Skip to main content

Trivore ID 5 changelog (alpha)

Version 5 of Trivore ID is an experimental set of releases. It is not recommended for production use. Use Version 4 for production services.

Version 5 uses new application and user interface frameworks. It has the same features as the Version 4 releases do.

Upgrade instructions

Review Important Upgrade Notes for version specific upgrade instructions.

Release 5.12.0

Released 2025-05-20.

New features

  • ONEP-2662 Allows users to input a URL to fetch a bootstrap file
  • ONEP-3279 New feature that allows users to use the default email template as a base for creating customized email messages. This enhancement simplifies the process for non-technical users, enabling them to easily modify those email messages which support this feature. Not all message types support it.
  • ONEP-3476 The management dashboard now features a panel displaying the current user's IP address information, including the IP address, reverse IP lookup name, and geographic location.
  • ONEP-3528 Implemented metrics collection on export jobs to identify performance bottlenecks and optimize system performance.
  • ONEP-3544 Implemented a feature that allows users to list, filter, and sort all user directories from accessible namespaces.
  • ONEP-3553 Added management UI support for viewing currently running MongoDB index operations. It can be accessed from System Preferences / Maintenance / MongoDB / Browser / Index Operations.
  • ONEP-3558 Added better generator of Suomi.fi SP Metadata to the User Directory Editor.
  • ONEP-3560 Added a scheduled task to automatically update SAML IdP metadata from specified URLs, allowing for streamlined management of metadata for each directory. This feature includes the option to toggle updates on or off per directory.
  • ONEP-3562 Namespace Editor prompts users to provide a reason for modifications when saving changes. Upon clicking "Save," a dialog appears requesting a brief description of the changes made, with options to view altered fields and a checkbox to opt-out of providing an explanation.
  • ONEP-3571 Improve duplicate personal identity code handling in Tiera/Edu set-pic endpoint
  • ONEP-3593 Added support for multiple, optionally expiring secrets for OpenID clients, improving management and reducing service downtime during secret rotation. This enhancement allows for greater flexibility, as clients can now define multiple secret values with optional expiration dates.
  • ONEP-3596 Added more efficient API for listing all user IDs in a namespace.
  • ONEP-3612 Added APIs for Email Template management: Create, Update and Delete.
  • ONEP-3626 Added an autogenerated information page listing all paths of the service
  • ONEP-3627 Improved categorization of DVV API call metrics
  • ONEP-3634 Added support for DVV information fields VAKINAINEN_KOTIMAINEN_ASUINPAIKKATUNNUS and TILAPAINEN_KOTIMAINEN_ASUINPAIKKATUNNUS. They can be found in User's LegalInfo / Residences.
  • ONEP-3637 Implemented new LinkMobility myLINK2 interface to support new APIs
  • ONEP-3640 Added user directory support for multiple namespaces
  • ONEP-3644 Introduced a new health indicator for Uptime service & scheduled task configuration.
  • ONEP-3672 Added button in Maintenance settings view to show past performed upgrade steps
  • ONEP-3678 The implementation of ID card login functionality
  • ONEP-3685 Management API supports receiving a custom X-Log-Message header, the content of which is added to Event Log entries created during the request. See Management API Docs for more details.
  • ONEP-3699 Added Webhook Management API, allowing all CRUD operations
  • ONEP-3748 Implemented LDAP enrichment for user verification in the organization card (public service card) authentication process.
  • ONEP-3752 Enhanced support for revocation checks in smart card user directories has been implemented, allowing for verification via either OCSP or CRL.
  • ONEP-3775 Implemented LDAP based user certificate synchronization to legal information
  • ONEP-3784 Added support for receiving DVV info groups "HUOLLETTAVA_SUPPEA" and "HUOLTAJA_SUPPEA"
  • ONEP-3814 Added option to skip MFA when authenticating via user directory
  • ONEP-3839 Introduced a new health indicator to monitor the failure status of scheduled tasks.
  • ONEP-3842 Added autogenerated German language translations. The language is not yet directly selectable in most language selectors, but the "de" language can be selected in User editor to preview it.

