Identity Cloud

Changelog archive

2022

15 Sep 2022

Platform release (hotfix)

Resolved issues
Issue ID Summary

FRAAS-11861

Allow maximum content length property for SAML 2 entities to be increased

12 Sep 2022

Platform release (hotfix)

Resolved issues
Issue ID Summary

FRAAS-11836

Add filtering to dedupe HELP and TYPE text in Prometheus monitoring endpoint

FRAAS-11963

Add TTL to AM HTTP connections

01 Sep 2022

Platform release: 2022.6.7 (hotfix)

Resolved issues
Issue ID Summary

OPENAM-19557

Correctly handle username in shared state for Identity Store Decision nodes

24 Aug 2022

Platform release: 2022.6.6 (hotfix)

Resolved issues

Issue ID Summary

OPENAM-19427

Display security questions in the correct default language

OPENIDM-17644

Release scheduled tasks after all failures so they are rerun

OPENIDM-17858

Process job completion instructions when a trigger is not found

OPENIDM-18123

Correctly load scripts that use ISO 8859-1 encoding

18 Aug 2022

UI release (hotfix)

Resolved issues

Issue ID Summary

IAM-2282

Do not ignore the noSession=true parameter in journeys that do not have Email Suspend nodes

IAM-2412

Left-align long security questions

IAM-2473

Control redirection precedence with AlignGoToPrecedence environment variable

OPENAM-19631

Prevent end users from defining their own security questions in the KBA Definition node (UI fix)

05 Aug 2022

Platform release: 2022.6.4 (hotfix)

Resolved issues
Issue ID Summary

OPENAM-19631

Prevent end users from defining their own security questions in the KBA Definition node

28 Jul 2022

UI release (hotfix)

Resolved issues
Issue ID Summary

IAM-2051

Turn off autocomplete for select and multi-select field components

IAM-2091

Fix unstyled content flashing

IAM-2232

Fix Platform Password node validation when allowlisting is enabled for trees

IAM-2348

Localize label text used for confirming passwords

IAM-2452

Fix issue with login callback components mounting twice

12 Jul 2022

Platform release: 2022.6.3 (hotfix)

Resolved issues
Issue ID Summary

OPENAM-19623

OAuth 2.0 client not using overridden OIDC claims script

07 Jul 2022

Platform release: 2022.6.2 (hotfix)

Resolved issues
Issue ID Summary

OPENAM-19011

QR code message in MFA Authentication nodes should be customizable

06 Jul 2022

Platform release: 2022.6.1 (hotfix)

Resolved issues
Issue ID Summary

OPENAM-19479

Delegation privileges can become stale

OPENIDM-17783

Cull reconById state if recon association amendment is not specified

OPENIDM-17498

LiveSync stops working with RCS after sync failures

21 Jun 2022

Platform release: 2022.6

Key features
Workday built-in connector

You can now use the Workday built-in connector to synchronize Identity Cloud easily with a datastore in the Workday cloud service.

Resolved issues
Issue ID Summary

AME-22011

Allow OAuth 2.0 clients to override plugin configuration

OPENAM-13557

Add support for JWT Secured Authorization Response Mode for OAuth 2.0 (JARM)

OPENAM-18223

Return 400 Bad Request error code if the id_token_hint is invalid

OPENAM-18252

Allow nodes to update the universal ID for use cases like impersonation and peer authentication

OPENAM-19028

Support social identity providers that provide IDs that are not returned as strings

OPENAM-19119

Provide localization for the URL links on the GetAuthenticatorApp node

OPENIDM-17659

Add the Workday connector as a built-in Identity Cloud connector

15 Jun 2022

Key features

Remove log sources for internal services

The following log sources are no longer available in the /monitoring/logs REST API endpoint:

  • ctsstore

  • ctsstore-access

  • userstore

  • userstore-access

These sources are for internal services that are managed by ForgeRock, so have been removed to simplify the API.

Resolved issues

Issue ID Summary

FRAAS-8384

Remove log sources for internal services

09 Jun 2022

Key features

Import and export journeys

You can now import and export journeys from the Identity Cloud admin UI, making it easier to back up and restore journeys in your environment. You can also import and export associated assets, such as themes and scripts, along with journeys.

Email template editor enhancements

The email template editor now takes better advantage of available space on the the screen. A new preview panel shows you what your template looks like without the need to scroll. A new option in the editor lets you use HTML with CSS, giving you more control over the look and feel of your email templates.

Journey configuration enhancements

You can now take advantage of the following enhancements when you configure journeys:

  • Configure a Choice Collector node to let end users select from a set of radio buttons or a drop-down field.

  • Add a password confirmation field to a Platform Password node by simply selecting a checkbox.

  • Configure a Message node to have a single button instead of two buttons, so that end users can simply acknowledge messages.

  • Customize text in the Next button text on a Page node.

Resolved issues

Issue ID Summary

ANALYTICS-8

Clarify the tool tip shown with the user engagement graph

IAM-1649

Enhance email template editor

IAM-1167

Add UI for importing and exporting journeys, nodes, and scripts

IAM-1981

Increase use of landmarks across all journeys to improve accessibility

IAM-1997

Make full recovery question visible on password reset page

IAM-2144

Allow confirmation callbacks to have a single outcome and message nodes to show a single button

IAM-2145

Let choice collector nodes show choices as radio buttons

IAM-2146

Add option to require password confirmation

IAM-2147

Make text displayed in the Next button configurable

IAM-2151

Remove text that inadvertently appears in the theme editor

08 Jun 2022

Resolved issues

Hotfix release:

Issue ID Summary

OPENAM-19265

Passthrough Authentication Node throws an exception instead of taking the "Failed" exit

20 May 2022

Resolved issues

Issue ID Summary

IAM-2059

Add UI support for Autonomous Access

IAM-1343

Add duplicate option to email templates list

IAM-1899

Convert page node from string to object to support additional feature specifications

IAM-1962

Double password reveal icon in Edge browser in non-login pages

IAM-1972

Changing tenant administrator status resets list sort

IAM-1980

Add font weight slider to themes

IAM-2004

Realms not deleting

IAM-2010

Platform Admin UI rendering with horizontal scroll

IAM-2050

Ensure date inputs include Zulu timezone

IAM-2065

Wrong months order in calendar history of analytics UI date picker

IAM-2075

Make spinner component color inherit from theme primary color

IAM-2085

Allow users to be created without a password in Platform Admin UI

11 May 2022

Key features

ForgeRock® Autonomous Access (add-on capability)

Autonomous Access is a new add-on capability that provides your Identity Cloud tenant with significant threat protection capabilities. Autonomous Access helps to prevent account takeover and fraud at the identity perimeter. It leverages artificial intelligence and machine learning techniques to analyze threat signals and anomalous behavior patterns. It speeds and simplifies access decisions, enabling your organization to block threats and deliver personalized journeys that enhance the digital experience of legitimate users.

