Overview
This version comes in addition to the 3.7 backbone (release notes here), providing optimizations and bugfixes.
Highlights
New features & improvements:
Administration improvements:
Improved the Statistics / History dashboard by adding detailed data for profiles, accounts and devices. (administration)
Added IDP session support to display the accessed services and the session binding. This is visible in Audit / IDP Sessions tab (administration, security)
Validation has been added in the UI for certificates uploaded in Orchestrator / Authentication Methods / Certificate. (administration, user experience)
Added a better session type meaning. Now User Engagement mode will be marked accordingly - QR, USER_INPUT, CERTIFICATE. (administration)
Continued the improvement of Microsoft Entra integration (preview).
When authentication method policies are changed for an user, this is now reflected on the authentication workflow. (authentication flows, administration)
Server-side improvements:
Improved the admin access when the admin node is behind and external HAproxy (administration, server)
Improved the session cookie size for Oracle Access Manager
Authentication enhancements:
Improved the OpenID Connect experience by adding autocompletion of preferred user from ID token hint. (user experience, security)
Bug fixes:
Fixed an issue that caused an exception during FIDO authentication if "Allow unknown extensions" was set to false. (FIDO, authentication)
Fixed the push notification for dormant devices not working. (administration, server)
Fixed the hint text alignment for expired LDAP password screen in web flows (authentication flows, user experience)
Fixed duplicate entries in session history timeline for failed sessions (administration, server)
Fixed various UI bugs in Audit / IDP Session section (administration, user experience)
Fixed the auto-refresh parameter of QR codes (administration, user experience)
Fixed the Oracle Access Manager session refresh that lead to an inconsistent page when session expired (authentication flows, user experience)
Fixed device name not being displayed in the dormant device email notifications for phones enrolled more than 1 year ago (user experience)
Known issues:
Due to recent architecture changes, for this version FIDO Allow unknown attestation option needs to be turned ON. This will be fixed in the next release.