Bug fixes

  • ONEP-3608 When an User performs Suomi.fi identification, only addresses that have previously been received from Suomi.fi will be updated
  • ONEP-3621 Fixed bootstrap file usage on docker installations
  • ONEP-3623 The issue regarding API client permission problems after using a bootstrap file has been resolved. It was identified that the admin user created by the bootstrap process lacked certain permissions necessary for role creation, although it retained the GRANT_ANY_PERMISSION privilege.
  • ONEP-3631 Improve performance by optimizing session usage
  • ONEP-3633 Optimized SMS billing UI to avoid hang ups.
  • ONEP-3638 Improved memory usage and performance during certain sort queries
  • ONEP-3647 Fixed issue with webhooks caused by incorrect timeout settings
  • ONEP-3655 Fixed an issue where updating the number of users in Users view failed
  • ONEP-3665 Fixed an issue in OIDC User Directories where the stored metadata did not contain the JWK key, resulting in an internal error during login attempts.
  • ONEP-3670 The copy-to-clipboard buttons in the Accounts view table no longer slow down scrolling.
  • ONEP-3688 Fixes media type detection for File Storage operations
  • ONEP-3691 Corrected API Documentation for OIDC Client Management APIs. Token max age field schemas are now correct.
  • ONEP-3706 Resolved an issue with calling Email API endpoints when the request bodies were empty.
  • ONEP-3717 Fixed a text wrapping issue in the OpenID Connect client registration window, improving readability and user experience.
  • ONEP-3759 OpenID registration form accepts mobile number in international format when namespace does not have default number region selected
  • ONEP-3770 Fixed an issue with filtering in the Users API.
  • ONEP-3771 Fixed an issue with the OP tunnistus entity statement where the generated JSON structure contained unnecessary "value" objects, leading to incompatibilities between the JWT library and the javax.json library.
  • ONEP-3777 Improved JSON parsing exception handling for Management API requests.
  • ONEP-3781 Fixed issue that certain indexes were rebuilt every time service starts
  • ONEP-3787 Fixed an issue in DVV updates where the data sets "HUOLTAJA" and "HUOLTAJA_SUPPEA" would overwrite each other when both were present with differing "huoltaja" information in the JSON message. The same behavior was observed for "HUOLLETTAVA" and "HUOLLETTAVA_SUPPEA" data sets.
  • ONEP-3815 Added possibility to use LDAP/ADDS user directories for OpenID login.
  • ONEP-3825 Fixed an issue in Webhook editor when invalid value is provided with the new Webhooks API
  • ONEP-3836 Improved SMTP Gateway editor UI.
  • ONEP-3854 Improved behavior of the metrics endpoint when it is disabled.

