Table of Contents

5.1.7

PAS 5.1.7 is a maintenance release that contains a few improvements and bug fixes as we prepare for our next upcoming major release, PAS 6.0 which is just around the corner.

Note

If you have authentication flows including nested SequenceAuthenticators, the bugfix PHX-4209 (described below) may change the behavior of your current configuration.

Make sure to verify that your flows still work as intended.

Improvements

  • PHX-4172 - Freja eID: Add support for new attributes: UNIQUE_PERSONAL_IDENTIFIER and LOA_LEVEL. Support has been added for the new attributes uniquePersonalIdentifier and loaLevel.
  • PHX-4163 - Add JRE to the SBOM. The SBOM (Software Bill of Material) now contains the included Java Runtime Environment (JRE), which enables easier vulnerability detection for vulns within the JRE itself.
  • PHX-4154 - AuthSelector: Allow avoiding reordering the authenticators by last used. Added an option to opt out of the automatic sorting on the latest used authenticator, available to configure at the selector in the admin GUI.

Bug fixes

  • PHX-4176 - Posting a JSON to the files module that is larger than 20 MB does not work. Fixed a bug where an unintended size limitation existed within a third party dependency, causing errors for very large files.
  • PHX-4181, PHX-4180 - OIDC token generation occasionally fails with 'Illegal base64 character' error. Resolved an issue where a debug-level log did not use the proper decoding scheme. Resolved a similar error in OIDC JWT based client authentication.
  • PHX-4175 - Legacy SAML SLO with RelayState crashes due to duplicate property. Resolved an error where the RelayState was added to the item twice in legacy saml SLO flow.
  • PHX-4209 - Sequence authenticator: First child authenticator does not inherit the current item. Resolved an issue where the first authenticator within a sequence would not inherit the current item correctly, causing issues in nested flows or flows including a pre-pipe. If you have previous workarounds creating new items in nested SequenceAuthenticators, you should adjust them accordingly and test to make sure they work as you intend.
  • PHX-4157 - Dynamic Authenticator pre set input values sometimes do not appear. Resolved an issue where pre set values in Dynamic Authenticator would not display in the GUI correctly when chained in a sequence.
  • PHX-4213 - WindowsSSO loop state on error. Resolved an issue where the WindowsSSO authenticator get into an erroneous loop state.
  • PHX-4227 - In PRISM applications, there were a small risk for some requests to fail due to a threading issue, especially when multiple users are using the same PRISM application.