We are excited to announce the release of PAS 5.1.4, which builds on the robust enhancements introduced in version 5.1.3. This latest release includes several major features, numerous improvements, and critical updates designed to strengthen performance, security, and user experience. Here’s what you can expect in PAS 5.1.4:

 

New Features and Enhancements

Backend Support for OneTouch v2.0

Our soon-to-be-released OneTouch v2.0 mobile app will deliver significant improvements in user experience, security, and configurability. PAS 5.1.4 introduces backend support for these updates, ensuring a seamless transition for current users. While existing configurations will remain functional, administrators can follow the upgrade guide to unlock the new features.

Built-in reCAPTCHA v3 Integration

Version 5.1.4 adds support for reCAPTCHA v3 in the DynamicAuthenticator. This integration enhances security by detecting automated login attempts without disrupting the user experience. It can be implemented alongside input fields or as a standalone element in authentication flows.

RelayAuthenticator for QR-Based Authentication

The all-new RelayAuthenticator enables QR-based authentication, ideal for devices with limited input capabilities, such as kiosks. This feature simplifies secure authentication by delegating it to another device, leveraging a two-step verification process for added security. RelayAuthenticator also seamlessly integrates with active SSO groups to maintain a consistent and efficient user experience.

 

Performance and Technical Improvements

Enhanced JavaScript Engine

We’ve replaced the Nashorn JavaScript engine with GraalVM’s JS engine, resulting in significant performance gains. With this update, server startup times have improved by approximately 25%, while response times in the configuration GUI are up to 40% faster.

Updated Heap Size Recommendations

To support modern workloads, the default heap size has been increased to 4GB. Updated recommendations for hardware and memory configurations are available to ensure optimal performance.

 

Expanded Protocol Support

SAML Improvements

PAS 5.1.4 introduces new configuration parameters for SAML Assertion Profiles, allowing greater flexibility in:

• Keystore ID selection for signatures
• Signature algorithm choices
• Attribute NameFormat specifications
• Scoped attribute configurations

Additionally, new tools simplify the transition from legacy SAML IdPs to updated configurations, streamlining your migration process.

OIDC / OAuth Enhancements

New features include:

• Support for the client_credentials grant type, enabling third-party API access via PAS-issued tokens.
• Granular control of Relying Party permissions, including allowed_scopes and allow_client_credentials_grant_type settings.
• Customisable authorisation rules through client authorisation pipes, enabling advanced access control policies.

Pipe Import/Export Tool

Administrators can now easily transfer pipe configurations between environments with the new import/export tool in the configuration GUI. This feature simplifies migration and reduces manual effort.

PAS 5.1.4 demonstrates our commitment to delivering secure, high-performance identity solutions tailored to evolving organisational needs. For detailed guidance on implementing these features, explore our updated documentation and guides.

• Release notes

Minor

---

New release with powerful new features

We are excited to announce the release of PAS 5.1.3, packed with major updates and enhancements. Since launching our new authentication architecture in PAS 5.1.0 earlier this year, we’ve been hard at work to deliver a more streamlined and user-friendly experience, while maintaining the highest levels of security and flexibility for organisations. PAS 5.1.3 introduces several improvements, and here are the top five standout features:

---

 

A brand-new web frontend for authentication

 

In PAS 5.1.3, we’ve redesigned the web frontend for the authentication module. The new interface increases user experience by adding support for custom themes, languages and error handling, all while being fully WCAG-compliant. Out-of-the-box authentication flows linked to the back-end authenticators simplifies for the administrator when setting up the available authentication options for the end user. 

We’ve also added features like dynamic option selection and customisable form designs make it simple to create tailored, complex user experiences.

 

Operations monitoring for enhanced control

With PAS 5.1.3, we’ve added operations monitoring, a long-requested feature. Now, you can monitor the health of your PAS deployments via Prometheus or Elasticsearch, tracking key metrics such as SAML metadata, certificate expiration, and response times. This allows you to proactively resolve issues before they impact your system’s performance.

 

Containerised delivery for seamless deployment

We’ve introduced containerised delivery, making PAS available as a Docker image. This provides more flexibility in deployment, particularly for DevOps teams. You can now mount configurations as read-only, inject resource files, and use environment variables to streamline your setup. This makes it easier to pre-configure PAS while maintaining security by swapping out sensitive files and variables as needed.

 

Simplified Multi-Factor Authentication (MFA) setups

We’ve made the MFA setup even easier in PAS 5.1.3 with new guide scenarios. These allow you to quickly configure primary authenticators with pre-configured MFA options such as SMS OTP, Mail OTP, or OneTouch. Our user-friendly interfaces include features like OTP resending and dynamic option selection, offering a smoother experience for both admins and users.

 

FIDO2 passkeys for usernameless authentication

One of the key security updates in PAS 5.1.3 is the introduction of FIDO2 passkeys, enabling usernameless authentication. This feature allows users to authenticate without entering a username, enhancing both security and user experience. Please note that this feature may require a database update, so be sure to review the upgrade notes before implementing.

 

---

With these new features, we continue to provide organisations with the best tools to secure and simplify identity and access management. PAS 5.1.3 also includes numerous other improvements, bug fixes, and vulnerability mitigations that make it a must-have for any enterprise focused on secure and efficient authentication.

• Release notes

Minor

---

Introducing PAS 5.1.2: Key updates to boost your digital security

We are excited to announce the release of PAS 5.1.2, which brings a range of enhancements designed to improve your security and integration capabilities. This update focuses on expanding support for Microsoft Entra ID’s new External Authentication Methods (EAM), introducing risk indication features for BankID integrations, and simplifying migrations from old authenticators to our new protocol-agnostic system.

Among the highlights, PAS 5.1.2 includes new SAML Assertion Profiles, improvements in PDF signing options, and several bug fixes to enhance overall stability and security. Important note: if you are using an external database for event logging with BankID, make sure to update your database schema to include the new riskLevel parameter for full compatibility.

This release is designed to help your organisation stay secure, efficient, and ahead in the ever-evolving landscape of digital authentication. To learn more about all the new features and technical details, check out the full release notes.

Stay secure with PAS 5.1.2!

• Release notes

Minor

---

This release brings a host of significant improvements, focusing on security, performance, and functionality. Key highlights include enhanced QR code synchronization, critical security updates, and improved SAML support. These changes reflect our ongoing commitment to providing a secure, efficient, and user-friendly platform.

Highlights:

1. Improved QR Code Synchronization (PHX-3475): We have completely revamped the QR code sync implementation, allowing for flexible polling intervals. This ensures that BankID QR codes remain in sync, providing a seamless authentication process.
2. Security Enhancements (PHX-3481, PHX-3674): We have addressesd and mitigated several security vulnerabilities (CVE-2020-23064, CVE-2020-11022, CVE-2020-11023, CVE-2019-11358, CVE-2021-23337, CVE-2020-28500, CVE-2024-34342 and CVE-2024-4367). These updates significantly bolster the security of our platform, ensuring a safer environment for our users.
3. Enhanced SAML Support (PHX-3494, PHX-3495, PHX-3496, PHX-3497): We have resolved several issues related to SAML bindings and signatures. Our SAML Service Provider (SP) and Identity Provider (IdP) can now handle inbound Redirect-binding for deflated requests, verify detached signatures, and ensure valid signatures on SAMLResponses. These enhancements improve the reliability and security of our SAML integrations.

 

For a detailed list of all changes and improvements, please read more on our release notes page.

Read full release notes

Maint

---