John Jellema In the second release of 2025 we have improved HTTP Security Headers for both SSO and CustomerID. While many customers will have these already set at the proxy level, having the ability to control security headers within each application’s deployment may also benefit your deployment. These HTTP Security Headers are set to default off for this deployment, permitting you to become aware of them and test them in your environment. For our next release in spring of 2026, these HTTP Security Headers will be set to be on as default, though you will still have the ability to turn them off in your environment.
A core feature has been added to SSO; you can now manage Refresh Tokens. There is a new ability to apply policies to act on Refresh Tokens; these can be set against existing Refresh Tokens, or you can create policy to be applied for new tokens only. Please take a look at our release notes. You will find a link to the Refresh Token Expiration Policy page which lays out how to use the new feature. If you have concerns or questions, feel free to open a service desk ticket and we are always happy to help clarify (we will take your question as an opportunity to improve the documentation as well).
Within IDS 2024.2, SSO 9.5, we corrected several CVEs. Unfortunately, in correcting a small number of these, an error was introduced within Tomcat. This leads to unneeded threads being created, which can impact a very large or very long uptime environment. We observed a slight performance decrease in our release testing but were only able to identify the cause early this fall. We have created patch releases for SSO 9.5 and SSO 9.6. If you are unable to update to IDS 2025.2 with SSO 9.8, please consider deploying a patch to your environment, or ensure that it is rebooted regularly, which will release the unneeded threads.
There are, as always, several CVEs and other corrections that have been made to the Identity Platform.
One highlight for the upcoming release that we would like to mention. We are working to update a number of core technologies used by Identity Platform. At this time, we are aiming to deliver IDS 2026.1 as SSO 10.0 and CustomerID 7.0. These are major version upgrades as they contain backward incompatible changes. We will update the full platform to Java 21. SSO will have Tomcat updated from 9.x to 10.x. And CustomerID will be migrated from Wildfly to Spring Boot; note that UI and APIs will remain unaltered.
As with all software, Ubisecure would like to encourage you to upgrade your Identity Platform in a timely manner. Please contact your Integration Partner or Ubisecure Account Representative with any questions. Ubisecure encourages all customers to review and schedule service upgrade to this latest release. Bringing system flexibility, security, and new features to ensure the best user experience possible for your business is our goal.
For full details of the IDS 2025.2 release, please review the Release Notes and System Recommendations pages found on our Developer Portal.
About The Author: John Jellema
As VP Product Management, John is responsible for ensuring Ubisecure’s ongoing development of its Identity Platform, optimising the feature development while driving generational change across the IAM delivery platform. Since joining Ubisecure in 2017, John has refocused the cloud and on-premises delivered services to fulfil customer expectations across the Nordics.
Prior to joining Ubisecure, John worked for Verizon as a Global Security Product Manager, developing and managing its DDoS platform around the world. With more than 20 years experience in global product management, John is passionate about seamless technology integration. Standing on the shoulders of giants permits us to achieve greatness today and into the future.
More posts by John Jellema