ForgeRock Autonomous Access includes:

  • ForgeRock Autonomous Access journey nodes:

    • The Autonomous Access Prediction node produces a risk score based on anomalous user behavior, credential stuffing, suspicious IP’s, automated user agents (bots), impossible travelers, and brute force attacks.

    • The Autonomous Access Decision node lets you control users' journeys based on their risk scores.

    • The Autonomous Access Results node, when added to your journeys, provides data that lets Autonomous Access populate the activity dashboard, learn, and make its AI models more accurate.

  • The activity dashboard, which shows you risky access activity. It lets you drill down to investigate risky activity across time, risk reason, and risk score.

For more information, see About Autonomous Access.

Interested in adding Autonomous Access to your Identity Cloud subscription? Contact your ForgeRock account executive.

Resolved issues

Issue ID Summary

FRAAS-10341

Deploy Autonomous Access in ForgeRock Identity Cloud

10 May 2022

Resolved issues

Issue ID Summary

AME-21573

Add set custom cookie node

AME-22248

Provide option to mandate that clients must use pushed authorization requests

OPENAM-17698

Let users request specific claims from a social identity provider as part of an OIDC request

OPENAM-18533

Distinguish between standard OIDC and JAR OIDC request parameters

OPENAM-19089

Return to user’s UI after completion of a login journey with SAML federation

OPENDJ-8503

Populate the total paged results counter for query responses with an estimate when possible

02 May 2022

Key features

New identity store decision node

The new Identity Store Decision node lets you make authentication decisions based on user information in Identity Cloud. You can configure identity store decision nodes to control authentication flow based on any of the following conditions:

  • A username and password exists in Identity Cloud.

  • The profile associated with a user is locked.

  • A user’s password has expired.

  • A user needed to change their password on first login, but canceled the password change form.

Resolved issues

Issue ID Summary

OPENAM-17211

Add identity store decision node

19 Apr 2022

Resolved issues

Hotfix release:

Issue ID Summary

DATASCI-1020

Correct the times at the bottom of the analytics dashboard charts after clicking Today

DATASCI-1040

Filter journeys correctly in the analytics dashboard

DATASCI-1041

Display months before January 2022 correctly in the analytics dashboard filter

FRAAS-10342

Remove inadvertent popups after administrator signouts

IAM-2031

Fix Platform UI errors during navigation within the UI and resizing the UI window

11 Apr 2022

Key features

Dynamic configuration in journey nodes

Many nodes have static configuration, which forces you to have a new node for each use case. With dynamic configuration, you can now pass dynamic information to any static node during a journey’s execution.

Better control over device codes used in the OAuth 2.0 device flow

You can now specify the length of generated user codes, and the set of characters that’s used to generate the user codes.

Resolved issues

Issue ID Summary

AME-22015

Dynamically resolve configuration in node tree execution

AME-22247

Make request URI single time use for pushed authorization requests

OPENAM-17756

Provide better control over the list of characters used in device codes

OPENIDM-16774

Provide full details of schedules in the IDM admin UI

OPENIDM-17029

Allow IDM string properties to have formats, such as date and time

OPENIDM-17065

Return idm_sync_queue_failed error in Prometheus when an implicit sync fails

OPENIDM-17116

Don’t force persistAssociations=true in a URL that starts a reconciliation operation

OPENIDM-17204

Improve IDM REST API query performance

OPENIDM-17410

Allow time and datetime policies to specify +-00:00 locale

OPENIDM-17420

Allow any number of digits of precision for fractions of seconds when specifying time policy

SDKS-1329

Make push notification compatible with iOS 15 focus mode

31 Mar 2022

Key features

Identity Cloud analytics dashboard

The Identity Cloud analytics dashboard will be the new landing page for tenant administrators. The dashboard gives tenant administrators a snapshot of ForgeRock service usage, including views of the latest metrics and trends for:

  • User engagements

  • New users

  • Total users

  • Applications

  • Organizations

  • Successful and failed journey outcomes

Resolved issues

Issue ID Summary

FRAAS-10064

Add analytics dashboard to Identity Cloud admin UI

FRAAS-1446

Provide regional disaster recovery from Sydney to Melbourne

25 Mar 2022

Hotfix release:

Issue ID Summary

IAM-1902

Extend the Login UI to set transaction IDs for authentication sessions

IAM-2005

Display debug pop-up windows correctly after trees with debug mode enabled fail and are auto-restarted

24 Mar 2022

Resolved issues

Issue ID Summary

FRAAS-9031

Allow valid characters in "From Name" during Platform UI validation

IAM-1482

Display Internal Role permission dialog correctly

IAM-1594

Eliminate doubled password reveal icon in Microsoft Edge

IAM-1834

Support new Config Provider script type, Config Provider Node, in journey editor

IAM-1942

Don’t throw console error reading filter

IAM-1945

Support undo in email template markdown and style editor

IAM-1955

Enable saving changes to existing email templates

IAM-1958

Improve page load time when there are multiple journeys in one category

IAM-1964

Correct Highlander theme enduser footer

IAM-1973

Clear journey tags when user closes modal window

IAM-1977

Don’t overlay User Name and Password fields in the Login UI when highlighting saved login details

15 Mar 2022

Key features

Extend the user identity schema

You can now extend the user identity schema by adding your own custom attributes. This lets you store more useful information about each user such as the user’s department, cost centers, application preferences, device lists, and so on.