Improvements

  • ONEP-2911 Added support for sending webhook style messages through Kafka network. The Kafka messages are configured through the Webhooks view.
  • ONEP-3532 The Accounts view has been updated to eliminate duplicate entries across different pages when sorting. This enhancement ensures a more accurate and streamlined user experience, aligning with the corresponding fix implemented in the REST API as noted in JIRA issue ONEP-3499.
  • ONEP-3541 Improve reporting of errors in backend
  • ONEP-3559 Implemented the feature to download SAML IdP metadata from a specified URL into the SAML editor, allowing users to seamlessly input the metadata into a text area.
  • ONEP-3561 SAML editor parses and displays relevant SAML Identity Provider (IdP) and Service Provider (SP) metadata settings. When a user inputs IdP metadata into the SAML directory, pertinent information is automatically extracted and presented similarly to certificate displays.
  • ONEP-3565 The Email API for generating a verification code now has a parameter which can be used to send the code directly to the user's email address.
  • ONEP-3585 A new "copy" button has been added to the accounts view list, allowing users to easily copy names, sign-in names, mobile numbers, and email addresses.
  • ONEP-3588 Uncaught background thread errors are reported to error tools
  • ONEP-3591 Added new permission ACCOUNT_VIEW_PROTECTED_ADDRESS which permits the holder to view User's addresses even when protection order is active.
  • ONEP-3595 Improved user search performance when using default filters and default sorting
  • ONEP-3606 This update improves the handling of authentication errors for external users linked to multiple Trivore ID accounts.
  • ONEP-3609 Improved event log generation
  • ONEP-3610 Suomi.fi user directory editor now has download buttons for easily retrieving Suomi.fi IdP metadata files.
  • ONEP-3617 Update dependencies to latest available version for 5.12.0
  • ONEP-3619 Improve performance of UserInfo API calls, and improve monitoring of performance
  • ONEP-3620 Improved Authorisation API documentation
  • ONEP-3624 A new configuration option has been added to enable or disable the downloading of MPASS authentication source data. This enhancement addresses network restrictions in certain environments that previously slowed down ID startup, allowing for improved performance and flexibility in system configuration.
  • ONEP-3625 User's membership in dynamic groups is updated during most user information updates. This may cause a performance hit.
  • ONEP-3629 Optimized database performance during webhook calls
  • ONEP-3630 Change which makes API documentation CSS ja javascript resources easier to update
  • ONEP-3641 Remove legacy SAML user directory user mapping by username
  • ONEP-3642 When user signs in through the OIDC flow, they no longer get the WebUI.SignIn.Success event log entry. Instead they get a new entry called OIDC.SignIn.Success
  • ONEP-3646 Added user directory option to disable management user-interface login
  • ONEP-3648 The logging framework has been enhanced to include OpenTelemetry trace IDs, HTTP request information, and more authentication information in log messages. They are included in the MDC object.
  • ONEP-3649 User search API now supports filtering by field names lastModified created meta.lastModified and meta.created.
  • ONEP-3653 Updated Trivore ID branding in SMS Routing settings editor
  • ONEP-3654 Fix issue with server startup which prevents startup seemingly randomly
  • ONEP-3657 Remove kannel compatibility endpoint for sending SMS messages
  • ONEP-3668 Perform both front-channel and back-channel logout if both URLs are defined
  • ONEP-3675 Improve user filtering performance by primary email or mobile via REST API
  • ONEP-3677 Improved User Editor's account validity fields. Moved some fields from Core to Extra tab. Account's valid-from date can now be modified.
  • ONEP-3681 Improved SMS originator (sender) information handling
  • ONEP-3684 Replaced Kafka cluster messaging with MongoDB based implementation, Kafka no longer needed for clustered installation
  • ONEP-3695 User information from OP user directories are stored in User LegalInfo
  • ONEP-3696 Implemented duplicate and conflict checking for electronic identity code (SATU).
  • ONEP-3714 Improved Finnish translations
  • ONEP-3737 Added IAM specific build version with an optional IAM module. The module contains custom logging generator for a proof-of-concept software solution.
  • ONEP-3753 Added a new "includeCustomFields" query parameter to the Users API "Get user information"-operation, allowing the retrieval of users' custom fields in the response.
  • ONEP-3757 Improves performance of "Export all users to Excel" action. Limits number of exported rows, shows better progress indicator, adds Cancel action for long running exports.
  • ONEP-3772 Updates the Sentry SDK
  • ONEP-3773 Added support for wildcard-symbols in namespace email domain settings.
  • ONEP-3776 Improved performance of Wallet Transaction Search APIs with index changes
  • ONEP-3780 Improved LDAP/ADDS authentication error handling and error messages
  • ONEP-3795 Optimize dynamic group membership update task for better performance
  • ONEP-3804 Added 'lastLicenseActivity' field to user which is updated when any API concerning a single user is used, for example the API to read user's information. License report calculations use this value.
  • ONEP-3805 Removed deprecated code.
  • ONEP-3809 Update UI framework library
  • ONEP-3820 Updated branding in ID's About-window.
  • ONEP-3824 Removed deprecated code (directory import status information)
  • ONEP-3848 Fixes issue with error reporting, Sentry options were not correctly configured. Additionally, errors caused by broken network connection are no longer reported to error monitoring.
  • ONEP-3866 Uses shared library for IAM Audit Log feature

Customer specific

  • ONEP-3594 Fixed an issue where navigating to the customer care context without the necessary permissions resulted in a strange error display.
  • ONEP-3551 Pass "userId" field to the Student State Integration API.
  • ONEP-3673 Improved performance of TravelAccount queries with changes to indexing

Release 5.11.0

Released 2024-11-25.

