Release Notes TrustBuilder 2016-09 (September)


The September release of TrustBuilder consists of various bugfixes and new features. (complete list below). OS rpm's are also updated to reflect the latest changes of the CentOS upstream repository.



Before you begin it is recommended to create a backup of the IDHUB database and your appliance configuration files.

New Features:

  • Templates: You can customise the templates from the SAML2 Post Profile, E-mail verification and Password reset. This can be done through the Administration Portal > Templates menu. The templates are in plain text (or plain html) and can be changed. To enable a SAML2 Post Profile template. A new configuration option has been added to the SAML2 Service Provider. You can select a different Post profile template. If you want to change it globally, you can edit the Default template in the system. Important: If the template is not correct you can potentially halt TrustBuilder operations. If you changed a template and it is not correct, there is a reset functionality available in the install application.
  • Office 365 Integration: Added a new WS-Federation Service Provider option for O365 Pre-Adal authentcation. A how-to is available in the documentation explaining the configuration.
  • Whitelist: Every URL that is received in TrustBuilder as a Query Parameter or Post Parameter is validated against a whitelist. This is a list of regular expressions, an URL must match with one of the entries otherwise TrustBuilder will not continue.
  • SAML2 IDP Push: Functionality has been added for receiving a SAML2 Push with a target URL. If the push is successful and the target URL is valid a redirect will be initiated to this URL
  • Anonymous access based on HTTP Method: Added the possibility for a Gateway public_web_app location to do authorization request to the TrustBuilder Authorization API. This is usefull when you have applications that want to protect certain HTTP Verbs (allow anonymous GET but POST, PUT, DELETE require authorization). To achieve this you will need to define your public web application as a normal Service Provider. Add the necessary authorization rules (options have been added to check for anonymous access) and change the configuration in the gateway from public_web_app(headerConfiguration) to public_web_app(headerConfiguration, true). if you do not have headers configured it can be public_web_app(nil,true)



  • Nginx 1.11.1
  • Naxsi 0.55.1
  • OpenResty


  • MariaDB


Changelog Summary:

  1. TB-3413 Basic UI Improvements TB-3431 - align user attribute property
  2. TB-3413 Basic UI Improvements TB-3424 - Check if saved on SP
  3. TB-3413 Basic UI Improvements TB-3423 - There is no home page BUG FIX
  4. Homepage small fixes
  5. TB-3415, TB-3429: Add missing arrows to panels. Make panel headings
  6. TB-3429: Make panel heading clickable for user list filter.
  7. TB-3429: Make panel headings clickable (not only the chevron arrow)
  8. only search for partner when no sessionindex is set
  9. Whitelist for redirects
  10. Fix multi-value-field-directive values binding. Refactor settings page
  11. Global Settings: Add existing workflow ids as options to Session
  12. Remove deprecated functions
  13. Formatting
  14. SAML2 Push Authentication only
  15. TB-3437: Add list, edit and create screens. Add templateService that
  16. TB-3432 add more information for error handling. add {{idhub_entity_id}}
  17. TB-3430 - Improve display of email verification status
  18. FIX: uri encode the idhub_entity_id
  19. Remove & # and $ from special characters
  20. TB-3422 - Breadcrumb too large
  21. if there is a sessionkey use it, otherwise not (missing fix)
  22. TB-3407 - "Register/New" when no "Required" attributes available
  23. TB-3437: Add delete modal. Generate unique ids in mock templateService.
  24. Filter: Add filter for listing the keys of an object using Object.keys
  25. TB-3441 - Allow one empty URI for SP > application authorization
  26. TB-3445: Adjust template model to coincide with the one specified in the
  27. TB-3019 WSFED Service Provider Model , DAO + SQL
  28. WS Federation SP Service
  29. TB-3019 JsonDeserializer for WsFederationSp
  30. WsFedSp Unit test
  31. TB-3440 - TB does not function with Java 8 101/2
  32. TB-3445: Update style of tabs in template modify screen.
  33. TB-3019 : add WsFedSP
  34. TB-3422 - Breadcrumb too large BUG
  35. TB-3448 - change name of attribute rules to authentication rules
  36. TB-3443 - Create new SP TYPE frontend All fields are manadtory This is
  37. TB-3445: Add variables read-only field that will display the required
  38. Removed the UnsatisfiedLinkErrors by removing the vacman.jar from the
  39. TB-3451: Create models of templates, translations and enum types.
  40. There was a problem with the loadGlobalSettings() of the settingsfacade
  41. Added STS Endpoint and Mex (with soap validation)
  42. add the extra message to the message
  43. TB-3453: Create database template and translation tables. Populate
  44. TB-3453: Add changes to h2 bootstrap script to allow unit testing. Use
  45. TB-3458: Calling a workflow from within derived attributes uses the
  46. TB-3421 - Inconsistency in check boxes SP create and modify.
  47. TB-3457 - Remove Name of Scheme and Method after Delete Statement
  48. TB-3457 - Remove Name of Scheme and Method after Delete Statement
  49. Unit Tests: Extract code for mocking http calls into new abstract class
  50. Unit Tests: Move ControllerTest class to correct directory
  51. TB-3451: Update template and translation models. Add deserializer for
  52. TB-3462: Add main logic for creating and reading templates.
  53. TB-3437 Templates: Rename package
  54. remove keystorelocation as it is redundant
  55. enable unit tests
  56. proxy logout
  57. TB-3462: Add updating and deletion support.
  58. TB-3742 - logout issue
  59. TB-3472
  60. STS
  61. TB-3462: Fix isDefaultTemplate method. Only update template properties
  62. TB-3463: Rename TemplateServiceTest to TemplateControllerTest since it
  63. Bug toJSON in savestate
  64. TB-3463 Unit Tests: Add more checks to testUpdateDefaultTemplate.
  65. TB-3453 Database: Rename POST_PROFILE_CODE to POST_PROFILE
  66. Revert "TB-3453 Database: Rename POST_PROFILE_CODE to POST_PROFILE"
  67. TB-3453 Database: Move alter table statements to create statement.
  68. TB-3462 Saml2 SP/IDP: Add postProfile field to Saml2 IDPs and SPs.
  69. TB-3463 Unit Tests: Check postProfile field in Saml2 IDP and SP tests
  70. TB-3474: An empty URL in SP authorization rules should not result in an
  71. TB-3474: An empty URL in SP authorization rules should not result in an
  72. TB-3437: Return empty response in update REST call. Refactoring.
  73. TB-3463 Unit Tests: Test duplicate templates on creation. Make
  74. TB-3437: Move the updating of translations from the service to the DAO.
  75. TB-3463 Unit Tests: Test deletion of a default template. Refactor
  76. TB-3437: - Added PostProfile. - Added support for post profile
  77. TB-3452 Validation: Add validation for Template and Translation classes.
  78. TB-3437: Templates - Added cache update in TemplateService. - TODO:
  79. TB-3437: Templates - Cleaned up import list ValidationResult.
  80. Confirmationdata in subject is optional, we do require it for a saml sp
  81. TB-3464 - "Save & Close" button on SP edit page does not close page
  82. TB-3445: Add rest calls to rest service.
  83. TB-3446: GUI - Link to template in IDP/SP
  84. TB-3437: Fix typo
  85. TB-3466 - Code/String Elements display during slow newtwork connections
  86. TB-3437: Restructure model to store translations in Map instead of List.
  87. Single logout with target url and whitelist
  88. add user info (for kerberos)
  89. IDP modify form: Fix ng-model and id fields.
  90. Form Validation: Improve scrolling and focusing of elements. Refactor
  91. TB-3445: Replace mock rest calls by http rest calls to the template
  92. Add login endpoint
  93. TB-3452: Improve invalid properties generated by template validation.
  94. Add the possibility to add the target as a queryparameter to the fixed
  95. STS changes
  96. TB-3842. execute derived attribute when there is a session also.
  97. Bug get default nameidformat when the nameidformat is unspecified and sp
  98. TB-3470: Add postProfileTemplate method to SPFacade (similar to
  99. TB-3446: Add postProfile field to SPs and IDPs that only allow selection
  100. remove check for empty field because empty fields come in as null.
  101. TB-3461 - Enum values are not sorted
  102. TB-3447: Add fields in the global settings page to link templates (of
  103. new logon endpoint
  104. unit test for multi value directive
