This version comes in addition to the 3.7 backbone (release notes here), providing optimizations and bugfixes.
Highlights
New features & improvements:
Administration improvements:
-
Improved the Statistics / History dashboard by adding detailed data for profiles, accounts and devices. (administration)
-
Added IDP session support to display the accessed services and the session binding. This is visible in Audit / IDP Sessions tab (administration, security)
-
Validation has been added in the UI for certificates uploaded in Orchestrator / Authentication Methods / Certificate. (administration, user experience)
-
Added a better session type meaning. Now User Engagement mode will be marked accordingly - QR, USER_INPUT, CERTIFICATE. (administration)
-
Continued the improvement of Microsoft Entra integration (preview).
-
When authentication method policies are changed for an user, this is now reflected on the authentication workflow. (authentication flows, administration)
Server-side improvements:
-
Improved the admin access when the admin node is behind and external HAproxy (administration, server)
-
Improved the session cookie size for Oracle Access Manager
Authentication enhancements:
-
Improved the OpenID Connect experience by adding autocompletion of preferred user from ID token hint. (user experience, security)
Bug fixes:
-
Fixed an issue that caused an exception during FIDO authentication if "Allow unknown extensions" was set to false. (FIDO, authentication)
-
Fixed the push notification for dormant devices not working. (administration, server)
-
Fixed the hint text alignment for expired LDAP password screen in web flows (authentication flows, user experience)
-
Fixed duplicate entries in session history timeline for failed sessions (administration, server)
-
Fixed various UI bugs in Audit / IDP Session section (administration, user experience)
-
Fixed the auto-refresh parameter of QR codes (administration, user experience)
-
Fixed the Oracle Access Manager session refresh that lead to an inconsistent page when session expired (authentication flows, user experience)
-
Fixed device name not being displayed in the dormant device email notifications for phones enrolled more than 1 year ago (user experience)
Known issues:
-
Due to recent architecture changes, for this version FIDO Allow unknown attestation option needs to be turned ON. This will be fixed in the next release.