Releasenote for Buypass Access Manager - BAM_LRA v3.6
This information is written in English only
Release version: Buypass Access Manager - BAM_LRA .net 3.6.0_7392
Release date: 24.08.2015
Document classification: Open
Copyright: Buypass AS 2013-2015
NOTE!
Documentation connected to these new features and updates in other parts - User guides and System guides - will be written and published within the next week. Links will then be added for direct access to new information here.
Stine Granviken, product owner BAS, 27.08.15
I det følgende er det gitt en oppsummering av hvilke nye funksjoner og oppdateringer som ligger i ny versjon av .net versjonen av BAM – versjon 3.6.0_7392.
Dette er en ganske stor release med mange større og mindre forbedringer. De viktigste er:
- Støtte for flere lokale sertifikater fra flere ADer – se punkt 5 nedenfor
- Støtte for å kunne installere/sette opp en klient med hver og en funksjon i BAM-klienten som «stand alone» og at kun periferutstyr nødvendig for valgt funksjon kreves ved oppstart av klienten – se punkt 2 nedenfor
- Støtte for bruk av et nytt identitets kontroll element – se punkt 6 nedenfor
- Mulighet for å søke med *(stjerne) i Brukernavn-feltet dersom brukernavn er FNR – se punkt 8c nedenfor
- Mulighet for å få registrert epostadresse ved preregistrering av en-og-en person – se punkt 16a nedenfor
Detaljert liste foreligger her kun på engelsk:
New features
Installation
Silent launch – new scripts is made for different configurations to make it easier on installation
Startup
Support for all functions “stand alone” on installation and that only necessary peripherals are asked for and checked on startup based on setup - documented in Installation - first time and update.
Possible to “reuse” a smartcard if something went wrong during first time issuance - documented in FAQ Operators.
Requirements:Retrial of issuance the second time must be to same User as first time – card connected to User with same IssuerKey
No certificates are connected to card on time for retrial
Possible to “reuse” a User, that is, it is possible to register (PreRegistration) a User one more time with same SSN and IssuerKey if User once has been dismissed from organization. The scenario here is that an employee is quitting and dismissed in BAM client. Then he/she reenters as employee some time later and are preregistered and given the same UserName and IssuerKey as on former employment - documented in PreRegistration - Norwegian version and in PreRegistration - English version.
More LCs from one or more ADs - documented in More local certificates in card
We have added support for defining several ADs in the Configuration Application Tool
Search is modified to support one or more ADs configured
If any of the ADs defined is configured with SSN-mapping (any of the combinations possible) full SSN-field is shown in Search-gui and it will be possibility to enter full SSN
AD-domain is added in UserDetails in the User information panel of GUI, reports and PDFs
BAM-client will stop on startup if one or more of defined ADs are missing or not found. On the AD check all ADs configured in “ConfigApp” will be checked, and if one is not connected this will give an error message. Operator must start Configuration Application Tool to run a TEST in order to find which one is missing
On issuing more LCs on card with some certificates on card already, we have implemented warnings (yellow) in order to give the Operator control of NOT issuing certificates for different users on same card. Client will in controlling step of ID card function give information of certificates on card – both type of certificate and name connected to certificate
Unsupported – if the QCs on the card are issued from another Issuer than the BAM-organization itself, the message will be: “Qualified certificate exists in card (Unsupported). Full name read from certificate: Tom Hansen”
EA – if the Usercard is an Operator card there will be an EA certificate (enrollment agent) on card, and the message will be: “Local certificate exists in card (EA). Full name read from certificate: Tom Hansen”
TLC – if the Usercard is a temporary card the message will be “Local certificate exists in card (TLC). Full name read from certificate: Tom Hansen” – you will be stopped long before this message is coming, because Temporary cards are not allowed in ID-card function
LC – if another local certificate is on card the message will be: “Local certificate exists in card (LC). Full name read from certificate: Tom Hansen”
Introduction of a new parameter for ID control. For replacement and renewal of certificates, we have added the possibility to turn on a parameter in ConfigApp MASTER-file IssueProcess-tab saying “Allow Operator identification”. If this is turned the Operator will be able to tick for “User is known – identified by Operator” in the ID control step instead of user showing an ID control document. If this option is used this will be registered in the PDF following the issue process.
