- 03 Oct 2024
- 3 Minutes à lire
- SombreLumière
- PDF
Version 3.23 (July 2022)
- Mis à jour le 03 Oct 2024
- 3 Minutes à lire
- SombreLumière
- PDF
New features and enhancements
Improved deletion of users with assigned items
The USERCMD_DELETE command allows you to delete user accounts. In previous versions, the command failed if the target user account had items assigned that cannot be deleted, e.g. reports, recurring tasks, or pending operations (maker or checker role).
To delete such user accounts, you can now specify a successor user that will take ownership of those items. The successor must be an administrative user account in the same domain as the user to be deleted.
The USERCMD_DELETE command now accepts two new optional parameters to specify the successor account:
USERFLD_SUCCESSOR_DOMAIN
USERFLD_SUCCESSOR_USERID
Automatic execution option for pending operations
It is now possible for maker administrators to specify an auto-execute flag when scheduling a pending operation that requires maker–checker authorization. If set to true, the pending operation is automatically executed on the maker administrator's behalf upon approval by the checker administrator. In that case, the maker administrator does not need to execute it explicitly by calling the respective command a second time.
All commands that support maker–checker authorization now accept an optional parameter, i.e. *_AUTO_EXECUTE:
DIGIPASSCMD_ASSIGN
DIGIPASSCMD_UNASSIGN
USERCMD_CREATE
USERCMD_DELETE
The administrative commands to view and query pending operations (queryPendingOperation and viewPendingOperation) also support a new parameter to retrieve auto-execute information (POFLD_AUTO_EXECUTE).
Generic authentication status codes (Support case CS0087535)
OneSpan provides a new policy setting (POLICYFLD_USE_GENERIC_AUTH_STATUS_CODES) that specifies whether certain status codes and messages should be mapped to generic status information in server responses, to prevent user account disclosure in authentication and provisioning scenarios. The real status code and message will still be visible in the audit and trace messages.
If enabled, the following status codes will be mapped to 1000 (STAT_INVCREDENTIALS) even if more specific status information is available:
1007
1009
1010
1011
1012
1023
1025
1033
1045
By default, the new policy setting is disabled for parentless policies.
Supported platforms and other third-party products
Software libraries
OneSpan Authentication Server SDK now includes the following (updated) third-party libraries:
Apache Log4j Core 2.17.1
Fixes and other updates
Issue OAS-10388: New output attribute for queryPendingOperation and viewPendingOperation
Description: The queryPendingOperation and viewPendingOperation commands now support a new output attribute POFLD_TO_SERIAL_NO. The new attribute is returned as upper bound of a serial number range between POFLD_SERIAL_NO and POFLD_TO_SERIAL_NO of possibly affected authenticators of a pending operation.
Issue OAS-12270 (Support case CS0085940): Wrong parameter in cancelAuthSignatureRequest example (Documentation)
Description: In the OneSpan Authentication Server SDK SOAP Reference, the cancelAuthSignatureRequest example contains an incorrect parameter (requestKey). The correct parameter is requestKeyMessage.
Affects: OneSpan Authentication Server SDK 3.17–3.22
Status: The documentation has been updated.
Issue OAS-11626 (Support case CS0082219): Incomplete description of PROVFLD_SERIAL_NO (Documentation)
Description: When PROVFLD_SERIAL_NO is used as an input attribute for PROVISIONCMD_MDL_REGISTER, the serial number needs to be already assigned to the user. Otherwise, activation message generation will fail.
This information is missing and should be added to the OneSpan Authentication Server SDK SOAP Reference.
Status: The documentation has been updated.
Issue OAS-11218 (Support case CS0079957): No information about VACMAN Controller error codes (Documentation)
Description: The OneSpan Authentication Server SDKProgrammer's Guide does not provide information about the VACMAN Controller error codes. The document should refer users to the list in the OneSpan Authentication ServerAdministrator Reference.
Status: The documentation has been updated.
Issue OAS-10217: Additional input attributes for queryPendingOperation
Description: The queryPendingOperation command now supports POFLD_CONTEXT and POFLD_SERIAL_NO as input attributes. Both attributes can contain asterisk wildcards.
Issue OAS‑8234: USERCMD_COPY_PERMISSION allows to copy from non-administrative user accounts
Description: The userExecute:USERCMD_COPY_PERMISSION command copies administrative privileges from one user account to another. If the target user account has privileges assigned that the source user account does not have, then the target user account will lose those privileges. If you select a non-administrative user account to copy the privileges from by mistake, the target user account will lose all privileges.
Affects: OneSpan Authentication Server SDK3.12–3.22
Status: The command behavior has been changed. If you now specify a user account that does not have any administrative privileges assigned, the command will return an error.