release notes

Release notes Indicium (2021.2.13)

Related products: Indicium Service Tier
Release notes Indicium (2021.2.13)

Hello everyone,

in this sprint, we've improved the login flow and added immediate redirection after an expired password. Also, we've added a new process action, and support for tasks with logic type 'None'. You can read all about it below!

You can read the Indicium user manual to read about Indicium's features.

We'll keep you updated regularly about Indicium's progress.

June 9, 2021:

  • New Indicium (Universal) has released: 2021.2.13
    • An issue regarding system flows was found in this release of Indicium Universal. This issue caused some system flows to fail when they should not have. This issue has been hotfixed in version 2021.2.13 of Indicium Universal.

 

Indicium Universal

 

Breaking

 

Improved Indicium's login flow

In this version of Indicium Universal, we have improved Indicium's login flow. We removed the  DefaultIdentityProvider setting and improved the user experience.

When multiple options are available for logging in, e.g., with a local account against IAM, through IIS with integrated Windows authentication, or via external Identity Providers, Indicium will show the following page:

Improved login flow

This page has a Remember my choice checkbox that sets a cookie for the user to skip this page the next time. This way, each user can make their own choice.

If only one option is available, this page will not be shown at all, and the option will be handled as the default option. To this end, we have added the following configuration setting that allows you to disable the Sign in with local account option if, for instance, you only want to allow users to log in using an external Identity Provider like Azure AD:

"LoginOptions": {
"AllowLocalAccounts": false
}

 

New

 

Platform version visible on Indicum main page

The platform version is now also visible on Indicium's main page, underneath Indicium's version. This makes it easier to find the Intelligent Application Manager's (IAM) version.



 Platform version in Indicium's main page

 

New process action

It is now possible to renew access tokens with the new OAuth refresh connector. When you want to call external APIs from Indicium, it is sometimes necessary to refresh the access tokens. Since access tokens have a short lifetime, it can be useful to obtain a fresh one in the background. To use this new system flow action, select the OAuth refresh connector in a process action.

An OAuth Server is required, and the action requires a mandatory input parameter Refresh token. This input parameter can, for example, be obtained by using the process action OAuth login connector. Note that you only need to refresh the access token when it is almost expired. It is not necessary to do this before every API call.

The process action has several output parameters:

  • Access token = New access token issued by the OAuth Server that can be used to call an API.
  • Expires in = The lifetime of the new access token in seconds.
  • Granted scopes = The scopes returned by the OAuth Server.
  • Refresh token = Potentially a new refresh token when the provided OAuth Server only allows to refresh a token one time.
  • Token type = The type of token. Most of the time it contains the value "bearer".
 

Redirection after expired password

In the 2021.2 Thinkwise Platform release, we added a password expiration policy. To support this feature, Indicium will now automatically redirect a user to the Change password page once their password has expired and force a password change before access to the application is granted.

 

Support for tasks with logic type 'None'

In this version of Indicium Universal, we have added support for the Task logic type 'None' in the Software Factory, including support for output parameters. Previously, using this logic type would result in an error upon executing the task.

Task logic type ‘None’ represents a dummy task that can be used in a process flow or to display a form. It can be found in the Software Factory, in the menu Processes > Task > tab Settings.

 

Minor fixes and tasks

  • We have fixed an issue that occurred when using multi-row tasks in the Universal GUI. When the task execution couldn’t be started on of the selected records, for instance, due to a context procedure, the entire set would fail. Indicium will now ignore such errors, just like the Windows and Web GUIs do.
  • We fixed an issue that caused an infinite login loop when a DefaultIdentityProvider was configured in the appsettings.json and logging in failed because the user could not be matched with a valid user in IAM.
  • Tasks with a mandatory MultiSelectParameterId parameter would show an error. This has been fixed.
  • Indicium treated all error messages coming from the database server as fatal errors, causing the Universal GUI to be unable to continue editing a record or entering task parameters and retrying. This included situations that were not fatal and could be resolved by the user, such as tsf_send_message and raiserror calls or constraint violations. As of this version, Indicium will treat all user-defined errors such as raiserror and all constraint violations (PK, FK, CHECK, UNIQUE, and NOT NULL) as non-fatal, allowing the user to correct their input and try again.

 

 

An issue regarding system flows was found in this release of Indicium Universal. This issue caused some system flows to fail when they should not have. This issue has been hotfixed in version 2021.2.13 of Indicium Universal, which is available for download in TCP (link).

Our apologies for any inconvenience caused by this issue.


@Diana Kuipers Could you make sure the documentation is updated with the breaking change for Default Identity Provider?

https://docs.thinkwisesoftware.com/docs/deployment/indicium.html#integrate-an-external-identity-provider-into-indicium


Hi @Arie V , that happened to be scheduled for today. So, here it is: https://docs.thinkwisesoftware.com/docs/deployment/indicium.html#multiple-external-identity-providers


Hi @Diana Kuipers Good to see these changes!

One small remark: the first JSON example when clicking on the link in my post still contains the DefaultIdentityProvider row, might be good to change that too.


Hi @Arie V , you're right about that. It's changed now. Thanks!


Platform version visible on Indicum main page

The platform version is now also visible on Indicium's main page, underneath Indicium's version. This makes it easier to find the Intelligent Application Manager's (IAM) version.

@Vincent Doppenberg One of the security recommendations I recently encountered is hiding version information of software to make it less easy for hackers to target version-specific vulnerabilities (security through obscurity). That got me wondering about the /indicium page: why is the Indicium version and the Platform version publicly available and not hidden behind the login page?


Hello Arie,

You are correct that it is typically a security recommendation to hide version information. I don't see this as an actual security risk for our platform, but we will look into hiding this information behind authentication. Thank you for the suggestion.


Does the "Redirection after expired password” functionality also work for Windows(AD)-authentication ?
So a local domain user would be able to change his/her password for the local domain ?