Buypass recommend using this option only in organizations with few employees or in locations where Operator actually knows the employees. In larger organizations, the employees still should show identity documents - documented in Legitimation control.
Issuance of Temporary card failed if Operator had different PINs on Open and Closed pockets (UPINO-BIDPIN) – this is now fixed
Improvements in Search – documented in UserGuide - Search
Search-format changed to get faster search towards Buypass
Search with IssuerKey changed to be case insensitive. IssuerKey is a field used for lookup of Users in Buypass connected to qualified certificates
The value stored will be stored with upper- or lowercase letters depending on what is written on time of registration
Search using upper- or lowercase letters are treated equally, ie. you will get match regardless of how the value is stored
Possible to use * (asterisk) in UserName-search when Username=SSN
Buypass Mode: Bugfix – now possible independent of type of value registered in UserName, that is if UserName=SSN or if UserName=AD-domainname
MixedMode: Bugfix – now possible also if UserName=SSN
NOTE: If Username is SSN the full date of birth must be entered before use of * (asterisk). Example: “260815*” = OK, “2608*” = NOT OK
BAM-client will present manual search gui if Usercard not present in the functions Revoke certificates, PreRegistration, Disable Operator and Registration of ID control document, else information is read from card and used for automatically search
Improvements in Batch Preregistration – documented in UserGuide Preregistration Norwegian and English guides
Validation improvements
Operator gets a guidelines when it is possible to correct validation errors
Retry-button enabled if any error situation in the file verified
Support for loading files from different extensions
Improvements in Reports – documented in UserGuide - Reports
Date format changed to Norwegian style for better sorting
Reports and filtering shows certificates from chosen filter only
Improvements in Disable Operator - documented in UserGuide – Operators and connected pages for enabling/disabling
Check implemented so it is not possible to enable a User as Operator if User has status Dismissed in Buypass
Check implemented so it is not possible to renew certificates on a card with status Dismissed in Buypass
Check implemented so only EA certificate belonging to User disabled will be wiped from card if Usercard present and more EA-certificates on card (More LCs on card function)
Improvements in Smartcard Diagnostic
Support for transition to “BackupMode” (=LocalMode) if connection to Buypass fails. Gives an error message and show certificate status for QC as “Not checked”
Smartcard Diagnostic – better messages connected to Secure Messaging communication between card and ACR88/SignPad
Smartcard Diagnostic – step information refreshed if error situation changes during operations in diagnostic
Improvements in Configuration Application
There is no longer possible to search for CA templates without a corresponding OID in the MASTER-file CA-tab
Improvements in trace file handling
Version number of BAM-client implemented as information field in Bam client trace log which makes it easier for Buypass Customer Support to investigate error situations
New trace file generated for both BAM client and ConfigApp every time BAM client or ConfigApp is started, or when max file size is reached. Timestamp is included in the filename to distinguish. This makes it easier to pick correct trace file for sending to Buypass Customer Support if necessary
Improvements in error messages / messages
Improvements in GUIs – texts and layout
Email is now shown and possible to register in PreRegistration of User (one by one)
Smartcard Diagnostic is again showing UserDetails as long as the card has one LC. If card has more LCs the Operator must go to User details to see UserDetails of the different LCs in card
Known Issues
Function “Disable Operator” does not support disabling of RA-ADMIN with correct guidelines and messages
* (asterisk) is still valid character in preregistration of IssuerKey in PreRegistration. We will implement restrictions similar to those in registration of Username in AD
Next release
Only ordinary maintenance planned. No date set for new release.
