Virtual Smartcard release notes & changelog

Enhancements

• Added additional verification of the user using registered email during second factor enrolment on Self-Service portal
• Upgraded the service to user the latest version of PHP (8.2)
• Security patches and enhancements
• Removal of fall-back method for Spine connections made by VSC service (mainly used for Spine tickets' validations)
• Minor UI/UX enhancements

Enhancements

• Upgrade of server components
• Added search in vRA Manager to allow easy filtering of users across trusts
• Minor UI/UX enhancements in vRA Manager

Fixes

• Fixes to vRA Manager handling of issuing smartcards to users in different organisations

Please note that 2.4.1 was the first release of version 2.4

Enhancements

• Added functionality to support the resetting of locked passcodes via the authenticators. This will be made available in the next release of the authenticator applications
• Added functionality to support the display of expiry dates within the authenticators. This will be made available in the next release of the authenticator applications
• General security enhancements
• Added functionality to allow users to be assigned to different organisations during user creation and issuance of virtual smartcards to users
• Major performance enhancements to vRA manager and self-service portal

Defect fixes

• Several miscellaneous defects have been corrected

Enhancements

• Major performance enhancement to issuance process
• Security and performance enhancements
• User experience enhancements on vRA Manager

Fixes

• Usability issue with issuance for V2 users fixed

Enhancements:

• Database query performance enhancements
• vRA Manager performance enhancements
• vRA Manager UI/UX enhancements
• Improvements to emails sent to end users

Fixes

• Corrected problem with Issuance of V1 Smartcards

Enhancements

• Removal of EPS keys for V1 Smartcards (required for V1 card accreditation)
• Security Updates
• Addition of "Expiring Smartcards" page to vRA Manager
• Added ability to change user names in vRA Manager
• Automatic updating of user names based on Spine registered names
• General UX enhancements
• Database enhancements (precision and performance)

Additions:

• VSC-1696 - Added User's UUID to the information shown for a user's virtual smartcard in the self-service portal
• VSC-1726 - VRA Manager logs now refresh correctly when adding WA from the User Specific Page
• VSC-1768 - Modified explanatory text on Self-Service page for when user's don't have access to the Authenticator
• VSC-2554 - Alignment issues corrected for column headers in VRA Manager Windows Accounts tab
• VSC-2557 - Delete option disabled for default roles in VRA Manager Settings section

Additions:

• VSC-1680 - Updated the "Invitation to setup your virtual Smartcard V2" e-mail to make is clearer and add more guidance
• VSC-1681 - Updated the "Invitation to setup your virtual Smartcard V1" e-mail to make is clearer and add more guidance
• VSC 1682 - Updated the "Virtual Smartcard setup complete V2" email to make it clearer and add helpful links
• VSC-1683 - Updated the "Virtual Smartcard Successfully enrolled V1" email to make it clearer and add helpful links
• VSC-1707 - Added extra guidance to the "Need help?" sections of emails that are sent
• VSC-3348 - Updated the "Reminder: enrol your Virtual Smartcard V1" e-mail to make it clearer and add more guidance
• VSC-3349 - Updated the "Reminder: Set up your Virtual Smartcard V2" e-mail to make it clearer and add more guidance

Additions

• VSC-3307 - Corrected issue that caused occasional failure when deleting device associated with a user via vRA Manager
• VSC-3337 - Extended vRA Manager to display application client version, platform type and platform version

Additions

• VSC-1708 - Implemented API that performs validation of scanned QR codes for authentication purposes

Bugs fixed

• VSC-1706 - Fixed issues with RAs and end-users not being able to delete 'MIA' devices from the user's registered device list via vRA Manager and Self-Service Portal 

Changes:

VSC-1690: Add passcode locked state flag for Authenticator to handle it

• Improvements made to Isosec's internal Spine service for ticket validation, certificates & user identity
• Internal V2 Spine made available for vSC images
• Refinements made to vSC Health Check Service and Enrolment Reminder emails

• Resolved bug where users were unable to resend the self-verification email via the Self-Service Portal

• Fix applied to incorrect card type being displayed on "Pending User" page
• Improved email and phone number data validation
• New API endpoints & specifications added for future functionality
• CVE-2021-28831 security fix applied
• UI/UX improvements 
• Various minor small bug fixes.

• UI/UX and workflow improvements for the vRA Manager and Self-Service Portal
• Improved error messages for CSV import and file validation
• CSV sample data recreated due to invalid domain data included
• OpenAPI specification and new end-points created for future functionality.
• Improvements to internal tooling to manage customer configuration

• Security fixes and improvements
• UI/UX fixes and improvements
• Additional support/functionality added to migrate legacy organisations
• API improvements and new functionality added

• Code restructuring across the Virtual Smartcard service including iO, Authenticator, and MIA.