Resolved issues

Issue ID Summary

FRAAS-8630

Implement hybrid user schema in Identity Cloud

11 Mar 2022

Key features

Set categories for end-user journeys

You can now set up categories for your end-user journeys in the UI. This helps you manage your trees by grouping them in the list view. For example, you may want to group all your registration journeys together so that you can find them in the list more easily.

Ability to debug end-user journeys

You now have the ability to debug end-user journeys in your development environment, as you create them. By setting a journey to debug mode, you can view information stored in shared, transient, and secure state, as you navigate the journey. This lets you confirm that information is being passed correctly from node to node in the journey.

Resolved issues

Issue ID Summary

FRAAS-8289

Add ability to set categories for a journey

FRAAS-9382

Trailing space after the T&C link on the self registration journey

IAM-1711

Invited tenant administrators have doubled usernames

IAM-1536

Add debug controls to journey editor

IAM-1896

Creating consecutive applications with a different type shows the wrong logo and headline

IAM-1903

Unable to localize the display of 2FA and push authentication device names

OPENIDM-17479

Recognize IDM static role naming convention when assigning UI roles

11 Mar 2022

Resolved issues

Hotfix release:

Issue ID Summary

IAM-1877

Long security questions are truncated in UI drop-down lists

02 Mar 2022

Key features

Scripted Plugin for SAML 2.0 IdP adapter

The new scripted SAML 2.0 IdP adapter lets you introduce your own business logic during a SAML 2.0 authentication flow. You can use it to look up session, policy, or identity related information, and make routing decisions before sending the SAML 2 assertion to the service provider. Refer to Customize SAML 2.0.

Support for OAuth 2.0 Pushed Authorization Requests (PAR)

The OAuth 2.0 Pushed Authorization Request (PAR) is an RFC specification that allows a secure way of initiating an OAuth or OIDC authorization flow. PAR enables you to move the authorization request data from the URL query string to the request object. This protects the authorization request from any potential tampering. Confidential clients are also authenticated when registering the PAR and this enables the platform to refuse any unauthorized or malformed requests early in the process, reducing the load from any malicious attacks. Refer to Authorization code grant with PAR.

Resolved issues

Issue ID Summary

AME-21830

Remove feature flag for PAR endpoint

AME-21943

Add OAuth2 Provider config options for plugin types

AME-21947

OAuth2 scripted plugin selection improvements

AME-22060

OAuth2 authorize endpoint throws NPE for a query parameter without a value

AME-22066

Scripted plugin for SAML 2.0 IDP adapter

OPENAM-17590

OIDC login hint cookie using deprecated Set-Cookie2 header

OPENAM-18185

Add support for PKCE to OAuth2 device code grant

OPENAM-18264

Update Apple profile normalization script template for sign-in with Apple

OPENAM-18459

IdTokenInfo endpoint fails when using client ID in POST

OPENAM-18527

Add ability to track suspended authentication session

OPENAM-18918

Unable to add scopes in the modification script when using OAuth2 with Grant Set storage scheme

OPENIDM-16833

Implement conditionally assigned relationships dependent on RDVPs

OPENIDM-17002

Can’t tune hash settings from openidm.hash script invocations

OPENIDM-17007

Security questions with multiple answers can only be created in Latin charset

OPENIDM-17051

Implement a mechanism to derive grantor RDVP dependencies

23 Feb 2022

Key features

Custom endpoints UI

A single UI now lets you create custom endpoints, edit their scripts within a syntax highlighting editor, and then run and test them directly. You can consume custom endpoints within Identity Cloud, or integrate them into your external UIs or system applications.

Resolved issues

Issue ID Summary

IAM-1428

Add support for custom endpoint scripts to the Platform Admin UI.

17 Feb 2022

Resolved issues

Hotfix release:

Issue ID Summary

FRAAS-9525

Increase maximum header size to support JWT encryption

10 Feb 2022

Resolved issues

Hotfix release:

Issue ID Summary

IAM-1818

End User UI for delegated admin cannot be fully translated

IAM-1873

Add support to Login UI for WebView browser

Hotfix release:

Issue ID Summary

OPENAM-18952

Security questions are not always falling back to the default locale

OPENIDM-17367

Target phase is running for reconciliation to a specific ID when using clustered reconciliation

08 Feb 2022

  • Added dashboard counts to let you quickly view the number of users, applications, and organizations in each realm.

  • Added UI improvements to date and time input fields.

  • Added language localization for headers and footers in hosted pages.

Issue ID Summary

IAM-1513

Allow customers to localize header and footer in Hosted Pages

IAM-1596

Implement simple dashboard counts

IAM-1597

Add tenant region information to tenant settings page

IAM-1716

Tenant administrator account details not loaded correctly after refresh

IAM-1725

Add date-time chooser to date-time fields

IAM-1726

Add time chooser to time fields

IAM-1808

Preview URL should be scrollable inside preview input

IAM-1844

PollingWaitCallback not always returning a callback

IAM-1848

Journeys with large themes cause a refresh loop

07 Feb 2022

Hotfix release:

Issue ID Summary

OPENAM-18341

Importing entity IDs from an external SP can cause invalid request URIs

OPENAM-18661

Two or more OAuth2 clients with duplicate origins causes CORS filter to be aborted

OPENAM-18764

API incompatibility in systemEnv.getProperty

OPENAM-18887

Security questions password reset causes login failure

OPENAM-18915

Unable to add scopes in the modification script when using OAuth2 with Grant Set storage scheme

04 Feb 2022

Hotfix release:

Issue ID Summary

FRAAS-9295

Prevent initial loading of identities in UI when a minimum search string length is configured

03 Feb 2022

Hotfix release:

Issue ID Summary

FRAAS-9045

Add account lockout for tenant administrators

25 Jan 2022

  • Updated the staging environment information on the tenant status page. Individual service statuses are now combined into a single status.

