Hello everyone,
in this sprint, we've improved the login flow and added immediate redirection after an expired password. Also, we've added a new process action, and support for tasks with logic type 'None'. You can read all about it below!
You can read the Indicium user manual to read about Indicium's features.
We'll keep you updated regularly about Indicium's progress.
June 9, 2021:
- New Indicium (Universal) has released: 2021.2.13
- An issue regarding system flows was found in this release of Indicium Universal. This issue caused some system flows to fail when they should not have. This issue has been hotfixed in version 2021.2.13 of Indicium Universal.
Indicium Universal
Breaking
Improved Indicium's login flow
In this version of Indicium Universal, we have improved Indicium's login flow. We removed the DefaultIdentityProvider
setting and improved the user experience.
When multiple options are available for logging in, e.g., with a local account against IAM, through IIS with integrated Windows authentication, or via external Identity Providers, Indicium will show the following page:
This page has a Remember my choice checkbox that sets a cookie for the user to skip this page the next time. This way, each user can make their own choice.
If only one option is available, this page will not be shown at all, and the option will be handled as the default option. To this end, we have added the following configuration setting that allows you to disable the Sign in with local account option if, for instance, you only want to allow users to log in using an external Identity Provider like Azure AD:
"LoginOptions": {
"AllowLocalAccounts": false
}
New
Platform version visible on Indicum main page
The platform version is now also visible on Indicium's main page, underneath Indicium's version. This makes it easier to find the Intelligent Application Manager's (IAM) version.
New process action
It is now possible to renew access tokens with the new OAuth refresh connector. When you want to call external APIs from Indicium, it is sometimes necessary to refresh the access tokens. Since access tokens have a short lifetime, it can be useful to obtain a fresh one in the background. To use this new system flow action, select the OAuth refresh connector in a process action.
An OAuth Server is required, and the action requires a mandatory input parameter Refresh token. This input parameter can, for example, be obtained by using the process action OAuth login connector. Note that you only need to refresh the access token when it is almost expired. It is not necessary to do this before every API call.
The process action has several output parameters:
- Access token = New access token issued by the OAuth Server that can be used to call an API.
- Expires in = The lifetime of the new access token in seconds.
- Granted scopes = The scopes returned by the OAuth Server.
- Refresh token = Potentially a new refresh token when the provided OAuth Server only allows to refresh a token one time.
- Token type = The type of token. Most of the time it contains the value "bearer".
Redirection after expired password
In the 2021.2 Thinkwise Platform release, we added a password expiration policy. To support this feature, Indicium will now automatically redirect a user to the Change password page once their password has expired and force a password change before access to the application is granted.
Support for tasks with logic type 'None'
In this version of Indicium Universal, we have added support for the Task logic type 'None' in the Software Factory, including support for output parameters. Previously, using this logic type would result in an error upon executing the task.
Task logic type ‘None’ represents a dummy task that can be used in a process flow or to display a form. It can be found in the Software Factory, in the menu Processes > Task > tab Settings.
Minor fixes and tasks
- We have fixed an issue that occurred when using multi-row tasks in the Universal GUI. When the task execution couldn’t be started on of the selected records, for instance, due to a context procedure, the entire set would fail. Indicium will now ignore such errors, just like the Windows and Web GUIs do.
- We fixed an issue that caused an infinite login loop when a
DefaultIdentityProvider
was configured in theappsettings.json
and logging in failed because the user could not be matched with a valid user in IAM. - Tasks with a mandatory
MultiSelectParameterId
parameter would show an error. This has been fixed. - Indicium treated all error messages coming from the database server as fatal errors, causing the Universal GUI to be unable to continue editing a record or entering task parameters and retrying. This included situations that were not fatal and could be resolved by the user, such as
tsf_send_message
andraiserror
calls or constraint violations. As of this version, Indicium will treat all user-defined errors such asraiserror
and all constraint violations (PK, FK, CHECK, UNIQUE, and NOT NULL) as non-fatal, allowing the user to correct their input and try again.