Releasenote for Buypass Access Manager - BAM_LRA v3.6 This information is written in English only Panel |
---|
borderColor | #d7e0ea |
---|
bgColor | #d7e0ea |
---|
titleColor | #ffffff |
---|
borderWidth | 1 |
---|
titleBGColor | #d7e0ea |
---|
borderStyle | solid |
---|
| Include Page |
---|
| INCLIB:_blue_box_style |
---|
| INCLIB:_blue_box_style |
---|
|
Div |
---|
| Release version: Buypass Access Manager - BAM_LRA .net 3.6.0_7392 Release date: 24.08.2015 Document classification: Open Copyright: Buypass AS 2013-2015 |
|
MERK! I det følgende er det gitt en oppsummering av hvilke nye funksjoner og oppdateringer som ligger i ny versjon av .net versjonen av BAM – versjon 3.6.0_7392. Dette er en ganske stor release med mange større og mindre forbedringer. De viktigste er: - Støtte for flere lokale sertifikater fra flere ADer – se punkt 5 nedenfor
- Støtte for å kunne installere/sette opp en klient med hver og en funksjon i BAM-klienten som «stand alone» og at kun periferutstyr nødvendig for valgt funksjon kreves ved oppstart av klienten – se punkt 2 nedenfor
- Støtte for bruk av et nytt identitets kontroll element – se punkt 6 nedenfor
- Mulighet for å søke med *(stjerne) i Brukernavn-feltet dersom brukernavn er FNR – se punkt 8c nedenfor
- Mulighet for å få registrert epostadresse ved preregistrering av en-og-en person – se punkt 16a nedenfor
Detaljert liste foreligger her kun på engelsk: List with details is written in English only New features Installation Silent launch – new scripts is made for different configurations to make it easier on installation
Startup Support for all functions “stand alone” on installation and that only necessary peripherals are asked for and checked on startup based on setup - documented in Installation - first time and update.
Possible to “reuse” a smartcard if something went wrong during first time issuance - documented in FAQ Operators. Requirements: Retrial of issuance the second time must be to same User as first time – card connected to User with same IssuerKey No certificates are connected to card on time for retrial
Possible to “reuse” a User, that is, it is possible to register (PreRegistration) a User one more time with same SSN and IssuerKey if User once has been dismissed from organization. The scenario here is that an employee is quitting and dismissed in BAM client. Then he/she reenters as employee some time later and are preregistered and given the same UserName and IssuerKey as on former employment - documented in PreRegistration - Norwegian version and in PreRegistration - English version. More LCs from one or more ADs - documented in More local certificates in card We have added support for defining several ADs in the Configuration Application Tool Search is modified to support one or more ADs configured If any of the ADs defined is configured with SSN-mapping (any of the combinations possible) full SSN-field is shown in Search-gui and it will be possibility to enter full SSN AD-domain is added in UserDetails in the User information panel of GUI, reports and PDFs BAM-client will stop on startup if one or more of defined ADs are missing or not found. On the AD check all ADs configured in “ConfigApp” will be checked, and if one is not connected this will give an error message. Operator must start Configuration Application Tool to run a TEST in order to find which one is missing On issuing more LCs on card with some certificates on card already, we have implemented warnings (yellow) in order to give the Operator control of NOT issuing certificates for different users on same card. Client will in controlling step of ID card function give information of certificates on card – both type of certificate and name connected to certificate Unsupported – if the QCs on the card are issued from another Issuer than the BAM-organization itself, the message will be: “Qualified certificate exists in card (Unsupported). Full name read from certificate: Tom Hansen” EA – if the Usercard is an Operator card there will be an EA certificate (enrollment agent) on card, and the message will be: “Local certificate exists in card (EA). Full name read from certificate: Tom Hansen” TLC – if the Usercard is a temporary card the message will be “Local certificate exists in card (TLC). Full name read from certificate: Tom Hansen” – you will be stopped long before this message is coming, because Temporary cards are not allowed in ID-card function LC – if another local certificate is on card the message will be: “Local certificate exists in card (LC). Full name read from certificate: Tom Hansen”
