Releases: 18F/identity-idp
RC 107
zachmargolis
Zach Margolis
Features
- Drop SSN uniqueness requirement, allow multiple accounts to have the same SSN (#3634, LG-2599)
- Partners can create teams and invite members in the Partner Dashboard
Bugs and Enhancements
- OpenID Connect: allow state and nonce values to be 22 characters (down from 32) (#3684, LG-2856)
- Update IP Geolocation database (used for guessing location of users for things like sign-in notification emails)
- Various bug fixes and enhancements
RC 106
achapm
Aaron Chapman
Features
- LG-2674: Revoke Consent (#3644)
- LG-2727: Add "forget all browsers" functionality (#3625)
- LG-2618 Allow strict AAL2 SPs to opt out of default remember device (#3635)
Bugs and Enhancements
- Bump user_agent_parser from 2.5.2 to 2.6.0 (#3620)
- Update Acuant client to send correct JSON headers (#3628)
- Fix flaky spec (#3630)
- LG-2745 Add ial to auth tracking for mixed (IAL1+IAL2) SPs (#3634)
- LG-2811 Drop 2nd MFA requirement (#3643)
- Rename analytics event names to match rest of feature (#3636)
- LG-2801 Allow USPS proofing to be disabled without errors (#3638)
- Update Ruby version (#3641)
- Switch fields to use type="tel" (#3642)
- LG-2822 Add polling to hybrid flow continue step (#3646)
- Update the knapsack report (#3652)
- Upgade yarn dependencies (#3650)
- Remove CloudHSM code (#3651)
RC 105
zachmargolis
Zach Margolis
Features
- LG-1611: SP's can optionally request signed auth response message (#3597)
- LG-2672: verified_at attribute (freshness value) (#3602)
- LG-2675: Re-prompt for consent to share with SPs after a year (#3609)
Bugs and Enhancements
- Bump nokogiri from 1.10.5 to 1.10.8 (#3595)
- Bump puma from 4.3.1 to 4.3.3 (#3606)
- LG-2025 Move service_service_provider_requests to redis part 3 (#3587)
- LG-2294 Update webauhn gem (#3601)
- LG-2713 IAL2 flow with no SP (#3603)
- LG-2596: Better webauthn Windows support (#3604)
- Docker image and Compose stack refactoring
- LG-2587 IAL2 SP User Quota Tracking (#3592)
- LG-2735 Fix cost tracking for sms and voice underreporting (#3608)
- removed fake banner from staging (#3613)
- LG-2733 Fiscal active users report by SP (#3612)
- LG-2734 aXe Audit
- Update handoff page Continue button to "Agree and continue" (#3619) …
RC 104
achapm
Aaron Chapman
Bugs and Enhancements
Docker-compose #3586
Docker-compose 2 #3584
LG-2556: openid connect spec refactor (#3583)
LG-2025 Move service_service_provider_requests to redis part 2 (#3582)
LG-2564 LG-2565 IALMAX for SAML and OIDC (#3574)
LG-2622 Fix CAC error when attempting to proof (#3591)
LG-2623 Better logging for PIV/CAC errors (#3590)
LG-2506 Record user opted remember device preference (#3571)
LG-2532 Switch to cleave.js for field formatting (#3594)
LG-2532 fix weird ssn field behavior (#3598)
RC 103
Features
Recommend more secure MFA methods (#3542)
LG-2392 Add rate limit screen for doc auth image upload (#3543, #3581)
LG-2041: Authorization confirmation page (#3525)
LG-2388 Make recover fail a proper error screen (#3553)
LG-2386 Shorten Email Header #3570
Bugs and Enhancements
Update the release checklist (#3557)
Make the SP cost specs proper feature specs (#3559)
Fix PIV/CAC setup page (#3555)
Log the telephony responses (#3558)
Add the PIV/CAC service URL directly to the CSP in local dev (#3560)
Remove typo in authenticator setup screen (#3561)
LG-2041: logs event on authentication confirmation (#3562)
Specify the redirect URI in the request to the PKI server (#3565)
LG-2025 Move ServiceProviderRequest to Redis (#3554)
Redirect users who visit authentication confirmation unauthenticated (#3569)
Copy in agencies.yml from identity-idp-config repo (#3564)
Mark RemoteSettings specs as pending (#3576)
Remove Webmock.allow_net_connect! (#3577)
LG-1727: Update copy for deleting phone (#3578)
