John Jellema In this release cycle we have been solidifying our new CI. We created three CustomerID patch releases, each removing deviations from the core code base which are now rolled-up into CustomerID 5.6 available in this release. SSO has also been patched, to add functionality to Suomi.fi requiring algorithm changes (Suomi.fi required continual encryption via AES128-GCM, you can read about it in our announcement here, and the Suomi.fi announcement here). These smaller patches allowed us to review the CI and ensure that we have the ability to quickly correct and release tested software. This ability is core to our operational future and essential to offering you good service. The Engineering team are also constantly working to increase the automated test cases to increase the test coverage for our platform – this means that more and more of the features are automatically tested via UI and API before the code is released to you.
New in this release
Time-based One-time Password
With this release, we extend the Identity Platform capabilities to include Time-based One-time Password (TOTP). In SSO you are now able to configure a new TOTP authentication method to be used similarly to other OTP methods. A new TOTP API application has been created for handling the adding and removal of secrets for users when setting up their device. It should be noted that you will need to facilitate ways for the users to generate and set up their devices and utilise the TOTP API to insert the secret to the user’s account, as there is no self-service UI or QR code generation available within SSO in this initial release.
This initial release of TOTP complies with RFC 6238, which is a generic implementation for Time-based One-time Password and should function with any authenticator application that supports the RFC standard.
Within SSO you will have the ability to create a TOTP secret via API call for each user, see the example “Your Secret Key” below on the left, but having your end users add that secret key to their authenticator application is still a manual process. Each user will have to copy and paste or manually type in the secret key to set up their authenticator application which will then generate the 6 digit TOTP code used each time they access your application. The use of a QR code to enter the secret (see the QR code link to Wikipedia below on right), could be created by your UI team to ease onboarding. But at this time a QR code generator is not available within our Identity Platform. We will be looking for your feedback to determine if you require a QR code generator – or if you will use commonly available generators within your own applications to facilitate the setup for users.
The following use cases are supported on a per application basis – meaning you can continue to have a variety of applications requiring only those users permitted or those sessions which need stronger authentication using your RFC 6238 compliant authenticator of choice.
Improvements and corrections
There are always continuous improvements and corrections being made to the Ubisecure Identity Server and this release is no exception.
You will find improvements made to our developer portal pages, such as here – https://developer.ubisecure.com/docs/display/IDS20202/System+Recommendations+and+Supported+Platforms – with information of the browsers and operating systems we support, software requirements related to java and databases as well as hardware recommendation for running operational environments. We have also added more information to the additional security consideration page –https://developer.ubisecure.com/docs/display/IDS20202/Security+considerations+for+production+environments+-+SSO – with recommendations on how to ensure that no system specific information is leaked to end users in an error situation.
For a full list of features, improvement and corrections, please see https://developer.ubisecure.com/docs/display/IDS20202/Identity+Server+2020.2+Release+Notes
Head over to https://www.ubisecure.com/developers/ to download the latest version of Ubisecure Identity Server today!
About The Author: John Jellema
As VP Product Management, John is responsible for ensuring Ubisecure’s ongoing development of its Identity Platform, optimising the feature development while driving generational change across the IAM delivery platform. Since joining Ubisecure in 2017, John has refocused the cloud and on-premises delivered services to fulfil customer expectations across the Nordics.
Prior to joining Ubisecure, John worked for Verizon as a Global Security Product Manager, developing and managing its DDoS platform around the world. With more than 20 years experience in global product management, John is passionate about seamless technology integration. Standing on the shoulders of giants permits us to achieve greatness today and into the future.
More posts by John Jellema