- 23 Jun 2023
- 4 Minutes to read
Release 2023.0.1 - What's New
- Updated on 23 Jun 2023
- 4 Minutes to read
Release 2023.0.1 - What's New
This document is intended to provide you with the information and details about the new features and important changes in the 2023.0.1 release of RapidIdentity LTS.
Notable Enhancements and New Features
PKCE Support added in OAuth/OIDC Authorization Flow
PKCE, "pixy", is an abbreviation for Proof Key for Code Exchange, an extension to the OIDC Authorization flow that enables applications to authenticate users without them needing to have a client secret.
The Authorization Code Flow + PKCE is an OpenId Connect flow specifically designed to authenticate native or mobile application users.
While PKCE was originally designed to protect the authorization code flow in mobile apps, its ability to prevent authorization code injection makes it useful for every type of OAuth client, even web apps that use client authentication.
PKCE is an optional setting on the OIDC Federation Partner configuration that can be enabled by checking the Enable Proof Key for Code Exchange (PKCE) checkbox in the OpenID Connect Configuration section of the Federation Partner configuration page.
To configure an OIDC SSO Service Provider application in RapidIdentity, navigate to: Configuration > Security > Identity Providers > Federation Partners
Support for DUO Universal Prompt
Effective with the 2023.0.1 LTS release, RapidIdentity has replaced Duo's traditional Duo Prompt experience with Duo's next-generation authentication, Universal Prompt.
In order to support the new Duo Universal Prompt while still providing users the ability to Start Over or Try Another Method, RapidIdentity now displays a prompt for the user to Proceed to Duo before redirecting them to the Universal Prompt.
To bypass the Proceed to Duo prompt, check the new Bypass 'Proceed to DUO' Prompt checkbox on the Duo Authentication Method in the associated Authentication Policy.
No additional changes in RapidIdentity are required for the new Duo Universal Prompt
The following Duo publications provide additional information regarding Duo's new Universal Prompt:
The following RapidIdentity articles provide additional information for configuring and using Duo as an authentication method in RapidIdentity:
Search Entitlements Catalog
A search bar has been added to the Entitlements Catalog page for users to more easily find the entitlements they're looking for.
To search, enter any part of the Entitlement Name and press Enter or click the search
Search is performed against any part of the Entitlement Name*
Reset Search button to re-display the full list of entitlements.
New Entitlement Option to Extend or Restart the Time
A new Allow Entitlement to be Reset option has been added to the Entitlement Configuration in Requests for
When an Entitlement Expiration Type is set to
Time-based the option to Allow Entitlement to be Reset becomes visible and, if checked, an appropriate Reset Workflow and Reset Workflow Form can be selected.
When Allow Entitlement to be Reset is enabled, users with an active
Time-based entitlement can request to have the time of that entitlement extended for a specified amount of time that begins when the Reset request is approved.
Reseting an entitlement is similar but different from Extending an entitlement in that, when Extended, the requested extension time is added to the current expiration time when the extension request is approved whereas, when Reset, the requested extension time begins when the reset request is approved.
To Request an Entitlement Reset, select the entitlement and click the Request Reset button from the bottom Action Menu.
Reset requests, grants, denials and expirations are included in the history of the user's Entitlement.
Additional Information Displayed on Request Approval Task Card
Additional information has been added to task notification cards for Entitlement Requests.
With this enhancement, the following details will be visible to provide approvers the information necessary to approve or deny the request without opening the request details:
- Entitlement Type
- Requestor has requested Entitlement Name for Target in OU/Group.
- This request will expire in Entitlement Request Expiration
Ability to Configure the Timezone in Connect Jobs
The ability to set a Timezone when scheduling a Connect Job has been added in Connect > Jobs > Details > Schedule
If not specified, the timezone of the Connect Server will be used. For Hosted RapidIdentity LTS customers, that time should be America/Chicago. For Rapididentity Cloud customers, that time will be Etc/GMT
Significant Issues Resolved
- The default 404 error page has been updated to prevent the Apache Tomcat version from displaying when a percent sign
%is included in the appliance's URL path
- A Null Pointer Exception when processing Workflow Approval Tasks has been corrected
- Cloned workflows have been updated to create a new and unique form ID
- An uncaught TypeError has been resolved in the Applications Module that prevented administrators from creating new SSO Form Fill Elements