21 Jan 2022

Issue ID Summary

IAM-1687

Use the first populated locale when duplicating Terms and Conditions

IAM-1723

Add datepicker to date fields

IAM-1724

Add duration chooser to duration fields

IAM-1747

Optional node attributes default to empty strings in request JSON when saving journey

IAM-1757

Adding security question translation causes KbaCreateNode to loop

IAM-1762

Show all available page numbers in pagination for application and script list views

IAM-1764

Default starter theme UI in security question picker is too dark

IAM-1769

Policy list has console scrollIntoView error

IAM-1774

Add translated values to alt text entries and aria-label entries

IAM-1788

Incorrect URL is copied for journeys after search filtering

IAM-1792

Goto param in start over link is not URL encoded

IAM-1813

Journey list page flashes empty state instead of loading state

IAM-1825

Show user avatar and name for user identities

19 Jan 2022

Issue ID Summary

AME-22153

Default client-side authentication script is incorrect

OPENAM-18241

Permit OAuth2 Modification Script to return scopes as space-delimited string

2021

22 Dec 2021

Issue ID Summary

IAM-1757

Adding security question translation causes KbaCreateNode to loop

IAM-1792

Goto param in start over link is not URL encoded

17 Dec 2021

Issue ID Summary

FRAAS-4765

Tenant administrators should not have the option in the UI to delete or disable themselves

FRAAS-8290

Tenant administrator list needs to show if MFA is activated

FRAAS-8437

Admin UI encoding IDM system property specifiers in email templates

FRAAS-8584

Cannot apply dark theme on security question picker

FRAAS-8754

Display preview URL in the journey editor

IAM-1592

User is redirected to error page after trying to invite already invited admin

IAM-1621

Add security questions configuration to Admin UI

IAM-1685

WCAG 2.2 UI Compliance

IAM-1690

Remove ghost in Not Found page

IAM-1697

Theme transition flickering between journeys

IAM-1699

End user profile picture is not shown in top navigation bar

IAM-1716

Tenant administrator account details not loaded correctly after refresh

IAM-1739

Allow subsequent login attempts to enable next button

IAM-1740

Default provider setup should keep 'Use my own provider' toggled off

IAM-1753

Allow login theme to be set properly for URLs with both query parameters and route parameters

IAM-1765

Paging error on tenant administrator list

OPENAM-18511

Missing navigation options when an expired link from "Email Suspend" node is used

15 Dec 2021

Issue ID Summary

AME-21617

Create Scripted implementation for SAML 2.0 IDP Attribute Mapper

AME-21303

Create Scripted implementation of ScopeValidator#additionalDataToReturnFromEndpoint methods

AME-21265

Scope Implementation Class per Client not just per Provider

AME-21262

OAuth2 Scripts per Client not just per Provider

OPENAM-18167

OIDC requests with request parameter fail with 500 error when there is no session using POST

OPENAM-18154

Wrong AMR returned with prompt=login and force authn setting enabled

OPENAM-18121

Slow loading in Authentication Tree

OPENAM-18120

Audit logging service does not correctly reflect the "prompt" URL parameter

OPENAM-18119

Audit log no longer shows the userID of session being invalidated by amadmin

OPENAM-18043

Device Match module not setting correct AuthLevel

OPENAM-17979

Backchannel authentication - auth_req_id can be used to obtain multiple access tokens

OPENAM-17968

Scripting engine breaks when you create script with empty name

OPENAM-17923

Retry Limit Decision Should Not Have User Involvement when Save Retry Limit to User is Disabled

OPENAM-17783

Language tag limited to 5 characters instead of 8

OPENAM-17826

Introspect endpoint returns a static value for "expires_in" when using client based tokens

OPENAM-17610

OTP Email Sender node does not allow to specify connect timeout and IO/read timeout for underlying transport.

OPENAM-17458

Enable access to hasResumedFromSuspend within a script

OPENAM-16560

OAuth2 scope validation using policy engine should be configurable per OAuth2 client

OPENAM-16149

Allow JWT bearer client authn unreasonable lifetime limit to be configurable

OPENAM-15877

Support for Google reCAPTCHA v3

OPENAM-15340

OAuth2 RT - Ability to obtain original custom claim when regenerate the token

OPENIDM-16677

Cannot retrieve entries from /recon endpoint when using DS as a repo if reconprogressstate size exceeds index limits

10 Dec 2021

22 Nov 2021

Issue ID Summary

FRAAS-4276

Social Provider Handler node should default to "Normalized Profile to Managed User" transformation script

FRAAS-6275

During registration the "Next" button should be greyed out until all mandatory fields are completed

FRAAS-7827

Hyperlinks cannot link to header elements in T&Cs

FRAAS-8288

Add ability to search for a journey by name

FRAAS-8317

Hard browser cache reset required when switching default theme in realm

FRAAS-8367

Platform UI doesn’t allow "from name" to be configured in email templates

FRAAS-8613

Social IDP CSS is overridden by themes

FRAAS-8683

Stage field not showing on page nodes when value set to "themeId=name" prior to the new theme selector UI enhancement

IAM-1548

Enduser UI not hiding side menu and nav bar

IAM-1644

Create multiple locales at same time when adding a new T&C

IAM-1650

Update Gateway and Agents page when in no data state

IAM-1652

Use journey name to set page title in Login UI

IAM-1689

Text from push authentication node cannot be overriden via config translation override

IAM-1695

Clicking column header with no sorting enabled throws error

IAM-1713

Hosted Pages tenant settings view has incorrect description

OPENAM-18511

Missing navigation options when an expired link from "Email Suspend" node is used

11 Nov 2021

Issue ID Summary

AME-21261

Allow configuring "Issue Refresh Token" at OAuth client level

AME-21263

Overridable Id_Token claims per client not just per provider

IAM-1074

Provide Javascript defaults for AM scripts in Identity Cloud

OPENAM-12995

Allow configuration of 'Custom Login URL Template' at client level

OPENAM-14159

OAuth2 token storage to be configured per client

OPENAM-15381

Allow configuring "Issue Refresh Tokens on Refreshing Access Tokens" per client

OPENAM-16418

Client auth using private_key_jwt fails with 500 if claim format is wrong

OPENAM-17185

Need ability to configure Remote Consent Service at the client level

OPENAM-17262

Subname claim inconsistences

OPENAM-17548

Can’t go back to login page after invoking Social Authentication Nodes

OPENAM-17663

Improve the error response code for "Failed to revoke access token"

OPENAM-17669

Ability to encrypt or sign access tokens based on client IDs

OPENAM-17773

The acr_values parameter is mandatory on CIBA bc-authorize endpoint

OPENAM-17782

Policy evaluation fails with 400 error when user does not exist

OPENAM-17784

Session timeouts (maximum session time, maximum idle timeout) set incorrectly if username is dynamically created in a tree.