New features

  • ONEP-2421 The web dashboard now features enhanced warning notifications for critical configuration issues, addressing previous gaps in awareness. Admin users can view alerts alongside actionable recommendations. This improvement streamlines the monitoring of system health and paves the way for future developments in health management functionalities.
  • ONEP-3063 Added the ability to manually verify phone numbers and email addresses for testing purposes.
  • ONEP-3442 Added a new UI validation view for the Kafka connection status within the System Preferences / Maintenance section.
  • ONEP-3563 Added the manage "nicknamesAllowed" and "allowUserInvite" fields in the Namespace API.
  • ONEP-3576 Added support for SMS Eagle messaging gateways, enabling text messages to be routed through the SMS Eagle device. This integration facilitates the use of the SMS Eagle API as a messaging gateway, enhancing messaging capabilities without relying on cloud services.

Bug fixes

  • ONEP-3054 Webhook editor's user group selection field now better supports large numbers of groups. Users can now successfully select user accounts from an extensive list of groups without encountering errors.
  • ONEP-3325 Improved stability of user search when searching by consent information.
  • ONEP-3526 The issue regarding role namespace access in the ID UI has been resolved. Previously, if a namespace that a role had access to was deleted, it caused the namespace access management feature in the UI to break.
  • ONEP-3527 Fixed an issue with password expiration handling for users logging in via an external directory. Previously, users were prompted to change their password immediately after login, even if they did not know their initial password, leading to login failures.
  • ONEP-3543 Resolved an issue where editing the New namespace default settings resulted in an error.
  • ONEP-3556 Addressed the omission of the apartment letter in the streetAddressDisplay field in certain cases.
  • ONEP-3583 Removed a detected security issue where it was possible for an user to view a list of all other users in their namespace, even without the required permission.
  • ONEP-3603 Fixed an issue where saving a DVV connection profile's log keys would inadvertently erase all log keys associated with that profile.
  • ONEP-3607 Fixed an issue that prevented logging of object creator in certain cases.

Improvements

  • ONEP-2884 Added the ability to enable and disable OIDC clients, allowing for similar functionality to the management APIs. Users can now easily manage the availability of OIDC clients within the system.
  • ONEP-3521 Added validation to ensure that the SAML request ID matches the InResponseTo parameter of the original request. This enhancement helps prevent replay attacks, providing an additional layer of security for SAML transactions.
  • ONEP-3535 Added the capability to create custom OIDC Claims based on User's Custom Fields.
  • ONEP-3555 Contact addresses are now shown even when Protection Order is active.
  • ONEP-3564 Implemented a optional feature to the MFA authentication process, allowing users to receive email or SMS codes automatically without needing to click a confirmation button when only one MFA method is available.
  • ONEP-3573 The /dvv/lookup/identity REST API has been updated to include the person's home address in the response.
  • ONEP-3584 Update OpenSAML libraries to latest available version
  • ONEP-3587 Implemented a REST API for performing mass updates of DVV basic information across all users in a namespace, or for members of a specific DVV group.

Customer specific

  • ONEP-3411 Customer specific user-interface feature for blocking subscriptions
  • ONEP-3463 Customer specific REST endpoint for creating new users
  • ONEP-3508 Customer Specific / Added metrics for OPH Koski lookups, handling error reporting differently

Release 5.10.0

Released 2024-10-28.

