Skip to main content
Skip table of contents

Overview

We're excited to announce a significant update packed with new functionalities, important enhancements, and key bug fixes across our administration, authentication, and server-side components. Detailed operational instructions for each new feature are available on their respective functional documentation pages.

Key Highlights in This Release:

  • Introducing Passkey Support: We've integrated passkey functionality, now complete with WebAuthn Level 3 implementation, offering a more secure and user-friendly authentication method.

  • Expanded Automated Alerts: New cron jobs have been added to our automation alerting system to notify you about more critical scenarios, including license and certificate expirations, as well as device license limits.

  • Granular Authentication Control with "Forbidden Countries": A new ILP (Identity Lifecycle Platform) criterion allows for more precise control and deeper insights into authentication patterns by identifying and managing access from specified countries.

  • Enhanced Geofencing Capabilities: A new location permission parameter has been added, providing more detailed insights for geofencing conditions.

  • Strengthened Security for Sensitive Data: We've upgraded our security measures for sensitive configuration data (like passwords and keys) using the latest encryption standards.

  • Full Microsoft Entra Integration: Veridium now fully supports integration with Microsoft Entra, streamlining identity and access management.

  • Improved External User Onboarding: The process for onboarding external users has been made more flexible by allowing codes to be delivered via personal communication channels, such as personal email addresses or phone numbers.

New Features & Enhancements:

Administration & Dashboard:

  • Upgraded Dashboard Insights: The Dashboard page now features improved and new charts, including "High Risk users" and "Account Block Actions Count," along with a new "ILP Context" section for better visibility.

  • Streamlined New Employee Onboarding: The onboarding process for new employees has been enhanced, now supporting the use of personal communication channels for initial setup.

  • Improved IDP Health Check: The "Check IDP Health" feature now accurately displays the status in all scenarios, ensuring reliable monitoring.

  • Enhanced Session Tracking: Session tracking has been augmented with Location Permission State information for more comprehensive monitoring.

  • Optimized Search Functionality: Searching for certUUID in the Devices section and device search in history have been improved for faster and more accurate results.

Authentication:

  • This release brings significant improvements to the authentication experience, detailed further in the highlights and bug fixes sections.

Server-Side:

  • Default Encryption for Sensitive Configurations: All sensitive configurations in Zookeeper are now encrypted by default, bolstering security.

  • Automated SELinux Policy Application: An SElinux check has been added during updates to help automatically apply necessary policies.

  • More Informative Event Logs: The events.log now provides more detailed information about user actions, such as device blocking/unblocking, authenticator removal, and PIN resets.

  • Improved Hardware Token Management: Hardware tokens are now automatically removed when an identity is deleted, allowing them to be registered under a different identity.

  • Enhanced Shibboleth Compatibility: Shibboleth now accepts requests from Netscaler with all Authentication Class Types.

  • Platform Modernization: All components have been updated to Java 17, ensuring improved performance and security.

Bug Fixes:

Administration:

  • Resolved an issue preventing the "Save" button from activating when creating an admin certificate.

  • Fixed a bug where successfully generated CSV reports incorrectly showed a status of UNKNOWN in the Action Log.

  • Corrected the inaccurate counter for expired and expiring certificates in the user interface.

  • Addressed a bug where Quick Actions for SMS & Email failed on the second attempt after setting correct values.

  • Fixed an issue that caused failures in metadata loading when Veridium was configured as an Identity Provider (IDP).

  • Resolved an error that occurred on application start if the Self-Service Portal (SSP) was configured to work with an external IDP.

  • Fixed a bug in the file encryption mechanism that caused configuration JSON files to appear empty in the Admin UI.

  • Addressed an issue preventing correct external attribute validation in Settings - LDAP connection - Manage external attributes.

  • Resolved a bug that prevented the MaxMind geolocation service from functioning correctly.

  • Fixed an issue that prevented invitation codes from being created if the identity did not have a phone number in Active Directory.

  • Corrected an error that prevented edited XML files from saving correctly in Settings - Advanced.

  • Fixed a bug that prevented pagination when more than 10 entries were present in the "Manage enrollment codes" section.

  • Resolved an issue that caused an empty page to display when accessing a friend certificate’s details from the Certificate Validity Dashboard.

Authentication:

  • Fixed an infinite loop scenario triggered by the certificate authentication method.

  • Addressed a bug that sporadically caused the icon for the Desktop Fingerprint authenticator to disappear.

  • Resolved an issue affecting PIN authentication when a PIN had expired.

  • Fixed the Citrix IE webview for backward compatibility with Citrix Workspace.

  • Corrected a Self Service Portal UI error when Veridium is configured as an IDP.

  • Fixed a bug that prevented SAML authentication in Admin when more than one node was active.

  • Resolved an issue that made the Admin interface unresponsive when switching from SAML to OIDC authentication flows.

  • Fixed a bug that caused authentication failure if FIDO was the only authentication method configured in the orchestrator.

Server-Side:

  • Resolved an issue affecting the correct handling of httpResponseHeaders in Shibboleth.

  • Fixed a bug that prevented HttpHeaders from being applied to the Self-Service Portal.

  • Addressed an issue that prevented websecadmin from starting correctly during fresh installations.

  • Corrected an error in the database device model table that caused some phone devices to be listed multiple times.

  • Improved server-side validation of authentication vectors like desktop_fingerprint to prevent corner-case issues.

  • Failed and cancelled FIDO sessions are now correctly detected and displayed in the Audit logs.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close