LG-1898: Stop truncating long emails (#3579)
RC 102
jmhooper
Jonathan Hooper
d3d68ac
jmhooper
Jonathan Hooper
2020-02-04T175045 2020-02-04T175045 release
RC 101
achapm
Aaron Chapman
Features
LG-2223 Sign in with multiple TOTP apps (#3499, #3526)
LG-1904 LG-2222 Add and delete TOTP apps (#3509)
LG-2513 LG-2514 Allow multiple PIV/CACs or auth apps on setup (#3515)
LG-2379 LG-2476 Add cost tracking by SP (#3522, #3527)
Service Provider Updates
Update DOT Secure Data Commons friendly name
Bugs and Enhancements
Remove Devise confirmable from the user model (#3484)
Fixing 2FA SMS code not autopopulating in Safari (#3493)
fixed strong_migrations error (#3506)
LG-2295 Pre-populate address when editing address from ID (#3510)
LG-2310 run locally with piv cac (#3511, #3517, #3518)
LG-2052 Remove auto-format from IAL2 proofing phone check (#3512)
LG-2308 Add migration for adding 'allow_prompt' to service provider table, backfill rake task (#3513)
Remove Geolite2 setup from the setup script (#3514)
LG-2512 Put the 127.0.0.1 geocoder stub back in the spec file (#3516)
LG-2063 Give users more time to complete mobile capture on hybrid flow (#3521)
LG-2213 Upgrade the identity style guide to 2.2.0 (#3523)
RC 100
achapm
Aaron Chapman
Service Provider Updates
Change DOT Secure Data Commons redirect URI
Bugs and Enhancements
LG-2477 Add rack timeouts to new relic (#3496)
LG-2484 Increase timeouts for Acuant results API call (#3498)
LG-2489 Increase timeout time for AAMVA during doc auth (#3501)
Drop x509_dn_uuid column from users table (#3483)
LG-2485 Fix uploading test credentials for IAL2 (#3500)
LG-2395 Allow failures with yaml test document upload (#3497)
Bump rack from 2.0.7 to 2.0.8 (#3494)
Add a banlist for non-essential emails (#3487)
RC 99
achapm
Aaron Chapman
Features
Add choose verify method screen for CAC proofing (#3474)
LG-2419 User with a CAC sees the CAC proofing flow (#3471)
LG-862 Add a PIV/CAC to an account (#3449)
Service Provider Updates
Add SP: HHS - OIG - Exclusion Referrals
Add SP: DOT - FHWA ITS JPO - Secure Data Commons
Add SP: DOL - OASAM - eFile-eServe (EFS)
Bugs and Enhancements
Add a banlist for non-essential emails (#3487)
Add CT to the list of supported states (#3482)
Lg 2441 redirect URIs not included in CSP for oidc (#3479)
LG-2413 Doc auth drop offs by sprint report (#3480)
Remove references to x509_dn_uuid on user (#3477)
Rescue db not found error in migration check. (#3476)
LG-2430 Track data around profile deactivation and activation with personal key (#3475)
Parse full name from CAC correctly (#3473)
Limit PIV/CAC count (#3472)
LG-2410 Accept IAL2 and LOA3 assertions (#3464)
LG-1767 LG-2103 Get name off CAC when proofing with CAC. On error offer doc auth (#3470)
RC 98
achapm
Aaron Chapman
Features
LG-2224 Remove a PIV/CAC (#3436)
LG-2315 Users should not see PIV/CAC option to configure MFA on mobile (#3439)
LG-2218 Added friendly doc auth errors (#3434)
LG-1649 Update design and copy for MFA more info (#3429)
LG-2351 Sign in with multiple PIV/CACs (#3431)
LG-2313 Users should not see sign in with PIV/CAC option on mobile (#3437)
LG-2312 Users should not see proofing with a CAC option on mobile (#3438)
Service Provider Updates
LG-2372: new version of saml_idp doesn't sign saml logout response (#3430)
Bugs and Enhancements
Don't check for pending migrations on a migration instance (#3445)
Change max doc auth attmepts to 10 (#3444)
Update encryption-and-key-rotation.md (#3433)
LG-2383 Raise an error if migrations are pending in bin/activate (#3435)
Use an OTP object to save IdV OTPs in the session (#3432)
Fix blank doc_auth_log entries (#3428)
LG-2370 Apply the secure headers override during webauthn setup (#3427)
LG-2350 Add a new table for piv/cac configurations (#3426)
LG-1190 Default to read replica for the console db (#3425)