New features

  • ONEP-2887 ID service setup / initialisation has customisation options + dialog
  • ONEP-3294 Metrics collected on webhook activities
  • ONEP-3460 Add support for LinkMobility SMS gateway
  • ONEP-3533 ID service bootstrap based on bootstrap config file

Bug fixes

  • ONEP-3481 Roles view list shows deprecated permissions for roles
  • ONEP-3511 Access tokens failed to deactivate under certain conditions during Logout
  • ONEP-3540 Scheduled tasks "Delete inactive users" doesn't delete all inactive users

Improvements

  • ONEP-3454 Properly handle duplicate key exception when creating new user directory link via REST API
  • ONEP-3488 User creation (POST) and update (PUT) APIs return a list of validation errors if multiple validation issues arise during operation
  • ONEP-3522 Update dependencies for 5.x
  • ONEP-3534 Improve user searchText filtering for multipart firstname or lastname
  • ONEP-3568 Update Jersey dependencies

Customer specific

Release 5.9.0

Released 2024-09-30.

New features

  • ONEP-3324 Add a tool to find if Custom Role is assigned directly to Users
  • ONEP-3509 Implement OP-tunnistuspalvelu test environment
  • ONEP-3510 Add Users API support for filtering by 'locked' status
  • ONEP-3517 Implement endpoint for signed JWKS keys
  • ONEP-3518 Implement Entity Statement for OP tunnistuspalvelu
  • ONEP-3519 Implement automatic rotation for OpenID signing and encryption keys

Bug fixes

  • ONEP-3258 Handle error logging for certain network issues better
  • ONEP-3437 Password change API interface does not work as expected when using access token and returns excess information without requiring the current password for the call
  • ONEP-3438 Improve password change API interface responses when current password is missing or invalid
  • ONEP-3468 Fixed cache load exception in maintenance settings view
  • ONEP-3469 Fixed issue which happens after login in some cases
  • ONEP-3483 Management API client view list status needs new filtering and statuses
  • ONEP-3486 Include 'minor' field when migrating user between namespaces
  • ONEP-3499 User search with pagination returns duplicates on different pages when sorting by a field with common values
  • ONEP-3542 Fixed metadata fetching for Azure AD user directories

Improvements

  • ONEP-3421 Webhook from "failed" strong identification
  • ONEP-3443 Support DVV information types KotimainenYhteysosoite and UlkomainenYhteysosoite
  • ONEP-3461 Sentry maintenance UI: Improve Sample rate value readability
  • ONEP-3471 DVV Connection Profile Editor: Remove HTTP Header compatibility requirement from Username and Password fields
  • ONEP-3480 Use more secure LoginToken 'token' value
  • ONEP-3482 New Management API client does not have access-to-namespace field filled automatically
  • ONEP-3491 UI: Add a confirmation dialog to Locking and Unlocking account actions
  • ONEP-3494 Auto-filled registration form fields read-only is configurable
  • ONEP-3497 Disable cache for SAML SP metadata download
  • ONEP-3500 Adjust resolution of internal uptime determination to reduce overhead
  • ONEP-3501 Document userId field in user directory link REST endpoint
  • ONEP-3506 Add filtering by Account Type to the Accounts view

Customer specific

  • ONEP-3479 New fields to identifier history objects

Release 5.8.0

Released 2024-09-09.

New features

  • ONEP-3329 Import/Export feature to System local translations
  • ONEP-3446 Support for dynamically linking accounts with user directory
  • ONEP-3462 Support for manually linking single account with user directory from UI

Bug fixes

  • ONEP-3449 UserDirectoryResource encrypts link ID when required
  • ONEP-3484 Fixed user filtering by mobile number via REST
  • ONEP-3487 SMS routes use route specified sender address instead of cached one
  • ONEP-3489 External login does not update username if it already matches policy

Improvements

  • ONEP-3330 Log user logout action
  • ONEP-3451 Strong identification on external login registration
  • ONEP-3453 Search user directory links by encrypted authId
  • ONEP-3502 Handle password reset for users imported from external user directory

Release 5.7.0

Released 2024-08-19.