  105. unit test for multi value directive
  106. TB-3461 - Enum values are not sorted - refactoring
  107. Adding logging for the assertion (handy when he was encrypted)
  108. TB-3461 - Enum values are not sorted - unit test for the
  109. - ProxyLogout - ZD-597
  110. TB-3461 - Enum values are not sorted - fix form control
  111. fix unit test
  112. Bugfix for SAML Push. Auth method id was not specified, gave internal
  113. proxy logout made the assumption dat out_headers existed.
  114. Add extended signature options like with SAML2
  115. WS federation passive profile.
  116. TB-3484 - Provide form to upload a DPX file
  117. TB-3473: Add added rest calls to admin_api_private.yaml file
  118. TB-3437: Add templates shortcut to home page
  119. TB-3437: Add translation keys to templates alert messages.
  120. TB-3484 - Provide form to upload a DPX file
  121. TB-3494 - GUI - implement anonymous flag
  122. TB-3496 - Application rule list has no a empty uri
  123. TB-3019 WSFed Service Provider Passive Profile and Active profile (STS)
  124. TB-3437: Prune translations with no content from the template.
  125. TB-3437: Throw operation-not-allowed user exception when there is an
  126. TB-3488 - When email is required attribute and value is pending
  127. TB-3488 - When email is required attribute and value is pending
  128. TB-3499 - E2E testing unique ids IDP provisioning
  129. TB-3499 - E2E testing unique ids IDP and SP list
  130. Changed the code to link a user to a token and setting the status to
  131. Add extra tables in test
  132. Enum does not exists
  133. H2 does not support enum
  134. TB-3483: Combined anonymous rules - Updated backend to generate
  135. TB-3483: Combined anonymous rules - Updated ResourceAccessRule in
  136. Exposes change static password functionality in the controller and
  137. Small change to the RestClientTest
  138. TB-3492 - extend digipass capabilities in IDHub TB-3500 - GUI - add
  139. TB-3492: Extend digipass capabilities in IDHub. Fixed two bugs: the
  140. TB-3492: Extend digipass capabilities in IDHub. Updated the
  141. JSHint: Add jshint options file to root directory.
  142. TB-3492 - extend digipass capabilities in IDHub TB-3501 - GUI - add
  143. Added default templates, cleaned up the names to something less
  144. workItem.request is not available when install is not ok ... so needed
  145. TB-3123 - Any Logged-In User(Principal) should not be able to delete
  146. Bugfix: Remove duplicated directive deifnition after faulty merge.
  147. Karma: Remove 'coverage' preprocessor when karma is started in debug
  148. TB-3463: Add front end unit tests for succesful creation, deletion and
  149. select correct post profile
  150. Unkown Service Provider Type when nothing was specified. Default is
  151. Facade was not completely done. template was not loaded ... guessing
  152. implement facade for assertion generation
  153. Implement custom branding templates for the post profile redirect pages
  154. Fix comments
  155. TB-3463: Add unit test for template edit controller.
  156. Remove debug content.
  157. TB-3509 - error on settings page when no workflows
  158. TB-3511 - Add Id's to the user attribute buttons
  159. seperating some of the logic in smaller modules
  160. TB-3512 - Digipass settings issues
  161. Fixed a couple of bugs that did not set the status to pending when using
  162. Revert "seperating some of the logic in smaller modules"
  163. Logger skeleton
  164. TB-3514 - Digipass Admin improvements
  165. TB-3510: Add script for resetting default templates. Add get call /reset
  166. TB-3510: Move /reset call to InstallationController. Remove test data
  167. TB-3510: Add reset page to install portal.
  168. TB-3510: Change REST call url to /reset/templates.
  169. TB-3510: Fix install API documentation. Document reset templates REST
  170. TB-3510: Clear the template for the IDHUB_IDP_UP IDP.
  171. TB-3514 - Digipass Admin improvements CORRECTED POM - missing provided
  172. TB-3509 - error on settings page when no workflows RE-Opened for error
  173. Add Request viewer to the gateway
  174. The principal for the credential can be empty as well
  175. undeclared var inside the gwlogin
  176. New logger helper to remove the ngx_log stuff in the scripts
  177. Change logging to new logger module
  178. TB-3503 - Anonymous rules implementation
  179. TB-3499 - E2E testing unique ids
  180. TB-3510: Add skip button to installer's reset page.
  181. Gateway bump up to Openresty and naxsi 0.55.1
  182. ServiceProvidersFacade: - Renamed overloaded allowedIps variant with
  183. TB-3513 - User Attributes category click on text does not function
  184. The correct comparison was not set in case of an authnlevel scheme
  185. Add app1 as extra application in example.conf
  186. - Change allowedIdps to use serviceProviderFacade. - if mfaAuthNethod ==
  187. TB-3521 - Log the build number when starting
  188. if a DB Adapter is specified, logs are filled with debug messages from
  189. TB-3521 - Log the build number when starting
  190. TB-3521 - Log the build number when starting REFACTOR
  191. Protractor: Add IDs to identity screens.
  192. fixed the errors on the soap sts
  193. ServiceProvider Facade change bug (forgot sp())
  194. Consents: No longer use http call code from admin rest service.
  195. UserPasswordDao: - Fixed bug in retrieving salt field in
  196. TB-3516 - Wrong Error Message for login operations
  197. TB-3520 - REST API call bug
  198. TB-3525 - Identity Page - User Attribute Duplicate Entry value wrong
  199. TB-3523 - Make view styles consistent
  200. Templates Caching: Fix the invalidation of the cache of IDPs and SPs
  201. TB-3437: Retrieve and use the resetPassword and verifyAddress templates
  202. TB-3539 - Wrong Alert Message on Forgotten Password page
  203. SP service unit test
  204. SP service unit test
  205. TB-3541 - E2E testing unique ids
  206. idp and sp filters
  207. sp controller
  208. sp and idp controllers
  209. TB-3548: Re-enable support for activating workflow when provisioning a
  210. TB-3548: Re-enable support for activating workflow when provisioning a
Have more questions? Submit a request