Version 2023.09.1

What's new

Manage canonical values for attributes

• Customers can already use the existing functionality to use so-called canonical values for attributes to enable a drop-down for attributes in the RITM UI. These canonical values would previously be set/changed by Thales professional services. We now introduce the ability to allow customers to manage canonical values for string attributes themselves:
  • The previous "Edit attribute" single dialog has been changed into a dialog with multiple tabs:
    • The "General" tab defines some generic information about attributes
    • A new "Visibility" tab defines the pages and dialogs where attributes are needed to be shown
    • "Canonical values" is a new tab that is only present for attributes of type "String" and should be the actual values that are stored for attributes of user. The translatable text as shown in the UI for these canonical values still needs to be managed by navigating to "Settings > Customisation > Translations", choosing "Edit translations" and using the "Attributes values" tab on the dialogs.

What's improved

Performance improvements for the API used for retrieving managed identities

• We improved the response times for retrieving one or more managed identities of the authenticated user, along with their profile attributes, groups and roles.

What's fixed

Functional API to edit users would sometimes result in a 500 error

• Customers that have attributes configured as "Unalterable" and are using the API to only change group or role information would sometimes get a 500 error. We fixed the issue so that the API can now be used again to edit users without specifying or changing profile related attributes.

Wrong error reported when changing the password fails

• We sometimes show the wrong error for the new password when users tried to change their password on the profile pages. This happens for example when "Password history" was enabled on the IdP side (CIAM) and a user tries to change the password to something that was used before. The potential errors shown for the new password are now aligned to the errors from the IdP.

Pagination for attributes categories is not correct

• Going to the next page for attribute categories in the RITM UI doesn't show the next page, but shows all attribute categories from the current and next page. We fixed the pagination for attribute categories so one can go back and forth between the pages.

Trying to create a user that already exists fails with a generic 500 error

• When trying to create a user with, for example, the same primary email address, we will respond with a generic 500 error, instead of the expected 409. Creating a user with an already existing identifying attribute (like primary email address) will now again result in a 409 error.

"Add user" in the RITM UI doesn't show the password field

• When the state attribute is not configured to show on the "Add user" page/dialog, we will show the confirm password field, but not show the actual password field. This means that a user could not be created. We fixed the logic with respect to showing or not showing the password field and adding a user will now properly show the necessary fields.

No roles available to assign in context in the RITM UI

• For customers that are using the multi-company feature we sometimes didn't allow the administrator to assign roles if all managed roles were already assigned in a different context. We now allow administrators to assign the roles, that they are allowed to manage, again for every context.