New features

  • ONEP-3413 Option to schedule activation and deactivation for Management API clients

Bug fixes

  • ONEP-3315 DVV Connections profile "event history" EventAux shows password in plain text
  • ONEP-3409 Duplicate SSN check not done when using REST for adding SSN to account
  • ONEP-3416 Fix typo in "welcome new user" email: "passwordUri"
  • ONEP-3440 SMS sender ID not correctly visible in user interface
  • ONEP-3441 User EnterpriseInfo: Fails to produce diff when editing user, breaks webhook changed property listing
  • ONEP-3444 Removing OIDC client's token fails if it is never-ending
  • ONEP-3447 Fixed external login registration form auto-fill
  • ONEP-3452 Fix UserDirectory swagger @Schema for namespace field
  • ONEP-3455 Fix Kafka record deserialization problem
  • ONEP-3478 Running some Unit Tests locally fails at ClusterScheduledTaskManager

Improvements

  • ONEP-3317 Namespace REST-rajapintaan lisäyksiä
  • ONEP-3319 Password/secret-field editing in UI to require extra step
  • ONEP-3420 Improve logging of "failed" strong authentication (Personal ID already in use)
  • ONEP-3439 Add possibility not to collect birthdates when asking adult-or-minor status
  • ONEP-3457 SAML signature and encryption requirements are configurable
  • ONEP-3470 Update Vaadin libraries

Release 5.4.0

Released 2024-03-15.

Improvements

  • ONEP-3320 Allow more flexibility with Event Log retaining policy time limits
  • ONEP-3323 Support new SSN separators in REST and UI search

Release 5.3.0

Released 2024-02-23.

New features

  • ONEP-3289 Show MongoDB version, other useful info in Maintenance view

Bug fixes

  • ONEP-3306 Fixed maintenance view system logs for docker installations

Improvements

  • ONEP-3316 Add "Copy User ID to Clipboard" button to Accounts view

Customer specific

Release 5.2.0

Released 2024-01-29.

New features

  • ONEP-3214 Collect address parts separately for DVV sourced addresses
  • ONEP-3230 Ability to restrict signing in through OIDC client only to external directories
  • ONEP-3270 Added REST API endpoint for sending password change request email
  • ONEP-3276 Show ASN/country info where IP addresses are listed (such as SMS log) + add ip address to sms export

Bug fixes

  • ONEP-3275 Used filters remain visible in accounts view on top bar after clearing filters
  • ONEP-3278 Manual personal id entry window does not detect new Finnish id codes correctly
  • ONEP-3281 Copying SMS routing plan does not work
  • ONEP-3290 Fixed error handler servlet usage

Improvements

  • ONEP-3231 View account MFA settings through UI
  • ONEP-3249 Improve Custom field change logging

Customer specific

Release 5.1.0

Released 2023-12-29.

New features

  • ONEP-3221 OIDC Clients: Add option to always include claims in ID Token

Bug fixes

  • ONEP-3153 Add performance monitoring to background operations
  • ONEP-3241 Domicile visible in UI when protection order active.

Improvements

  • ONEP-3188 REST API: Searching with 'co', 'sw', 'ew' filters is now case insensitive
  • ONEP-3236 Improve performance of JWT signing process
  • ONEP-3237 Move all API docs under /apidoc path, remove ReDoc
  • ONEP-3250 DVV/MUTP: Remove "Product code" field from connection profiles

Customer specific

Release 5.0.0

Released 2023-12-04.

This version uses Spring Boot 2.7 and Trivore Jetty is no longer used. RPM packaging is not supported anymore, only docker installation is supported.

Improvements

ONEP-3146 Spring boot: maven pom.xml changes

ONEP-3174 Remove and replace Spring context.xml files

ONEP-3175 Remove and replace web.xml and oneportal-context.xml

ONEP-3182 Create runnable spring boot jar file

ONEP-3186 Improve jetty access log

ONEP-3190 Removed all rpm packaging related code