We are excited to announce the release of PAS 5.1.4, which builds on the robust enhancements introduced in version 5.1.3. This latest release includes several major features, numerous improvements, and critical updates designed to strengthen performance, security, and user experience. Here’s what you can expect in PAS 5.1.4:
New Features and Enhancements
Backend Support for OneTouch v2.0
Our soon-to-be-released OneTouch v2.0 mobile app will deliver significant improvements in user experience, security, and configurability. PAS 5.1.4 introduces backend support for these updates, ensuring a seamless transition for current users. While existing configurations will remain functional, administrators can follow the upgrade guide to unlock the new features.
Built-in reCAPTCHA v3 Integration
Version 5.1.4 adds support for reCAPTCHA v3 in the DynamicAuthenticator. This integration enhances security by detecting automated login attempts without disrupting the user experience. It can be implemented alongside input fields or as a standalone element in authentication flows.
RelayAuthenticator for QR-Based Authentication
The all-new RelayAuthenticator enables QR-based authentication, ideal for devices with limited input capabilities, such as kiosks. This feature simplifies secure authentication by delegating it to another device, leveraging a two-step verification process for added security. RelayAuthenticator also seamlessly integrates with active SSO groups to maintain a consistent and efficient user experience.
Performance and Technical Improvements
Enhanced JavaScript Engine
We’ve replaced the Nashorn JavaScript engine with GraalVM’s JS engine, resulting in significant performance gains. With this update, server startup times have improved by approximately 25%, while response times in the configuration GUI are up to 40% faster.
Updated Heap Size Recommendations
To support modern workloads, the default heap size has been increased to 4GB. Updated recommendations for hardware and memory configurations are available to ensure optimal performance.
Expanded Protocol Support
SAML Improvements
PAS 5.1.4 introduces new configuration parameters for SAML Assertion Profiles, allowing greater flexibility in:
- Keystore ID selection for signatures
- Signature algorithm choices
- Attribute NameFormat specifications
- Scoped attribute configurations
Additionally, new tools simplify the transition from legacy SAML IdPs to updated configurations, streamlining your migration process.
OIDC / OAuth Enhancements
New features include:
- Support for the client_credentials grant type, enabling third-party API access via PAS-issued tokens.
- Granular control of Relying Party permissions, including allowed_scopes and allow_client_credentials_grant_type settings.
- Customisable authorisation rules through client authorisation pipes, enabling advanced access control policies.
Pipe Import/Export Tool
Administrators can now easily transfer pipe configurations between environments with the new import/export tool in the configuration GUI. This feature simplifies migration and reduces manual effort.
PAS 5.1.4 demonstrates our commitment to delivering secure, high-performance identity solutions tailored to evolving organisational needs. For detailed guidance on implementing these features, explore our updated documentation and guides.