OPENAM-17801

OIDC userinfo subname claim returns incorrect value

OPENAM-17813

Allow /userinfo endpoint to include 'aud' claim in response

OPENAM-17814

Auth Tree step-up fails if username case does not match

OPENAM-17863

Authorization code is not issued when nonce is not supplied when using OpenID Hybrid profile

OPENAM-17912

Account lockout count is not reset correctly

04 Nov 2021

Issue ID Summary

FRAAS-8502

Unable to set default theme to a theme not on the first page of themes in Hosted Pages

IAM-673

Identity tabs in Platform UI not correctly positioned on small screens

IAM-1495

Platform admin theme editor has confusing modal behaviour

IAM-1499

Add theming to Platform UI to control color of login card: background, input, text...

IAM-1501

Add ability to configure theme on a page node in journey editor

IAM-1517

Terms and Conditions published version should just display rendered text

IAM-1529

Links from non authorized page do not redirect user

29 Oct 2021

Issue ID Summary

FRAAS-8497

Alt text is being stripped from Hosted Pages custom header

21 Oct 2021

Issue ID Summary

FRAAS-7669

Page unresponsive message shown in End User UI when an organisation admin selects the password reset button for an organisation user

FRAAS-7960

Terms and Conditions UI does not list the locales already created

FRAAS-8048

Applications created without status don’t show default active status

FRAAS-8050

Allow Platform Admin UI to display all application types

FRAAS-8089

Theme layout overlays login box in theme designer

FRAAS-8138

Discovery URI missing from OAuth client

IAM-1117

Display data from linked systems when editing a user in Platform Admin UI

IAM-1204

Journey editor lines too light

IAM-1495

Platform admin theme editor has confusing modal behaviour

IAM-1498

Add font family dropdown to theme editor

IAM-1525

Application URL text is curtailed

12 Oct 2021

Issue ID Summary

IAM-1435

Add ability to create Java/Web Agents in Platform Admin UI

IAM-1613

Allow configuration and display of password policy where at least 1–4 of 4 character sets are required

06 Oct 2021

Issue ID Summary

AME-21058

Roll the config option for signing Request Object and Private Key JWT into one

AME-21411

Create an IDM passthrough authentication node

OPENAM-17405

Token introspection response not spec compliant

OPENAM-17515

Sub attribute in access token can be in wrong casing

OPENAM-17591

Session quota destroy next expiring action can fail when two new sessions attempt to read and update the same expiring session

OPENAM-17595

Calling endSession endpoint should fail gracefully instead of Unknown JWT error

OPENAM-17666

Update Scripted Decision Node bindings to deprecate "sharedState" and "transientState" and add new "state"

OPENAM-17683

Selfservice user registration auto login fails for a sub-realm

OPENAM-17828

Apostrophe in username breaks Push/OATH device registration

OPENAM-18233

Social Provider Configuration for Google (Native iOS) does not work without a client secret

OPENDJ-8178

Change of data format in date fields: trailing zeros on milliseconds are now truncated

OPENIDM-15951

Support additional mime types for CSV bulk import

OPENIDM-16081

Prevent users saving managed objects with invalid names

OPENIDM-16089

Enhance error message for failed config property substitution in email templates

OPENIDM-16473

Task scanner job fails on null top level objects

29 Sep 2021

Issue ID Summary

FRAAS-8110

Spinning wheel displayed when using an expired link from email suspend node

FRAAS-8133

Login UI flashes with ForgeRock logo before loading the End User UI

IAM-1398

Accessing platform UI with old token redirects user

22 Sep 2021

Issue ID Summary

FRAAS-5860

Table markup issue in email templates

IAM-1409

Password Policy on Self-Service Registration page does not reset when blanking entered text

IAM-1544

Platform UI allows creating scripts without any name

IAM-1558

Assignment console errors caused by deleted managed object mapping

IAM-1576

Cannot delete email template from preview page

IAM-1577

Styles not being shown on edit email template page

15 Sep 2021

Issue ID Summary

IAM-1150

Remove data table component in favor of adding cell specific components

IAM-1547

End-User Password Update changes session cookie and breaks logout

IAM-1559

Admin and Enduser UIs not loading in IE11

IAM-1562

Sanitize postLogoutUrlClaim on redirection after Logout

IAM-1563

403 when attempting to read password policy for delgated admin reset password

10 Sep 2021

Issue ID Summary

FRAAS-7890

Validation of custom domains allows upper case domain names

FRAAS-8064

OATH Device not shown in End-User Profile Dashboard

IAM-1475

Issue with enduser platform-ui when compiled from source

IAM-1542

End users are unable to update their KBA info

IAM-1545

KBA Create node does not send custom question as part of payload

08 Sep 2021

Issue ID Summary

AME-20499

Using Social Identity Provider Selector node and having disabled social IDPs causes massive amounts of exceptions and errors in the logs

AME-20895

Request Object Encryption

AME-21056

Make request object 'aud' configurable

AME-21133

Apple Sign In Form POST Endpoint Compatibility with Custom Login Apps

OPENAM-16314

Create OAuth2/OIDC Node to allow same authentication methods used and supported by our own OpenID Connect provider and clients

OPENAM-17286

Add additional configuration options required for private key jwt feature

OPENAM-17494

Other ways to allow OTP SMS Sender and OTP Email Sender nodes to send custom message

OPENAM-17527

Support KMS/AM-encryption of PEM-format secrets

OPENAM-17581

Scripted decision node on /authentication/authenticationtrees/trees PUT breaks tree save

