-
PhenixID Signing Workflow 2.3.0 improves the stability, compatibility, and security of your solution and is recommended for all installations.
Highlights
-
PhenixID is proud to announce the new release of PhenixID Authentication Services (PAS) 4.7. The new release improves the stability, compatibility, and security of your solution and is recommended for all installations.
Highlights
-
PhenixID Signing Services Workflow 2.2.0 improves the stability, compatibility and security of your solution, and is recommended for all installations.
Highlights
-
PhenixID is proud to announce the new release of PhenixID Authentication Services (PAS) 4.5. The new release improves the stability, compatibility, and security of your solution, and is recommended for all installations.
Highlights
The highlights for the 4.5 release include compliance to DIGG “Deployment profile for the Swedish eID framework”, animated QR code for BankID and WCAG 2.1 updates.
- Supporting DIGG’s “Deployment profile for the Swedish eID framework”
- PDF/XML signing cert key size < 4096b
- Animated QR code for BankID
- FrejaID authenticator scenario added (QR code, same device, other device)
- SQLImportTool for migrate from HSQLto MySQL/MSSQL
Improved functions
In addition, several features have received minor improvement including:
- Possible to configure userVisibleData for BankID identification just as with signing
- Configuration of GenerateJWTTokenValve target property name available
- WCAG 2.1 updates to Password Selfservice and MyApps
Read the full release notes for Authentication Services here:
Read full release -
This patch release includes defect fixes and addition of minor functions for the 4.7 release, and is recommended for all 4.7 installations.
Bug fixes
-
PhenixID is proud to announce the new release of PhenixID Authentication Services (PAS) 4.6 The new release improves the stability, compatibility, and security of your solution, and is recommended for all installations.
Highlights
The highlights for the 4.6 release include updated HTTP API for BankID, Freja eID and SITHS, addition of Freja eID in “verify user” template and valves for BankID SIGN with QR code support.
- BankID QR code support via HTTP API
- Updated BankID logotype accorinding to BankIDs new release
- Freja eID QR code support via HTTP API
- Freja eID can now be used in the Verify User template
- Use SITHS-eID as API authenticator
- Possibility to disable appswitching in BankID authenticator scenarios
Improved functions
In addition, several features have received minor improvement including:
- Key rollover for SAML Service Provider Authenticators
- Secured sensitive endpoints as default
- Added support for dynamically setting Assertion Consumer Service URL in the AuthNRequest for SAML Service Provider Authenticators
- Disabled support for TLS versions prior TLS 1.2
Miscellaneous bug fixes
Defect fixes recommended for all users, including
- PHX-2995 – Fixed PDF preview rendering issues while zooming and changing page
- PHX-3003 – Resolved HSQLDB backup issues using default backup location
- PHX-3007 – Mitigated cross-site scripting vulnerability
Read the full release notes for Authentication Services here:
Read full release -
Introducing PAS 5.1.2: Key updates to boost your digital security
We are excited to announce the release of PAS 5.1.2, which brings a range of enhancements designed to improve your security and integration capabilities. This update focuses on expanding support for Microsoft Entra ID’s new External Authentication Methods (EAM), introducing risk indication features for BankID integrations, and simplifying migrations from old authenticators to our new protocol-agnostic system.
Among the highlights, PAS 5.1.2 includes new SAML Assertion Profiles, improvements in PDF signing options, and several bug fixes to enhance overall stability and security. Important note: if you are using an external database for event logging with BankID, make sure to update your database schema to include the new riskLevel parameter for full compatibility.
This release is designed to help your organisation stay secure, efficient, and ahead in the ever-evolving landscape of digital authentication. To learn more about all the new features and technical details, check out the full release notes.
Stay secure with PAS 5.1.2!
-
New minor release
PhenixID Signing Workflow 2.5.0 improves the stability, compatibility and security of your solution, and is recommended for all installations.
Highlights
The highlight for the 2.5.0 release includes the ability edit already created errand.
Edit errand
Prior to this release, the only thing that was possible to update on an errand was the expiration time. If the wrong person was invited as a signer, or someone was missing, a solicitor had to delete the old errand and create a new one. Signers who had already signed the document had to sign again. This release adds the possibility for the solicitor (via GUI or API) to edit an already existing errand.
- Signers that hasn't yet signed can be removed
- New signers can be added
- The description of the errand can be updated
- The priority order for signers who hasn't yet been invited (in queue) can be changed
Reminding signers
In the configuration its possible that a email reminder is sent prior to the errand expires. Now a solicitor can also trigger a reminder email to a signer that hasn't yet signed by clicking a button in the GUI.
Improved functions
- SWF graphical issues (mobile responsiveness) has been resolved
Bug fixes
- IGA-467 Do not log out when changing language’
- IGA-504 Runtime error when uploading first document
-
PhenixID is proud to announce the new release of PhenixID Authentication Services (PAS) 5.1.0. The new release improves the stability, compatibility, and security of your solution, and is recommended for all installations.
HIGHLIGHTS
The 5.1.0 version introduces a new way of configurating Authenticators, exceptionally simplifying for administrators by giving more control of authentication flows. In addition to this, increased built in support for SAML and OIDC protocols and updated guides for configuration makes this 5.1.0 release something that will not just make PAS more secure but also reduce complexity.
Authenticators architecture
Clear separation of protocols versus authentication methods, new simplified configuration guides to support easier and faster configuration. Read more about how this will make the administrators life easier here.
