New features and enhancements
New external authentication method for OpenID Connect (OIDC)
The new OpenID Connect EAM web application allows you to optionally set up OneSpan User Websites as proxy to use OneSpan Authentication Server as an external authentication method (EAM) for identity management platforms that support OpenID Connect (OIDC), such as Microsoft Entra ID. This allows users to select DIGIPASS authenticators as an additional authentication method to meet multi-factor authentication requirements.
Scan and login test page
The new Scan and Login Test page allows users to verify that they can log on correctly using scan and login, an authentication process where users are presented a Cronto image, scan that image, and complete authentication on their mobile device.
Online Activation page now shows plain activation data
The Self-registration, auto-assignment, and online activation page for the OneSpan Mobile Authenticator app now also shows the plain activation data (which is encoded in the respective Cronto image).
Supported platforms and other third-party products
Operating systems
Installation packages are now included for the following:
Windows Server 2025
Software libraries
The software library lists are not exhaustive, but include the most notable and critical updates only. For a complete overview, refer to the third-party dependency files included with the installed product.
This version now includes the following (updated) third-party libraries:
Apache Commons BeanUtils 1.11.0
Fixes: CVE-2025-48734
Apache Commons Lang 3.19.0
Fixes: CVE-2025-48924
Web servers
OneSpan User Websites can now be run on the following web application servers (based on the respective JRE):
Apache Tomcat 10.1.48 (included)
Oracle Server JRE 17
Azul Zulu 17 (17.62.17 included NEW )
Fixes: CVE-2025-48989, CVE-2025-31651, CVE-2025-31650, CVE-2025-24813
Fixes and other updates
Issue OAS-29163 (Support case CS0191012): Incorrect file mentioned to customize the company logo (Documentation)
Description: Any cosmetic part of OneSpan User Websites can be modified to meet your corporate design and text requirements, including the company logo. The OneSpan User Websites Administrator Guide refers to an incorrect file to customize the company logo (ui\inc\header.jsp). The file that actually needs to be updated is ui\inc\menu.jsp.
Affects: OneSpan User Websites 3.22–3.27
Status: The documentation has been updated.
Deprecated components and features
PDF documentation
The PDF documentation has been completely removed from the OneSpan User Websites product deliverable. You can view the OneSpan User Websites user documentation exclusively online on the OneSpan documentation portal, available at https://docs.onespan.com/sec/docs/onespan-user-websites.
Supported platforms and other third-party products
Operating systems
Installation packages are no longer included for the following:
Red Hat Enterprise Linux (RHEL) 7, 64-bit
Ubuntu Server 18.04 LTS, 64-bit