Releasenote for Buypass Access Manager - BAM_LRA v3.6 

 This information is written in English only

NOTE!

Documentation connected to these new features and updates in other parts - User guides and System guides - will be written and published within the next week. Links will then be added for direct access to new information here.

Stine Granviken, product owner BAS, 27.08.15

I det følgende er det gitt en oppsummering av hvilke nye funksjoner og oppdateringer som ligger i ny versjon av .net versjonen av BAM – versjon 3.6.0_7392.
Dette er en ganske stor release med mange større og mindre forbedringer. De viktigste er:

• Støtte for flere lokale sertifikater fra flere ADer – se punkt 5 nedenfor
• Støtte for å kunne installere/sette opp en klient med hver og en funksjon i BAM-klienten som «stand alone» og at kun periferutstyr nødvendig for valgt funksjon kreves ved oppstart av klienten – se punkt 2 nedenfor
• Støtte for bruk av et nytt identitets kontroll element – se punkt 6 nedenfor
• Mulighet for å søke med *(stjerne) i Brukernavn-feltet dersom brukernavn er FNR – se punkt 8c nedenfor
• Mulighet for å få registrert epostadresse ved preregistrering av en-og-en person – se punkt 16a nedenfor

Detaljert liste foreligger her kun på engelsk:

New features  

1. Installation

   1. Silent launch – new scripts is made for different configurations to make it easier on installation

       

2. Startup

   1. Support for all functions “stand alone” on installation and that only necessary peripherals are asked for and checked on startup based on setup - documented in Installation - first time and update.

       

3. Possible to “reuse” a smartcard if something went wrong during first time issuance - documented in FAQ Operators.
   Requirements:

   1. Retrial of issuance the second time must be to same User as first time – card connected to User with same IssuerKey

   2. No certificates are connected to card on time for retrial

       

4. Possible to “reuse” a User, that is, it is possible to register (PreRegistration) a User one more time with same SSN and IssuerKey if User once has been dismissed from organization. The scenario here is that an employee is quitting and dismissed in BAM client. Then he/she reenters as employee some time later and are preregistered and given the same UserName and IssuerKey as on former employment - documented in PreRegistration - Norwegian version and in PreRegistration - English version.

    

5. More LCs from one or more ADs - documented in More local certificates in card

   1. We have added support for defining several ADs in the Configuration Application Tool

   2. Search is modified to support one or more ADs configured 

   3. If any of the ADs defined is configured with SSN-mapping (any of the combinations possible) full SSN-field is shown in Search-gui and it will be possibility to enter full SSN

   4. AD-domain is added in UserDetails in the User information panel of GUI, reports and PDFs 

   5. BAM-client will stop on startup if one or more of defined ADs are missing or not found. On the AD check all ADs configured in “ConfigApp” will be checked, and if one is not connected this will give an error message. Operator must start Configuration Application Tool to run a TEST in order to find which one is missing

   6. On issuing more LCs on card with some certificates on card already, we have implemented warnings (yellow) in order to give the Operator control of NOT issuing certificates for different users on same card. Client will in controlling step of ID card function give information of certificates on card – both type of certificate and name connected to certificate 

      1. Unsupported – if the QCs on the card are issued from another Issuer than the BAM-organization itself, the message will be: “Qualified certificate exists in card (Unsupported). Full name read from certificate: Tom Hansen” 

      2. EA – if the Usercard is an Operator card there will be an EA certificate (enrollment agent) on card, and the message will be: “Local certificate exists in card (EA). Full name read from certificate: Tom Hansen” 

      3. TLC – if the Usercard is a temporary card the message will be “Local certificate exists in card (TLC). Full name read from certificate: Tom Hansen” – you will be stopped long before this message is coming, because Temporary cards are not allowed in ID-card function 

      4. LC – if another local certificate is on card the message will be: “Local certificate exists in card (LC). Full name read from certificate: Tom Hansen”

          

6. Introduction of a new parameter for ID control. For replacement and renewal of certificates, we have added the possibility to turn on a parameter in ConfigApp MASTER-file IssueProcess-tab saying “Allow Operator identification”. If this is turned the Operator will be able to tick for “User is known – identified by Operator” in the ID control step instead of user showing an ID control document. If this option is used this will be registered in the PDF following the issue process. 