Introduction of a new parameter for ID control. For replacement and renewal of certificates, we have added the possibility to turn on a parameter in ConfigApp MASTER-file IssueProcess-tab saying “Allow Operator identification”. If this is turned the Operator will be able to tick for “User is known – identified by Operator” in the ID control step instead of user showing an ID control document. If this option is used this will be registered in the PDF following the issue process. Buypass recommend using this option only in organizations with few employees or in locations where Operator actually knows the employees. In larger organizations, the employees still should show identity documents - documented in Legitimation control. Issuance of Temporary card failed if Operator had different PINs on Open and Closed pockets (UPINO-BIDPIN) – this is now fixed Improvements in Search – documented in UserGuide - Search Search-format changed to get faster search towards Buypass Search with IssuerKey changed to be case insensitive. IssuerKey is a field used for lookup of Users in Buypass connected to qualified certificates The value stored will be stored with upper- or lowercase letters depending on what is written on time of registration Search using upper- or lowercase letters are treated equally, ie. you will get match regardless of how the value is stored
Possible to use * (asterisk) in UserName-search when Username=SSN Buypass Mode: Bugfix – now possible independent of type of value registered in UserName, that is if UserName=SSN or if UserName=AD-domainname MixedMode: Bugfix – now possible also if UserName=SSN
NOTE: If Username is SSN the full date of birth must be entered before use of * (asterisk). Example: “260815*” = OK, “2608*” = NOT OK BAM-client will present manual search gui if Usercard not present in the functions Revoke certificates, PreRegistration, Disable Operator and Registration of ID control document, else information is read from card and used for automatically search
Improvements in Batch Preregistration – documented in UserGuide Preregistration Norwegian and English guides Validation improvements Operator gets a guidelines when it is possible to correct validation errors Retry-button enabled if any error situation in the file verified Support for loading files from different extensions
Improvements in Reports – documented in UserGuide - Reports Date format changed to Norwegian style for better sorting Reports and filtering shows certificates from chosen filter only
Improvements in Disable Operator - documented in UserGuide – Operators and connected pages for enabling/disabling Check implemented so it is not possible to enable a User as Operator if User has status Dismissed in Buypass Check implemented so it is not possible to renew certificates on a card with status Dismissed in Buypass Check implemented so only EA certificate belonging to User disabled will be wiped from card if Usercard present and more EA-certificates on card (More LCs on card function)
Improvements in Smartcard Diagnostic – documented in UserGuide – Smartcard Diagnostic Support for transition to “BackupMode” (=LocalMode) if connection to Buypass fails. Gives an error message and show certificate status for QC as “Not checked” Smartcard Diagnostic – better messages connected to Secure Messaging communication between card and ACR88/SignPad Smartcard Diagnostic – step information refreshed if error situation changes during operations in diagnostic
Improvements in Configuration Application – documented in UserGuide – Configuration Application Tool There is no longer possible to search for CA templates without a corresponding OID in the MASTER-file CA-tab
Improvements in trace file handling - documented in new page under Technical Guides – Logging and trace files Version number of BAM-client implemented as information field in Bam client trace log which makes it easier for Buypass Customer Support to investigate error situations New trace file generated for both BAM client and ConfigApp every time BAM client or ConfigApp is started, or when max file size is reached. Timestamp is included in the filename to distinguish. This makes it easier to pick correct trace file for sending to Buypass Customer Support if necessary
Improvements in error messages / messages Improvements in GUIs – texts and layout Email is now shown and possible to register in PreRegistration of User (one by one) – documented in UserGuide Preregistration Norwegian and English guides Smartcard Diagnostic is again showing UserDetails as long as the card has one LC. If card has more LCs the Operator must go to User details to see UserDetails of the different LCs in card
Known IssuesFunction “Disable Operator” does not support disabling of RA-ADMIN with correct guidelines and messages * (asterisk) is still valid character in preregistration of IssuerKey in PreRegistration. We will implement restrictions similar to those in registration of Username in AD
Next releaseOnly ordinary maintenance planned. No date set for new release. Installation guide - client readmeSee documentation here. |