Release Notes

Release 2019.8.13.0

Notable Improvements

  • RapidIdentity UI has been redesigned from a Flash-based interface to a fully-featured HTML5-based interface including multiple new features

Known Issues

  • Editing of Sponsored accounts fails when editing the account for a second time within the same Portal session. To work around this issue, simply refresh the browser page and make the required edits again, then click Save

Key Fixes

  • Qualified users can now Proxy As another user in the new RapidIdentity UI to perform actions on their behalf

  • The correct date is now shown for the People module's date-based attributes

  • LDAP filters for users now migrate correctly from the old UI to the new UI

  • RapidIdentity is now compatible with MySQL 5.5

  • MS SQL schema update no longer fails when upgrading to Rolling Release 2019.

  • RapidIdentity startup no longer immediately fails if the database is unavailable

  • RapidIdentity can now import .pfx files into an SSL profile

  • The user-defined challenge policy description is now visible in the new UI

  • Aria-labels now show up on the IdP Login screen

  • Sponsored accounts can now be successfully expired through RapidIdentity Portal

  • Licenses are now displayed as subscription or perpetual, and the License expiration date or Support expiration date is shown. New licenses can now be easily installed, even when an expired or expiring license is still present

  • Syncing after changes in Roles and People is now more intuitive in the new UI

  • GAL item date format now displays correctly

  • Entitlements now only show if the user has the permissions to request them

  • Appliance upgrades no longer fail due to outdated yum packages

  • Certain Alternate Actions no longer require JSON data to be returned

  • Sponsorship account names may now contain commas, ampersands, and/or spaces

  • Exchange/O365 Agent now handles a new class of errors more gracefully

  • Stuck or aborted Connect jobs can now be removed without bringing down the entire cluster or modifying the database manually

HorzRule3-black.png
  • RapidIdentity now has an option to store modular authentication states in its database

  • Campaign-based entitlements now display for recertification when they fall within their set expiration window in the new UI

  • All administrative roles now have access to /api/rest/admin/gal/items

  • RapidIdentity Connect Projects, Systems, Action Sets (Basic & Advanced), RESTPoints, Email Templates, and OAuth functionalities have been redesigned. The Basic Action Set is net new and workflow graphs have been leveraged

  • The RapidIdentity Configuration module has been redesigned and styles have been standardized

  • RapidIdentity now displays an object's GUID for Admin users in multiple locations

  • Re-assigning a Service Provider configuration now takes effect immediately

  • User-defined action sets in Community adapters can get hidden or unhidden as a result of installing, uninstalling, enabling, or disabling an adapter

  • Community adapters can now be imported, exported, and block installed as common libraries

  • Users can now rotate out an expiring certificate and easily replace it with a new one. An alert now displays to notify the Admin that the certificate is expiring soon

  • RapidIdentity now has System Role net.idauto.role.arms.groupmgmt.viewer that gives users read-only access to all Roles module roles

  • Tenant admins can now import adapters from the RapidIdentity Community

  • Connect users can now manage (this includes enable, disable, and delete) adapters that have been imported from the Community

  • IDaaS Tenant instances now default to Dashboard as landing module on Create

  • Workflow Task Detail Logs now show the execution of each step in the workflow

  • When configuring Attribute Mappings, clicking Save now preserves the active Replying Party choice instead of defaulting to the first in the list

  • Changes to Sponsored Accounts can now be successfully saved

  • The "Other Roles" category in the Roles module now displays a Show All option

  • Action Sets can be imported from the Community in the new RapidIdentity UI

  • Workflows can be imported from the Community in the new RapidIdentity UI

  • Applications Module cards now launch when clicked and are selected by clicking the checkbox

  • Field "showDN" is now included in the bootstrap information for the Roles module

  • Clicking cards in the Applications module now launches the application instead of selecting it

  • Typography has been standardized throughout the new rapidIdentity UI

  • RapidIdentity now supports an endpoint that can accept MEX Requests and respond correctly

  • Profile Admins now have access to the Policy Manager pages in Configuration forms

  • RapidIdentity now has a global SMS configuration setting that can be used whenever an SMS message is sent in relation to authentication and enrolling mobile devices

  • When resolving Relying Party name conflicts, RapidIdentity no longer provides a Cancel option

  • Sponsorship settings are now available in the People module, and the Settings menu provides access to People Settings, Delegations, Sponsorship Settings, and Sponsorship Attributes

  • Forms for Claim My Account, Forgot My Username, and Forgot My Password now present the correct CSRFToken

  • The CorsFilter provided by Tomcat no longer allows supportsCredentials to flag as true if the allowedOrigins list contains an asterisk (*)

  • The idauto and config accounts created on the appliance now have specified uid and gid values

  • RapidIdentity no longer allows non-password authentication methods to succeed for accounts that have been disabled or locked

  • RapidIdentity now uses strings to represent IDs from the Schoology's API to maintain compatibility

