Bug fixes

• PHX-3037 Add PKCE support to the OIDC RP Relay authenticator
  

  Now supports PKCE when acting as Relying Party in OIDC. See documentation of Open ID Connect Relying Party under Authenticators for how to enable in your setup

• PHX-3049 WCAG MyApps
  

  MyApps GUI now updated to align with WCAG 2.1

• PHX-3100 XML Parser security improvements
  

  Updated handling of XML parsing

• PHX-3104 OIDCToSAMLBroker when session already available
  

  OIDCToSAMLBroker returns login data when an authenticated OIDC session already exists and prompt is set to “none”

Bug fixes

• PHX-3010 Add success URL redirect option to SithsEID
  

  SithsEID now includes the possibility to configure success URL

• PHX-3024 SithsEidSignValve is not working in PAS 4.6
  

  Issue resolved

• PHX-3051 Signing broken using HSM
  

  Problem when using HSM for signing now resolved

• PHX-3064 SAML Request security improvements
  

  Security improvements when processing SAML requests

• PHX-3070 The OIDCToSAMLBroker does not handle prompt=none
  

  Issue resolved. If parameter prompt is set to value “none”, no user interaction is needed

Highlights

The highlights for the 4.6 release include updated HTTP API for BankID, Freja eID and SITHS, addition of Freja eID in “verify user” template and valves for BankID SIGN with QR code support.

• BankID QR code support via HTTP API
• Updated BankID logotype accorinding to BankIDs new release
• Freja eID QR code support via HTTP API
• Freja eID can now be used in the Verify User template
• Use SITHS-eID as API authenticator
• Possibility to disable appswitching in BankID authenticator scenarios

Improved functions

In addition, several features have received minor improvement including:

• Key rollover for SAML Service Provider Authenticators
• Secured sensitive endpoints as default
• Added support for dynamically setting Assertion Consumer Service URL in the AuthNRequest for SAML Service Provider Authenticators
• Disabled support for TLS versions prior TLS 1.2

Miscellaneous bug fixes

Defect fixes recommended for all users, including

• PHX-2995 – Fixed PDF preview rendering issues while zooming and changing page
• PHX-3003 – Resolved HSQLDB backup issues using default backup location
• PHX-3007 – Mitigated cross-site scripting vulnerability

Highlights

The highlights for the 4.5 release include compliance to DIGG “Deployment profile for the Swedish eID framework”, animated QR code for BankID and WCAG 2.1 updates.

• Supporting DIGG’s “Deployment profile for the Swedish eID framework”
• PDF/XML signing cert key size < 4096b
• Animated QR code for BankID
• FrejaID authenticator scenario added (QR code, same device, other device)
• SQLImportTool for migrate from HSQLto MySQL/MSSQL

Improved functions

In addition, several features have received minor improvement including:

• Possible to configure userVisibleData for BankID identification just as with signing
• Configuration of GenerateJWTTokenValve target property name available
• WCAG 2.1 updates to Password Selfservice and MyApps