Installation guide - client readme
See documentation here.
Releasenote for Buypass Access Manager - BAM_LRA v3.6
This information is written in English only
Release version: Buypass Access Manager - BAM_LRA .net 3.6.0_7392
Release date: 24.08.2015
Document classification: Open
Copyright: Buypass AS 2013-2015
NOTE!
Documentation connected to these new features and updates in other parts - User guides and System guides - will be written and published within the next week. Links will then be added for direct access to new information here.
Stine Granviken, product owner BAS, 27.08.15
I det følgende er det gitt en oppsummering av hvilke nye funksjoner og oppdateringer som ligger i ny versjon av .net versjonen av BAM – versjon 3.6.0_7392.
Dette er en ganske stor release med mange større og mindre forbedringer. De viktigste er:
- Støtte for flere lokale sertifikater fra flere ADer – se punkt 5 nedenfor
- Støtte for å kunne installere/sette opp en klient med hver og en funksjon i BAM-klienten som «stand alone» og at kun periferutstyr nødvendig for valgt funksjon kreves ved oppstart av klienten – se punkt 2 nedenfor
- Støtte for bruk av et nytt identitets kontroll element – se punkt 6 nedenfor
- Mulighet for å søke med *(stjerne) i Brukernavn-feltet dersom brukernavn er FNR – se punkt 8c nedenfor
- Mulighet for å få registrert epostadresse ved preregistrering av en-og-en person – se punkt 16a nedenfor
Detaljert liste foreligger her kun på engelsk:
New features
Installation
Silent launch – new scripts is made for different configurations to make it easier on installation
Startup
Support for all functions “stand alone” on installation and that only necessary peripherals are asked for and checked on startup based on setup - documented in Installation - first time and update.
Possible to “reuse” a smartcard if something went wrong during first time issuance - documented in FAQ Operators.
Requirements:Retrial of issuance the second time must be to same User as first time – card connected to User with same IssuerKey
No certificates are connected to card on time for retrial
Possible to “reuse” a User, that is, it is possible to register (PreRegistration) a User one more time with same SSN and IssuerKey if User once has been dismissed from organization. The scenario here is that an employee is quitting and dismissed in BAM client. Then he/she reenters as employee some time later and are preregistered and given the same UserName and IssuerKey as on former employment - documented in PreRegistration - Norwegian version and in PreRegistration - English version.
More LCs from one or more ADs - documented in More local certificates in card
We have added support for defining several ADs in the Configuration Application Tool
Search is modified to support one or more ADs configured
If any of the ADs defined is configured with SSN-mapping (any of the combinations possible) full SSN-field is shown in Search-gui and it will be possibility to enter full SSN
AD-domain is added in UserDetails in the User information panel of GUI, reports and PDFs
BAM-client will stop on startup if one or more of defined ADs are missing or not found. On the AD check all ADs configured in “ConfigApp” will be checked, and if one is not connected this will give an error message. Operator must start Configuration Application Tool to run a TEST in order to find which one is missing
On issuing more LCs on card with some certificates on card already, we have implemented warnings (yellow) in order to give the Operator control of NOT issuing certificates for different users on same card. Client will in controlling step of ID card function give information of certificates on card – both type of certificate and name connected to certificate
Unsupported – if the QCs on the card are issued from another Issuer than the BAM-organization itself, the message will be: “Qualified certificate exists in card (Unsupported). Full name read from certificate: Tom Hansen”
EA – if the Usercard is an Operator card there will be an EA certificate (enrollment agent) on card, and the message will be: “Local certificate exists in card (EA). Full name read from certificate: Tom Hansen”
TLC – if the Usercard is a temporary card the message will be “Local certificate exists in card (TLC). Full name read from certificate: Tom Hansen” – you will be stopped long before this message is coming, because Temporary cards are not allowed in ID-card function
LC – if another local certificate is on card the message will be: “Local certificate exists in card (LC). Full name read from certificate: Tom Hansen”
Introduction of a new parameter for ID control. For replacement and renewal of certificates, we have added the possibility to turn on a parameter in ConfigApp MASTER-file IssueProcess-tab saying “Allow Operator identification”. If this is turned the Operator will be able to tick for “User is known – identified by Operator” in the ID control step instead of user showing an ID control document. If this option is used this will be registered in the PDF following the issue process.