  • The example-adapter for Connect Adapter SDK is now up to date

  • The GSuite Adapter now uses the Gmail API instead of the deprecated Mail Settings API to manage sendAs aliases

  • Import Connect Project from Depot now uses the contentName field as the default name

  • The Help link at the bottom of the screen now leads to published product guides instead of Confluence

  • The CorsConfig now provides the ability to customize the cluster-wide CORS policy without requiring a restart of the RapidIdentity server

  • RapidIdentity now supports importing Relying Party configurations into the Community

  • The G-Suite Adapter now supports Google's changes to User and Group Settings properties

  • Web Security configuration options are now available in the Configuration > Security module

  • The Groupwise Adapter and Agent are no longer present in Connect

  • The Google API Batch operation is now updated to support changes made by Google

  • Tropo actions are now marked as deprecated, but with RapidIdentity SMS properly configured, a sendSMSMessage() action can now be used to send SMS messages through Connect

  • The import (from key and certificates) option no longer requires users to provide the private key

  • The Generate dialog for certificates and certificate signing requests (CSRs) is now just two buttons: one to generate a certificate and one to generate a CSR. A form left blank will now generate a certificate or CSR based on the existing certificate subject

  • RapidIdentity now has the ability to validate Java regular expressions

  • RapidIdentity now has a checkbox that toggles whether the new Connect UI will be visible

  • A confirmation message now displays after a report is successfully imported

  • RapidIdentity now authenticates encryption using AES/CBC encryption for confidentiality and HMAC for integrity

  • The Global Applications Settings menu now has clear descriptions for each field

  • RapidIdentity now invalidates file share evaluation caches across the cluster when a file share is updated

  • URLs with .svn in the path no longer return the wrong error code in the browser

  • Using IdP quickConfig no longer fails if used multiple times

  • The Delete API call for GAL items now returns the correct code

  • Connect jobs configured to send completion emails no longer hang on completion if there are problems with the SMTP Server

  • Workflow no longer shows the previous end date while in progress

  • Local Server Logs are now human-readable

  • Imported Workflow definitions now contain all required fields

  • Tenant Admins can no longer access Audit Retention Policy APIs

  • Flex UI for administering composite entitlements now shows the associated entitlements

  • Bootstrap info for Roles Viewer is now visible

  • Entering the current date in the expiration date field for a sponsored user now generates the correct error message

  • Attempts to make a Windows or WebDav file share public will now display the correct error message

  • Claim My Account no longer auto-completes previous entries

  • Crossdomain.xml no longer presents Flash vulnerabilities

  • Deleting an action set will now remove it from view

  • Users with the Roles Viewer role are now allowed to make the POST API call

  • UTF8 validation is now available for decryption methods

  • Connect passwords no longer show up in logs

  • The RapidIdentity docker no longer fails to start in IDaaS mode

  • A warning now displays after calling definePortalConnection with an HTTP URL

  • The Ensure Consistent Client Address checkbox is now enabled for Users who are both an admin and a tenantAdmin

  • The User Object Naming Convention in the Sponsorship Settings no longer reverts from EMAIL after clicking Save

  • Cloning projects now clones Action Sets and associated jobs

  • The Dashboard Module now appears as expected with regards to the Access Control settings configuration

  • The mobile application now displays the correct number of pages on all pages with this field

  • Insecure QR Codes no longer display as authentication options if the Allow Insecure QR Codes option has not been enabled

  • Changing the project filter in Connect now updates the Action Sets that display

  • Users with the appropriate role can now create a GAL item with type List

  • PostgreSQL can now be installed from the CLI menu on an EC2 instance

  • Administrators logged in through the CLI menu can now change settings in rapididentity.properties

  • Users can now upload multiple files into folders in the Files module

  • The Files module can now access WebDAV filenames with spaces

  • The People module no longer allows the Delegation type to be edited after initial creation and save

  • The Applications module now allows for multiple applications to be imported simultaneously

  • Connect will no longer return a 404 error in a new project if there are no jobs or logs yet in it

  • Enabling Role-Based Access Control no longer requires the Excludes Role field to be populated

  • RapidIdentity now presents the correct error message if a user tries to save a stale LDAP Server configuration

  • The Default Landing Module drop-down now displays all modules as options when logged in as idauto::admin

  • Non-admin entitlement owners can now view all details for their entitlement in the Request module's Catalog pane

  • The Entitlement Details sidebar now only displays entitled users to Admins or Tenant Admins

  • RapidIdentity pages opened in iframes now have configurable response headers for improved security

  • The Setup Security Questions window now behaves as expected

  • Help links no longer direct to outdated documentation access point

  • The unique Linux UID and GID for the idauto account for RapidIdentity no longer change over time

  • IdP Login image styles no longer result in broken custom logo displays

  • Retention Policies can now be successfully edited as expected

  • Delegations now add and remove as expected, showing appropriate tables and fields in both the legacy and new UIs

  • Proxy As settings now persist between legacy and new UI delegation configuration saves

  • The Roles module now honors custom attributes