OPENAM-17625

No trees shown in inner tree selection box when another tree is misconfigured

OPENAM-17672

Page Node does not expose inner nodes inputs or outputs

OPENAM-17673

Nodes within a Page node do not have access to secure state

OPENIDM-16113

rsFilter is case sensitive, which triggers authentication errors

OPENIDM-16191

New live sync schedule created from UI is missing invokeContext.source

OPENIDM-16275

UI does not display Progressive Profile Query Filter Condition properly

OPENIDM-16322

Unable to create new LDAP connector through admin UI

OPENIDM-16335

NPE on org model children endpoint when making a request that contains an error

OPENIDM-16343

Unable to save powershell connector config through admin UI

OPENIDM-16388

LDAP Connector created through Admin UI not setting credentials and baseContexts

02 Sep 2021

Issue ID Summary

FRAAS-7996

Cannot remove org members when logged in as org admin

IAM-1421

Application Token lifetime input textbox not visible in some ID Cloud environments

IAM-1424

Platform UI application list page shows errors when viewed from a sub-sub-realm

IAM-1441

Custom Domain previous button is misplaced

IAM-1442

Too much space between realm avatar on realm title

IAM-1496

Platform admin theme editor missing default values for logo url/alt text

IAM-1514

In a list view, clicking directly on checkbox does not select row

IAM-1533

UI labels missing from ID Cloud registration UI

IAM-1537

Platform UI: Not able to update user when email is an optional attribute

IAM-1538

After changing password on a user in the admin ui any subsequent changes to the object results in an error on save

30 Aug 2021

Issue ID Summary

IAM-1531

UI submits string values for NumberAttributeInputCallback

23 Aug 2021

Issue ID Summary

IAM-1473

Unable to access links to native consoles if platform dashboard page not large enough

IAM-1492

Using 'reset to defaults' on theme admin wipes out theme name

IAM-1508

Edit managed user page has bad formatting when ListField inputs contain long entries

IAM-1509

Social login failure does not return to initial journey step

IAM-1515

Ensure login theme background covers entire height

17 Aug 2021

Issue ID Summary

FRAAS-7936

Email templates missing from console

IAM-1476

Change Consent menu item and related text to Terms & Conditions

16 Aug 2021

  • Updated End User UI to support WCAG accessibility best practices.

  • Updated End User UI and Login UI to support localization.

  • Updated End User UI theming and customization for user journeys:

    • Added ability to apply a different theme and logo to each user journey.

    • Added ability to provide a different user journey to each brand.

    • Added ability to add custom footers to end-user login and account management pages.

    • Added ability to configure the layout of the end-user account management page by adding and removing sections.

  • Updated End User UI terms and conditions management:

    • Added versioning and localization.

    • Added ability to track end-user version history.

Issue ID Summary

IAM-1259

EndUser-UI WCAG updates

IAM-1264

End user stored state returns different user to previous users page

IAM-1289

Platform-ui not rendering in IE11 because Postcss v8+ only serves ES6+ sources

IAM-1291

End user delegated admin should not display raw JSON option

30 Jul 2021

Issue ID Summary

FRAAS-7721

Unable to save a new LDAP connector configuration in the Platform UI

15 Jul 2021

Issue ID Summary

AME-20475

OpenID Connect Back-Channel Logout

AME-20499

Using Social Identity Provider Selector node and having disabled social IDPs causes massive amounts of exceptions and errors in the logs

AME-20600

Grant Types UI field the OAuth2 Provider shows as supportedGrantTypes

AME-20994

Rename StoreOps tokens to OIDC Session Management

IAM-1096

Scripted decision node description has a typo

OPENAM-14402

Access/ID tokens only include short username for "sub" claim

OPENAM-15214

Auth Tree - Clicking save with no changes causes render problem with node attributes inside page node

OPENAM-16314

Create OAuth2/OIDC Node to allow same authentication methods used and supported by our own OpenID Connect provider and clients

OPENAM-16653

Identity using fr-idm-uuid has wrong account ID in FR Authenticator

OPENAM-16959

Failed to authenticate with Twitter as Social Login Provider

OPENAM-17297

HOTP Generator Node adds cleartext OTP to sharedState

OPENAM-17436

JS version of the OIDC Claims script does not work due to a casting error.

OPENAM-17489

Add new form_post endpoint

OPENAM-17494

Other ways to allow OTP SMS Sender and OTP Email Sender nodes to send custom message

OPENAM-17517

JS versions of Social Identity Provider Profile Transformation scripts do not work due to a casting error.

OPENAM-17595

endSession should fail gracefully instead of Unknown JWT error

OPENAM-17625

No trees shown in inner tree selection box when another tree is misconfigured

OPENAM-17659

Select Identity Provider Node does not load social IDPs that do not define a client secret

OPENAM-17672

Page Node does not expose inner nodes inputs or outputs

OPENAM-17828

Apostrophe in username breaks Push/OATH device registration

OPENIDM-14525

Customer would like to define a default value for a property on a managed object.

OPENIDM-15220

Temporal constraints on internal role grants with privileges are not reflected in the end-user UI

OPENIDM-16192

Under certain conditions it is possible to generate two users with the same userName

OPENIDM-16206

TaskScanner tries to read object after deletion

OPENIDM-16266

ICF service retry during livesync network failures

OPENIDM-16326

SchemaService does not allow filtering on _id

OPENIDM-16334

Managed object schema editor fails on properties with "pattern : null"

28 Jun 2021

Issue ID Summary

OPENIDM-16678

Clustered recon fails with "Schedule does not exist"

23 Jun 2021

Issue ID Summary

FRAAS-4877

Attempting to Import a CSV file that contains a number in an frUnindexedInteger field fails

15 Jun 2021

Issue ID Summary

FRAAS-7322

Common passwords policy errors now show in bulleted list below password field

IAM-1264

Logging out and logging back in now returns user to dashboard instead of last route visited

IAM-1319

Allow disabling of sorting and searching on relationship array grids

IAM-1321

Allow UI to use post_logout_url claim from id_token for redirection after logout

10 Jun 2021

Issue ID Summary

FRAAS-6504

Terms and Conditions do not render correctly when using HTML formatting directives

IAM-1081

Using the back button in some UI contexts causes an session termination

OPENAM-17297

HOTP Generator Node adds cleartext OTP to sharedState

OPENAM-17343

Access token call returns 500 error if password needs to be changed or has expired

OPENAM-17349

OIDC Refresh token - Ops token is deleted from the CTS during refresh EDISON

OPENAM-17352

OAuth Introspection Endpoint can be accessed by public clients providing an empty client secret

OPENAM-17359

Unfriendly error message displayed when an expired link from "email suspend" node is used

OPENAM-17396

Terms of Service URI Link does not Display in Consent Page

OPENAM-17426

No validation for attribute collector node

OPENAM-17436

JS version of the OIDC Claims script does not work due to a casting error.