Buypass recommend using this option only in organizations with few employees or in locations where Operator actually knows the employees. In larger organizations, the employees still should show identity documents - documented in Legitimation control.
Issuance of Temporary card failed if Operator had different PINs on Open and Closed pockets (UPINO-BIDPIN) – this is now fixed
Improvements in Search – documented in UserGuide - Search
Search-format changed to get faster search towards Buypass
Search with IssuerKey changed to be case insensitive. IssuerKey is a field used for lookup of Users in Buypass connected to qualified certificates
The value stored will be stored with upper- or lowercase letters depending on what is written on time of registration
Search using upper- or lowercase letters are treated equally, ie. you will get match regardless of how the value is stored
Possible to use * (asterisk) in UserName-search when Username=SSN
Buypass Mode: Bugfix – now possible independent of type of value registered in UserName, that is if UserName=SSN or if UserName=AD-domainname
MixedMode: Bugfix – now possible also if UserName=SSN
NOTE: If Username is SSN the full date of birth must be entered before use of * (asterisk). Example: “260815*” = OK, “2608*” = NOT OK
BAM-client will present manual search gui if Usercard not present in the functions Revoke certificates, PreRegistration, Disable Operator and Registration of ID control document, else information is read from card and used for automatically search
Improvements in Batch Preregistration
Validation improvements
Operator gets a guidelines when it is possible to correct validation errors
Retry-button enabled if any error situation in the file verified
Support for loading files from different extensions
Improvements in Reports
Date format changed to Norwegian style for better sorting
Reports and filtering shows certificates from chosen filter only
Improvements in Disable Operator
Check implemented so it is not possible to enable a User as Operator if User has status Dismissed in Buypass
Check implemented so it is not possible to renew certificates on a card with status Dismissed in Buypass
Check implemented so only EA certificate belonging to User disabled will be wiped from card if Usercard present and more EA-certificates on card (More LCs on card function)
Improvements in Smartcard Diagnostic
Support for transition to “BackupMode” (=LocalMode) if connection to Buypass fails. Gives an error message and show certificate status for QC as “Not checked”
Smartcard Diagnostic – better messages connected to Secure Messaging communication between card and ACR88/SignPad
Smartcard Diagnostic – step information refreshed if error situation changes during operations in diagnostic
Improvements in Configuration Application
There is no longer possible to search for CA templates without a corresponding OID in the MASTER-file CA-tab
Improvements in trace file handling
Version number of BAM-client implemented as information field in Bam client trace log which makes it easier for Buypass Customer Support to investigate error situations
New trace file generated for both BAM client and ConfigApp every time BAM client or ConfigApp is started, or when max file size is reached. Timestamp is included in the filename to distinguish. This makes it easier to pick correct trace file for sending to Buypass Customer Support if necessary
Improvements in error messages / messages
Improvements in GUIs – texts and layout
Email is now shown and possible to register in PreRegistration of User (one by one)
Smartcard Diagnostic is again showing UserDetails as long as the card has one LC. If card has more LCs the Operator must go to User details to see UserDetails of the different LCs in card
Known Issues
Function “Disable Operator” does not support disabling of RA-ADMIN with correct guidelines and messages
* (asterisk) is still valid character in preregistration of IssuerKey in PreRegistration. We will implement restrictions similar to those in registration of Username in AD
Next release
Only ordinary maintenance planned. No date set for new release.
Installation guide - client readme
See documentation here.