin CLI commands. The issue is now fixed. (NEVISFIDO-1577)
  • UPGRADED: Spring-boot third party dependency is updated to version 2.6.7. (NEVISAUTH-3612)
  • UPGRADED: Google-api-client third party dependency is updated to version 1.34.0. (NEVISFIDO-1555)
  • UPGRADED: Guava third party dependency is updated to version 31.1-jre. (NEVISFIDO-1567)
  • UPGRADED: Jackson third party dependencies to version 2.13.2. and jackson-dababind to 2.13.2.2. (NEVISFIDO-1567)
  • UPGRADED: Auto-value third party dependency is updated to version 1.9. (NEVISFIDO-1567).
  • UPGRADED: Checker framework third party dependency is updated to version 3.21.4. (NEVISFIDO-1567)
  • UPGRADED: Reactive streams third party dependency is updated to version 1.0.3. (NEVISFIDO-1567)
  • UPGRADED: Rx java third party dependency is updated to version 2.2.21. (NEVISFIDO-1567)
  • UPGRADED: Nimbus third party dependency is updated to version 9.22. (NEVISFIDO-1567)
  • UPGRADED: Apache http client third party dependency is updated to version 4.5.13. (NEVISFIDO-1567)
  • UPGRADED: Bouncy castle third party dependency is updated to version 1.70. (NEVISFIDO-1567)
  • UPGRADED: MariaDB jdbc driver third party dependency is updated to version 2.7.5. (NEVISFIDO-1567)
  • UPGRADED: Google-auth-library-oauth2-http third party dependency is updated to version 1.6.0. (NEVISFIDO-1567)
  • UPGRADED: Zxing third party dependency is updated to version 3.4.1. (NEVISFIDO-1567)

nevisFIDO 1.17.0.1 - 16.02.2022

Changes and new features

  • CHANGED: The iOS push notification sent via Firebase explicitly requests the default sound to be played. This fixes an issue where no sound is played on iPhones upon receiving the authentication push message. (NEVISFIDO-1528)

nevisFIDO 1.16.0.8 - 17.11.2021

Changes and new features

  • NEW: The default metadata and policy of nevisFIDO now contains the new Android Nevis Access App biometric authenticator, identified with AAID F1D0#0003.

nevisFIDO 1.15.0.3 - 18.08.2021

Changes and new features

  • NEW: As of this release, jcan.Op logging is available in nevisFIDO. You can use the transaction ID (tID) to correlate log lines between nevisProxy, nevisIDM and nevisFIDO. To enable the jcan.Op logging, add the following snippet to the file /var/opt/nevisfido/<instance>/conf/logback.xml:
    <logger name="jcan.Op" level="INFO" additivity="false">
        <appender-ref ref="STDOUT" />
        <appender-ref ref="FILE" />
    </logger>

The next code snippet shows an example output:

2021-06-07 10:39:17,362 10170 [qtp1638631856-21] INFO  jcan.Op 2 <<<<< rtCtx=defaultPackage/v1.0/defaultServerInstance, pCtx=7f000001/2995/6e4599c0, obj=ch.nevis.jca
n.optrace.web.RequestContextFilter, mth=GET /nevisfido/uaf/1.1/facets, tID=01000000-11aaf5-7f0100-179e5a047fb-00000094, pri=<anonymous>, sC=OK, dT=46ms, usedMem=276562808, freeMem=27
0269576, cR=0, httpSC=200, clID
  • CHANGE: From now on, the nevisFIDO API responds with the HTTP error code 405 Method not allowed in the case unsupported HTTP methods such as TRACE, HEAD and OPTIONS are used.
  • FIXED: The link dispatcher of nevisFIDO did not properly handle Custom URL Scheme with x-callback-url query parameters in the generated links, such as x-success, x-error and x-cancel. This bug is now fixed.
  • DEPRECATED: The Admin CLI command syntax is deprecated. The syntax will be standardized to match nevisAuth & nevisLogrend both in syntax and functionality with the November Rolling Release. For more information, see Admin CLI and RPM Installation Changes in 11.2021 RR Release]" on the NEVISDOC homepage. Note that the linked documentation does not mention the different syntax of nevisFIDO and its limited functionality.

nevisFIDO 1.14.0.1 - 05.05.2021

Changes and new features

  • NEW: There is a new configuration attribute: fido-uaf.transaction-confirmation.max-text-length. The default value is "200" (characters), as defined in the FIDO specification. "200" is also the minimum value. The maximum value is "2000".

This new feature allows longer transaction confirmation messages than defined in the FIDO specification ("200"), because in some cases 200 characters may not be enough.

However, note that a maximum text length above "200" is beyond the FIDO specifications, which could lead to incompatibility with other systems. So before you set any other value than the default one, we recommend checking the documentation of the other components in the setup for compatibility.

  • FIXED: When a user wanted to modify an existing dispatch target, and included the current name of this dispatch target in the modify dispatch target request, the system incorrectly returned an HTTP 422 error response. This bug has now been fixed.

nevisFIDO 1.13.0.1 - 08.02.2021

This is a technical release only.

Changes and new features

There are no changes or new features.

Last updated on