   Buypass recommend using this option only in organizations with few employees or in locations where Operator actually knows the employees. In larger organizations, the employees still should show identity documents - documented in Legitimation control.

    

7. Issuance of Temporary card failed if Operator had different PINs on Open and Closed pockets (UPINO-BIDPIN) – this is now fixed

    

8. Improvements in Search  – documented in UserGuide - Search

   1. Search-format changed to get faster search towards Buypass

   2. Search with IssuerKey changed to be case insensitive. IssuerKey is a field used for lookup of Users in Buypass connected to qualified certificates

      1. The value stored will be stored with upper- or lowercase letters depending on what is written on time of registration

      2. Search using upper- or lowercase letters are treated equally, ie. you will get match regardless of how the value is stored

   3. Possible to use * (asterisk) in UserName-search when Username=SSN

      1. Buypass Mode: Bugfix – now possible independent of type of value registered in UserName, that is if UserName=SSN or if UserName=AD-domainname 

      2. MixedMode: Bugfix – now possible also if UserName=SSN

      NOTE: If Username is SSN the full date of birth must be entered before use of * (asterisk). Example: “260815*” = OK, “2608*” = NOT OK 

   4. BAM-client will present manual search gui if Usercard not present in the functions Revoke certificates, PreRegistration, Disable Operator and Registration of ID control document, else information is read from card and used for automatically search

       

9. Improvements in Batch Preregistration – documented in UserGuide Preregistration Norwegian and English guides

   1. Validation improvements

   2. Operator gets a guidelines when it is possible to correct validation errors 

   3. Retry-button enabled if any error situation in the file verified 

   4. Support for loading files from different extensions

       

10. Improvements in Reports – documented in UserGuide - Reports

    1. Date format changed to Norwegian style for better sorting 

    2. Reports and filtering shows certificates from chosen filter only

        

11. Improvements in Disable Operator - documented in UserGuide – Operators and connected pages for enabling/disabling

    1. Check implemented so it is not possible to enable a User as Operator if User has status Dismissed in Buypass 

    2. Check implemented so it is not possible to renew certificates on a card with status Dismissed in Buypass 

    3. Check implemented so only EA certificate belonging to User disabled will be wiped from card if Usercard present and more EA-certificates on card (More LCs on card function)

        

12. Improvements in Smartcard Diagnostic – documented in UserGuide – Smartcard Diagnostic

    1. Support for transition to “BackupMode” (=LocalMode) if connection to Buypass fails. Gives an error message and show certificate status for QC as “Not checked”

    2. Smartcard Diagnostic – better messages connected to Secure Messaging communication between card and ACR88/SignPad

    3. Smartcard Diagnostic – step information refreshed if error situation changes during operations in diagnostic

        

13. Improvements in Configuration Application -

    1. 1.       – documentet in UserGuide – Configuration Application Tool

     

    1. There is no longer possible to search for CA templates without a corresponding OID in the MASTER-file CA-tab

        

14. Improvements in trace file handling

    1. Version number of BAM-client implemented as information field in Bam client trace log which makes it easier for Buypass Customer Support to investigate error situations

    2. New trace file generated for both BAM client and ConfigApp every time BAM client or ConfigApp is started, or when max file size is reached. Timestamp is included in the filename to distinguish. This makes it easier to pick correct trace file for sending to Buypass Customer Support if necessary

        

15. Improvements in error messages / messages

     

16. Improvements in GUIs – texts and layout 

    1. Email is now shown and possible to register in PreRegistration of User (one by one) 

    2. Smartcard Diagnostic is again showing UserDetails as long as the card has one LC. If card has more LCs the Operator must go to User details to see UserDetails of the different LCs in card

Known Issues

1. Function “Disable Operator” does not support disabling of RA-ADMIN with correct guidelines and messages

2. * (asterisk) is still valid character in preregistration of IssuerKey in PreRegistration. We will implement restrictions similar to those in registration of Username in AD

Next release

Only ordinary maintenance planned. No date set for new release.

Installation guide - client readme

See documentation here.

Releases