OpenID Connect support
Significantly more OIDC functionality now available “out-of-the-box” in code instead of via manual configuration. Also some new OIDC support not previously possible, e.g Hybrid Flow support. Link to documentation here.
SIGN transaction for BankID and Freja EID
Force a SIGN request to BankID or Freja eID with clear information to the user on the intention of signing.
-
New release with powerful new features
We are excited to announce the release of PAS 5.1.3, packed with major updates and enhancements. Since launching our new authentication architecture in PAS 5.1.0 earlier this year, we’ve been hard at work to deliver a more streamlined and user-friendly experience, while maintaining the highest levels of security and flexibility for organisations. PAS 5.1.3 introduces several improvements, and here are the top five standout features:
A brand-new web frontend for authentication
In PAS 5.1.3, we’ve redesigned the web frontend for the authentication module. The new interface increases user experience by adding support for custom themes, languages and error handling, all while being fully WCAG-compliant. Out-of-the-box authentication flows linked to the back-end authenticators simplifies for the administrator when setting up the available authentication options for the end user.
We’ve also added features like dynamic option selection and customisable form designs make it simple to create tailored, complex user experiences.
Operations monitoring for enhanced control
With PAS 5.1.3, we’ve added operations monitoring, a long-requested feature. Now, you can monitor the health of your PAS deployments via Prometheus or Elasticsearch, tracking key metrics such as SAML metadata, certificate expiration, and response times. This allows you to proactively resolve issues before they impact your system’s performance.
Containerised delivery for seamless deployment
We’ve introduced containerised delivery, making PAS available as a Docker image. This provides more flexibility in deployment, particularly for DevOps teams. You can now mount configurations as read-only, inject resource files, and use environment variables to streamline your setup. This makes it easier to pre-configure PAS while maintaining security by swapping out sensitive files and variables as needed.
Simplified Multi-Factor Authentication (MFA) setups
We’ve made the MFA setup even easier in PAS 5.1.3 with new guide scenarios. These allow you to quickly configure primary authenticators with pre-configured MFA options such as SMS OTP, Mail OTP, or OneTouch. Our user-friendly interfaces include features like OTP resending and dynamic option selection, offering a smoother experience for both admins and users.
FIDO2 passkeys for usernameless authentication
One of the key security updates in PAS 5.1.3 is the introduction of FIDO2 passkeys, enabling usernameless authentication. This feature allows users to authenticate without entering a username, enhancing both security and user experience. Please note that this feature may require a database update, so be sure to review the upgrade notes before implementing.
With these new features, we continue to provide organisations with the best tools to secure and simplify identity and access management. PAS 5.1.3 also includes numerous other improvements, bug fixes, and vulnerability mitigations that make it a must-have for any enterprise focused on secure and efficient authentication.
-
We are excited to announce the release of PAS 5.1.4, which builds on the robust enhancements introduced in version 5.1.3. This latest release includes several major features, numerous improvements, and critical updates designed to strengthen performance, security, and user experience. Here’s what you can expect in PAS 5.1.4:
New Features and Enhancements
Backend Support for OneTouch v2.0
Our soon-to-be-released OneTouch v2.0 mobile app will deliver significant improvements in user experience, security, and configurability. PAS 5.1.4 introduces backend support for these updates, ensuring a seamless transition for current users. While existing configurations will remain functional, administrators can follow the upgrade guide to unlock the new features.
Built-in reCAPTCHA v3 Integration
Version 5.1.4 adds support for reCAPTCHA v3 in the DynamicAuthenticator. This integration enhances security by detecting automated login attempts without disrupting the user experience. It can be implemented alongside input fields or as a standalone element in authentication flows.
RelayAuthenticator for QR-Based Authentication
The all-new RelayAuthenticator enables QR-based authentication, ideal for devices with limited input capabilities, such as kiosks. This feature simplifies secure authentication by delegating it to another device, leveraging a two-step verification process for added security. RelayAuthenticator also seamlessly integrates with active SSO groups to maintain a consistent and efficient user experience.
Performance and Technical Improvements
Enhanced JavaScript Engine
We’ve replaced the Nashorn JavaScript engine with GraalVM’s JS engine, resulting in significant performance gains. With this update, server startup times have improved by approximately 25%, while response times in the configuration GUI are up to 40% faster.
Updated Heap Size Recommendations
To support modern workloads, the default heap size has been increased to 4GB. Updated recommendations for hardware and memory configurations are available to ensure optimal performance.
Expanded Protocol Support
SAML Improvements
PAS 5.1.4 introduces new configuration parameters for SAML Assertion Profiles, allowing greater flexibility in:
- Keystore ID selection for signatures
- Signature algorithm choices
- Attribute NameFormat specifications
- Scoped attribute configurations
Additionally, new tools simplify the transition from legacy SAML IdPs to updated configurations, streamlining your migration process.
OIDC / OAuth Enhancements
New features include:
- Support for the client_credentials grant type, enabling third-party API access via PAS-issued tokens.
- Granular control of Relying Party permissions, including allowed_scopes and allow_client_credentials_grant_type settings.
- Customisable authorisation rules through client authorisation pipes, enabling advanced access control policies.
Pipe Import/Export Tool
Administrators can now easily transfer pipe configurations between environments with the new import/export tool in the configuration GUI. This feature simplifies migration and reduces manual effort.
PAS 5.1.4 demonstrates our commitment to delivering secure, high-performance identity solutions tailored to evolving organisational needs. For detailed guidance on implementing these features, explore our updated documentation and guides.