OPENAM-17494

Other ways to allow OTP SMS Sender and OTP Email Sender nodes to send custom message

OPENAM-17517

JS versions of Social Identity Provider Profile Transformation scripts do not work due to a casting error

OPENAM-17595

endSession should fail gracefully instead of Unknown JWT error

OPENAM-17625

No trees shown in inner tree selection box when another tree is misconfigured

OPENAM-17672

Page Node does not expose inner nodes inputs or outputs

OPENAM-17673

Nodes within a Page node do not have access to secure state

OPENAM-17828

Apostrophe in username breaks Push/OATH device registration

OPENIDM-15953

Connector Config Disappears from UI in IDCloud for RCS Connectors

OPENIDM-15903

Grant Type not shown in the Grant Column for Assigned Roles

OPENIDM-16134

/system?_action=createFullConfig unexpectedly replaces variables

OPENIDM-16150

Identity Connect UI - Manage Admin Groups modal does not have cancel button after adding new Group Base Contexts

OPENIDM-16180

Removed Properties cannot be Re-Added Until Page Refresh in User Registration

04 Jun 2021

Issue ID Summary

IAM-1219

JS error when assigning multiple relationships

IAM-1261

Adding relationship via UI fails when large user populations

IAM-1263

Need some default data in managed object lists when search filter on UI

IAM-1290

Managed identities configuration cosmetic improvements

20 May 2021

Issue ID Summary

FRAAS-6854

When the commonly-used passwords option is selected for password policy...option unusable

FRAAS-6012

Remove Restriction in UI of Only Allowing One Domain

FRAAS-5525

Add CORs Settings to New Platform UI

FRAAS-4017

On all journey drag-and-drop UIs, links to SDK/API Docs are broken

IAM-1242

SDK config for CORS settings doesn’t properly set allowCredentials

IAM-1240

Fix styling of Multiselect Dropdown and tags

IAM-1228

Platform ui scripting issues seen in ID cloud testing

IAM-1227

remove dependency that requires 'parent required' for UI to handle orgs properly

IAM-1213

Input Label and Placeholder doubling up on all input fields

IAM-1212

Unable to use Webauth TouchID or FaceID on Safari MacOS/iOS

IAM-1205

Update copyright bot copyright message GoodFirstIssue

IAM-1195

Adding a temporal constraint to a role member relationship does not work

IAM-1181

IDM policies not displayed in policy panel for password

IAM-1177

Update grids to handle large datasets based on managed object schema flag

IAM-1160

Server list doesn’t update on new server cluster modal

IAM-1155

Improve code coverage display in PR testing

IAM-1151

Multiselect Does Not Remove Entry If Removed When Entering New Value GoodFirstIssue

IAM-1148

Remove JEST snapshot testing

IAM-1105

Disable save button on new connector server modal after first click GoodFirstIssue

IAM-1076

When in cloud env hide bravo_user, bravo_role, and bravo_assignment when realm is alpha and vice versa

IAM-1065

E2E Tests - Admin - Import Identities

IAM-1039

Platform Scripting Usability (UI Only)

IAM-1024

Adjust app detail header top margin

IAM-375

Refreshing Page on Alias Doesn’t Highlight Side Menu Item

28 Apr 2021

Issue ID Summary

FRAAS-6503

Turn Off The End User Hosted hosted profile page

IAM-1001

Remove extra padding on login error

IAM-1144

Email Templates - Create Email Provider View

IAM-996

Remove extra spacing on Agent profile status button

12 Apr 2021

Issue ID Summary

FRAAS-6573

SAML 2.0 login flow ends with error: “No mapping organization found for organization identifier”

FRAAS-6465

Social login seems to break expected goto URL behavior when protecting apps with IG

IAM-1165

Sidebar-shim Does not Dynamically Change on Resolution Change

IAM-1120

End user account controls throwing invalid argument error on profile page load

IAM-1080

Convert switches to checkboxes in journey editor

OPENAM-17625

No trees shown in inner tree selection box when another tree is misconfigured

OPENAM-17517

JS versions of Social Identity Provider Profile Transformation scripts do not work due to a casting error

OPENAM-17494

Other ways to allow OTP SMS Sender and OTP Email Sender nodes to send custom message

OPENAM-17436

JS version of the OIDC Claims script does not work due to a casting error

01 Apr 2021

Issue ID Summary

FRAAS-6504

Updated terms callback to sanitize html from backend

FRAAS-6431

End User UI calls ../authenticate endpoint switch at login

FRAAS-6399

ID Cloud UI Multiselect spinner

FRAAS-6255

Tenant Admin List does not always Show Entire List of Admins

FRAAS-5968

End User Profile Page Displays "ForgeRock" Specific Information

FRAAS-5585

Custom Domain - UI Re-Verify Flow

IAM-1179

Fix issue with managed identities table not displaying properly

IAM-1171

Drag selection in the journey editor can cause console errors cause saving to hang

IAM-1165

Sidebar-shim Does not Dynamically Change on Resolution Change

IAM-1142

Duplicate Journey modal breaks if initially dismissed

IAM-1141

Update password policy messages to a more user friendly format in the Platform-UI.

IAM-1128

Resource view cutting off dropdown menu

IAM-1126

Login-UI doesn’t change locale language to browser default

IAM-1109

Realm theme logo preview doesn’t update

IAM-1104

Not possible to change or remove the default locale of email templates.

IAM-1083

Email template "From" input field limited to email addresses while label suggests otherwise

IAM-1080

Swap toggle w/ checkbox in journey editor

IAM-1040

Journey list page displays javascript errors when expanding a journey

OPENIDM-15019

End-user UI displays user name without accents (umlaut etc)

11 Mar 2021

  • Added Salted SHA-256 support.