• Added support for issuing Series 8 cards (iO 9.1 and higher)
• Improved and optimised logic for VSC issuance
• Fixed issues with not being able to restart Virtual Smartcard issuance via the vRA Manager once initiated.
• Fixed key creation issue during Virtual Smartcard issuance in CIS, no errors are now presented to users.
• Fixed issues with not being able to issue VSC to the user with very long names (longer than 50 characters)
• Several other minor fixes and improvements related to the VSC issuance process
• Re-designed user-facing emails for enrolment, passcode reset, and more.
• Fixed issue where vRA Manager sometimes incorrectly reports an incompatible Authenticator client 

• Added support for AdES (Advanced Electronic Signature) Virtual Smartcards (V2)
• All newly issued V2 cards will begin with serial 150 for easier identification in reports
• Minor UI changes to support AdES Virtual Smartcard issuance & reporting in vRA Manager & user management in the Self-Service Portal
• A number of fixes/improvements related to Smartcard issuance and enrolment

• Removed ability to use special characters in VSC passcodes

• Bug fix applied for pending User AD accounts not being removed when the user has been deleted.
• Error messaging changed for failed enrolments providing clearer instructions for users.
• Various backend changes and bug fixes

• Self-Enrolment email token validity period has now been extended to 14 days
• Fixed an issue with email links presenting http and not https, preventing some users from enrolling until manually adjusted.
• Fix implemented for expired enrolment status in vRA Manager
• Improvements made to the "Pending User" export to include more information
• Workflow changes introduced for enrolment and Virtual Smartcard passcode resets to be more user friendly. 

• Various back end fixes and security improvements
• Improved authentication logging
• Fixed the issues with not correctly logging the successful authentication with QR codes
• Fixed the issues with not sending password reset emails for certain scenarios when users locked their virtual smartcards.

• RAs will no longer specify a phone number during enrolment
• Users will no longer be required to verify access to a phone number during self-enrolment
• When logging into the Self-Service Portal, a user must now verify a second factor, or enrol one during login
• Users will now be given the option to use the Isosec Authenticator or SMS when logging into the Self-Service Portal
• Users will now be required to verify access to their second factor when resetting their VSC passcode (if they have a second factor configured)
• RAs can now specify an AD account during enrolment, which will become active once the user's enrolment completes

• Isosec Authenticator fixes and improvements
• Backend end security changes

• Server side MIA fixes for Generic mode
• VSC Service Health checks are in action

VSC Service 

• Fixed an issue with submitting feedback from the VRA Manager
• A number of internal fixes and improvements.
• Fixed a bug where a white space in phone numbers could cause issues with users receiving SMS. (VSC-915)

• Internal changes made to build processes and removal of library files.

Security Updates

• Security updates and changes made across the Virtual Smartcard Service & AWS infrastructure.

vRA Manager

• Added "AD accounts" and "Devices" view into the Enrolled User view on the vRA Manager - This will enable Registration Authorities to check who has finished their enrolment and can update the necessary accounts.
  
• Added ability to search for anything inside of the user's full name string ("<FORENAME> <SURNAME> (<SUBJECTCN>)") within the vRA Manager.
  
• Added ability to sort by any field on user listing pages

vRA Manager

• Moved allowed email domain checking for VSCs to be DB driven
• Internal Self-Service Portal changes to allow Support to handle additional email domain requests
• Whitelisted additional email domains at Trust request

Virtual Smartcard

Additions

iO

• Added message boxes and better indicators for RAs to see better what issues there are on misconfigured RA machines for vSC issuance

• Made sure that vRA Manager and VSC service is backwards compatible with older versions of iO identity agents

• Added a pop up message for the vSC issuance to be displayed when the vSC service is not available

• Added new authentication method with vSC using push notification only (password-less authentication)

vRA

• Added ability to change a user's email address

• Added ability to use apostrophes in the first half of email addresses

• Added logging for email address updates

• Added a log message for when user profile data folder fails to be retrieved

• Added lockout from accounts after repeatedly failing to login to the self-service portal

• Starred out security answers during entry on: VRA enrolment, Self-service password reset, self-service enrolment, self-service update security questions

Issuance Components

• Added new authentication method with vSC using push notification only (password-less authentication)

• Added a new configuration item that can be controlled as a policy maker for allowing authentication with push notifications only or not

• Added functionality that enable building the reader driver for windows 7 and windows 10, 32bit and 64 bit for both platforms

• Added some more logs and more granularity / information to the existing logs

• Added functionality that enables fetching number of successful spine authentications per given vSC and prompt the user for NPS feedback if enabled

• Added a readme file to cover requirements for connecting a vSC on the machine

• Added a pop up message for the vSC issuance to be displayed when the vSC service is not available

Fixes

• Fixed issue where an RA manager couldn't edit a user's email twice without refreshing the page

• Fixed issue with verification of emails containing apostrophes not working

• Fixed issue with empty windows account lists not showing a message

• Generalised response for login and forgotten password submissions when entering an incorrect email / password

• Fixed the issue with older versions of iO if pushNotification authentication was enabled server side, causing that old iO was receiving a status code that wasn't recognised and therefore forced iO to fall back to QR code / email authentication with vSC

• Added config item to determine aforementioned delay

• Removed "last active" from user list due to performance issues

Number of internal fixes and changes