In this release cycle, we have been working on fundamental pieces of software development to ensure that you, the customer, get the best quality software we have ever produced. Our focus has been on our continuous integration (CI) pipelines and increased levels of automated testing. With our new pipelines, we ensure that any change we make is automatically tested before it is ever considered for merging to our mainline, no matter if it’s fixing a deviation or creating a new improvement to the code.

These changes have not only brought advantages for our development team, in the sense that there is better structure of our codebase, but it also catches human errors earlier in the process and performs additional security scans for each pull request. The new CI also provides consistent versioning for the different components in SSO and CustomerID. In this way, you will be sure that the version information in the logs and SSO Management UI is the same as the version specified in the install package, in this case SSO 8.5.0 and CustomerID 5.5.0.

As well as the underlying improvements made to our continuous integration system, we have also focused on improving and correcting the functionality of the Ubisecure Identity Server. Within SSO, there are a couple of improvements that will permit administrators to review additional information in the logs related to OAuth 2.0 applications. These improvements enable Mobile Operators to take GSMA’s Mobile Connect Authenticate product into commercial use and provide the authentication methods as a service. In order to use Mobile Connect as an authentication method, you will need to integrate a Mobile Connect service from a Mobile Operator to your identity platform – to do this, contact a Mobile Connect Operator in your country.

In connection to these changes, there are also changes done to the SSO consent page, allowing administrators to set the scopes related to the user information required from each user for a specific OAuth 2.0 application. This requires a OpenID Connect method to be used for the specific application.

New in this release

Continuous Integration

Our development team has produced a completely revamped continuous integration system that will enable even smoother, even more secure and enhanced-quality builds.

Our ‘new and shiny’ build system detects issues much earlier in the process by running unit and integration tests, as well as vulnerability scans, for each pull request opened in order to ensure that the changes made did not break any existing or newly created test case. If there are any observed issues, the developer receives direct feedback back to our issue tracking and messaging tools and is able to resolve any issues before anyone else starts reviewing the pull request.

After the successful build of the pull request and review of the code change by another Engineer, the code is merged to the main branch where we have additional smoke testing performed for each build. This is a small subset of the regression test suite and verifies that the system is able to start up and is accessible.

With these improvements and continuous work towards our CI and deployment system, the quality of this release and upcoming releases will only get better.

build pipeline

Mobile Connect

In order to assist Mobile Operators with Mobile Connect, there are several improvements made to SSO’s handling of scopes and logs when using OpenID Connect. This to enable administrators to specify which information is needed for certain applications and log the information in the audit logs for processing and forwarding to GSMA for billing purposes.

Authorisation policies have been updated to specify which scopes should be validated when accessing a specific application. This will make sure that no additional information is shared with the application that is outside of the specified scopes. This will also enable additional benefits to the consent page that has been improved in this release.

More information about configurations of the additional logging can be found in our developer portal: https://developer.ubisecure.com/docs/display/IDS20201/Additional+audit+logging+for+OAuth+2.0

Consent

It has now been two years since the General Data Protection Regulation (GDPR) came into force and a lot of things have changed. From a user point of view, there is now more control and visibility on where our personal information is being used and shared. For a long time, Ubisecure Identity Server has offered the possibility of including a consent page which appears after login that requires the user to agree to share their user information with the application that is being accessed. Within this release we have improved the consent page for OAuth 2.0 applications to be much more dynamic and user-friendly, compared to the previous static page.

Administrators are now able to configure the consent page based on the requested scopes that should be shown to the user when accessing the application on a per application basis, as well as to localise the different scopes to more user-friendly names.

To learn more about the configuration and localisation, visit our developer portal page: https://developer.ubisecure.com/docs/display/IDS20201/Login+screens+-+SSO

Improvements and corrections

There are always continuous improvements and corrections being made to Ubisecure’s Identity Server and this release is no exception.

You will find improvements made to our developer portal pages, such as https://developer.ubisecure.com/docs/display/IDS20201/System+Recommendations+and+Supported+Platforms with information about the browsers and operating systems we support, software requirements related to Java and databases as well as hardware recommendations for running operational environments. We have also added more information to the additional security consideration page https://developer.ubisecure.com/docs/display/IDS20201/Security+considerations+for+production+environments+-+SSO with recommendations on how to ensure that no system-specific information is leaked to end users in an error situation.

Additionally, there are a couple of small improvements and corrections made to the Mobile ID input field, SSO health check and LDAP search in Password Reset Application.

For a full list of features, improvement and corrections, please see https://developer.ubisecure.com/docs/display/IDS20201/Identity+Server+2020.1+Release+Notes

Head over to https://www.ubisecure.com/developers/ to download the latest version of the Ubisecure Identity Server today!