Issue ID Summary

FRAAS-6209

Theme Editor popover() does not display using Firefox on MacOS

FRAAS-6199

Ugly Error Messaging in UI when Password Policy Fails

FRAAS-6099

AM Authorization with Advices broken

FRAAS-6013

When you enter a domain in the Domain Modal, and it Fails Validation, you cannot add a Domain that is Valid

FRAAS-5968

End User Profile Page Displays “ForgeRock” Specific Information

FRAAS-5938

Platform UI generates forbidden Journey title and cannot be deleted

FRAAS-5843

Current password policy limits passwords to a maximum of 64 characters

FRAAS-5756

Authentication Trees Don’t Respect reentry Cookie

FRAAS-5340

Hashed passwords synchronization fails

IAM-794

Platform login UI has hard-coded “/am” path assumed for default path behavior

IAM-1124

Can’t save Agent type RCS on edit page

IAM-1103

Password policy shows ‘must be less than 0 characters long’ when max length is 0

IAM-1097

Incorrect instruction link for RCS in IDCloud docs

IAM-1088

Add show columns, sort, and search capability to relationship array grid

IAM-1087

Admin create resource modal should handle required relationship array properties

IAM-1081

Using the back button in some UI contexts causes an session termination

IAM-1021

Ability to copy and paste values from multiselect component

IAM-1017

Force Use SSL option for Connector Servers in Cloud

OPENAM-16949

Cannot create a policy for subject type group

17 Feb 2021

Issue ID Summary

IAM-1066

Links for delegated admin objects not showing in end-user UI when a user has correct privileges

IAM-1064

Incomplete provisioner file makes it impossible to create clusters

IAM-887

Admin UI does not display in the Firefox web browser when Private Browsing is enabled.

04 Feb 2021

Issue ID Summary

OPENAM-17289

Generated id_token does not contain any of the requested claims, other than "sub".

OPENIDM-15892

Persisted schedules not being displayed in IDM Native UI

29 Jan 2021

13 Jan 2021

Issue ID Summary

AME-20719

RelayState Not Being Used on Identity Cloud with SAML tree node

AME-13690

Create an OATH authentication node

FRAAS-5257

Cannot disconnect social identity provider

IAM-1003

IE11 does not search for user on End User page

IAM-989

Update connection status for servers on server cluster pages

IAM-988

Platform UI error for end users when resizing in IE 11

IAM-978

ConnectorServers generates browser console errors when connector servers are present

IAM-958

Backend scripts updating hiddenValueCallback values don’t propagate to step requests

IAM-952

ID cloud new server cluster modal allows going back to select adding servers when it should not

IAM-947

Platform UI: support 'default' values in Managed Object create/edit screens

IAM-907

Adding IG Agent with non-unique name breaks UI

OPENAM-16965

Alignment of shared state with self-service object nodes

OPENAM-16961

OIDC Claims Script - /userinfo to access clientProperties

OPENAM-16919

SAML JSP Flows not working

OPENIDM-15686

Cannot delete a mapping in an Identity Cloud tenant

OPENIDM-15576

Unable to save the 'Reconciliation Query Filters' under Mappings in the Admin UI.

OPENIDM-15511

IDM Admin console - Paging controls in managed objects are disabled

OPENIDM-15507

Paging controls in connector data tab are disabled and should not be

OPENIDM-15368

Value of ldapGroups isn’t visible in the admin UI as an assignement attribute

OPENIDM-15150

IE11 script error in End-User UI

OPENIDM-14750

Managed Object schema editor scripts tab not saving scripts on relationship type properties

OPENIDM-14411

Unable to create a user with a previously used password

2020

08 Nov 2020

Issue ID Summary

AME-20500

Users cannot authenticate using local authentication and the Social IDP Selector node

FRAAS-4856

Cannot create API keys using Safari 14.0

FRAAS-4767

Identity Cloud UI does not display user properties according to managed object settings

FRAAS-4699

Connector server (RCS) connection status inaccurate

FRAAS-4481

Enduser UI - Password required in Edit Personal Info

FRAAS-4070

Update tenant naming convention

IAM-906

Cannot create an assignment when the mapping target is a system object

IAM-885

ID cloud journeys list has visual errors for journeys created in AM native console

IAM-882

Breadcrumb needs to update upon navigating away from page

IAM-881

End-user profile doesn’t render multi-value fields

IAM-862

Footer has wrong logo

IAM-861

Change managed object toggle to show object value instead of entire schema

IAM-795

Bulk Import: improve error messages in Identity Cloud admin UI

IAM-784

Add dynamic theme for end user

IAM-759

Incorrect URL for legacy AM admin console

IAM-697

Platform-admin Unit tests: Applications

IAM-606

Allow Password entry in 'New Identity' Modal

IAM-589

Accessibility: CardRadioInput is not navigable and doesn’t report as a radio input correctly

13 Oct 2020

02 Oct 2020

  • Improved IDM debug logging.

  • Custom attributes can be used in scripts.

  • Added Gateways & Agents list and profile page.

  • Journey edit page indicates required fields.

  • Updated dark theme.

  • Added the ability to theme the login UI from config.

Issue ID Summary

FRAAS-4610

Filename with a space gets converted to an null pointer

FRAAS-4558

Admin invite doesn’t work

FRAAS-4550

User profile attributes are inaccessible to token modification scripts

FRAAS-4549

Base URL Source service should be part of quickstart config

FRAAS-4522

Cannot save "Generic Indexed String" attributes in user profile

FRAAS-4520

Cannot save "Address 1" field in user profile properties

FRAAS-4477

Password-related failures at onboarding

FRAAS-4459

Make createResource behave more consistently with repeat use.

FRAAS-4440

Broken create assignment functionality

FRAAS-4379

UI issues with OAuth 2.0 related interfaces (Consent page, OAuth 2.0 client error pages, and the device code grant page

FRAAS-4319

Alpha/Bravo Realm Users cannot edit personal info in the Enduser UI

FRAAS-4277

Hide incompatible tree nodes

FRAAS-3928

Remove on-prem connectors from PaaS IDM instance

IAM-789

Password policy rules should display in platform-admin password reset UI

IAM-603

403/404 errors in platform-admin when user has insufficient privileges

Copyright © 2010-2024 ForgeRock, all rights reserved.