Skip to main content
Skip table of contents

Overview

Version 3.5 introduces quality of life updates and features related to production flows' improvements.

A major focus for this version was also security hardening against the latest vulnerability vectors published in CVE listings, as well as in internal pentesting.

In terms of functionality changes and new features have been introduced, with impact in end-user flows and server configuration.

Highlights

  • Added support for Thales Cogent Single Finger Scanner DactyID20 as a biometric authenticator available for enrollment & authentication in Self Service Provider.

  • Usage of Veridium Truststore is now possible for SMTP email communication. This is useful for production scenarios where the on-prem certificate is not signed by a public CA. The new option is available in Veridium Manager / Settings / Messaging / Email - “Use Veridium Truststore” toggle.

  • SMS templates can be configured and localized in a dedicated section in Veridium Manager / Settings / Messaging / SMS Templates.

  • SMTP Gateway can be used for SMS (in addition to Twilio) and now features a “Send Test SMS” button to help in validating the configuration.

  • Security: CVE mitigation, sanitization for multiple backend server and LDAP queries, and user input fields in all flows, dependency updates to latest versions.

  • Security: VFace - communication is now fully encrypted and the APIs are non-replayable.

  • SAML login is now available for Veridium Manager users, with a similar MFA authentication flow as the one available for Self Service Provider end-users.

  • Added support for SAML NameID request received from Service Provider. This improves the user experience during authentication by automatically filling in the username during authentication requests.

  • Active Directory “Locked” account status is now synced and supported, alongside with the “Disabled” status.

  • PIN age and PIN status are now indicated in Veridium Manager and SSP. Configuration is available in Veridium Manager / Orchestrator / Methods / PIN - “Days since the PIN becomes about to expire” field.

  • Added support for Single Logout in Shibboleth.

  • Added commercial name support for the iPhone devices released in Sept. 2023.

  • Fixed SAML login page for Internet Explorer (Citrix) browser.

  • Fixed an issue with Yubico OTP that caused the session to be canceled after providing correct auth data.

  • Fixed the deprovisioning scheduler function. The cron jobs were not correctly executed and did not display correct status.

  • Fixed a bug in Windows Credential Provider that prevented the use of LDAP password as a 2nd factor authenticator in orchestrator flows.

  • Fixed a bug that prevented correct behavior for desktop and mobile user engagement conditions. New installations have this included.
    For existing installations, manual changes are required:
    1. orchestrator condition is_mobile content needs to be changed to:
    userAgent := input.session.exploiterDeviceContext.userAgentRaw
    regex.match("(?i)iPhone|iPad|iPod|Android", userAgent)
    2. orchestrator condition is_desktop content needs to be changed to:
    not is_mobile

  • Fixed a bug that caused some email templates to still be used when disabled in Veridium Manager / Settings / Messaging / Notifications .

  • Fixed a bug that caused a wrong group to be assigned when OPA device was created during new installs and renewals.

  • Fixed a bug that allowed users with no administrative permissions to access the License Agreement page.

  • Fixed a bug that allowed the location map to be displayed in Session Details even if configured not to.

  • Fixed a bug that caused blocked or removed admins to still be able to perform operations in Veridium Manager until the current session expired.

  • Improved error messages for Email in Admin dashboard to be more detailed and relevant.

  • Fixed the Veridium Manager custom logo functionality.

  • Fixed an issue caused by a conflict on Windows between VeridiumID FIDO and Keeper Password Manager Edge extension. In some scenarios where the Keeper extension was installed in Edge browser, Veridium FIDO flow did not trigger the Windows Hello pop-up to offer authentication methods.

    A major focus for this version was also security hardening against the latest vulnerability vectors published in CVE listings, as well as in internal pentesting in accordance with this security advisory: https://docs.veridiumid.com/docs/v3.5/security-advisory

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close