Hello everyone,
In this sprint, we updated the IdentityServer component, we added some query string and template parameters, Azure Active Directory can be used as a pool user, and you can now set the initial password with the Forgot Password function.
You can read more about Indicium's features in the Indicium user manual.
We will keep you updated regularly about Indicium's progress.
About Indicium
Two types of the Thinkwise Indicium Application Tier are available:
-
Indicium Basic: for use with the Windows GUI and Mobile GUI. This basic version does not support, for example, system flows and OpenID.
Download Indicium Basic release 2022.2.15 here (no new version this time). -
Indicium: for use with the Universal GUI and via APIs. This version uses the full range of Indicium functionality.
Download Indicium release 2022.2.16 here.
Contents of this release
Breaking
IdentityServer component updated
The IdentityServer component is updated to the latest version. This component is used when you have configured OpenID clients in IAM. There should be no noticeable changes. The refresh and access tokens generated with the previous version will remain valid after the update.
Due to license changes for the external IdentityServer component, a maximum of five OpenID clients are allowed after this update. Please contact Thinkwise if you need more than five clients.
Indicium - New
New two-factor authentication query string parameter
For two-factor authentication, we added a new query string parameter. This allows the two-factor authentication flow to be automated through links in the emails sent.
The Indicium /account/ui/twoFactor two-factor authentication page has a new twoFactorToken query string parameter. The two-factor authentication email template already had a {twoFactorToken} parameter that sent the token to the user by email, but adding this parameter to the query string allows you to turn it into a hyperlink:
/account/ui/twoFactor?twoFactorToken={twoFactorToken}. Using this URL, the user does not need to copy and paste the token.
New email template parameters for password reset
The Indicium /account/ui/resetPassword password reset page has two new query string parameters: username and resetToken. The password reset email template already had a {resetToken} parameter, and we added a username parameter. Now, you can turn it into a hyperlink:
/account/ui/resetPassword?username={username}&resetToken={resetToken}.
Using this URL, the user does not need to enter these two parameters.
Use Azure Active Directory as a pool user
We have implemented the ability to use Azure Active Directory users as the database pool user for Indicium. There is one drawback to this feature at the moment: it cannot be used to create a new database using the creation screen in the Software Factory.
To use this feature, in the appsettings.json configuration file, set the UseAzureActiveDirectory setting under MetaSourceConnection to true. Optionally, you can set the PoolUsername and PoolPassword parameters as well.
If the PoolUserName and PoolPassword are not set, Indicium will use the managed identity which is running the App Service in Azure as the pool user (similar to how it would use the Application Pool Identity for IIS). To enable using the managed identity of the App Service on your Azure SQL Database, add the App Service as a user to the database using the following statements:
CREATE USER {APP_SERVICE_NAME} FROM EXTERNAL PROVIDER;
ALTER ROLE db_owner ADD MEMBER {APP_SERVICE_NAME};Set the initial password with the Forgot Password function
If you have not yet configured a password a user in IAM, the user can now set their own initial password using the Forgot password feature of Indicium. This feature allows you to reset your password via email.
Indicium - Changed
Logging in the Indicium database event log improved
We have improved the logging of SQL statements for SQL Server in the Indicium database event log. You can access this Indicium database event log from the Indicium landing page. As of this version, we log the entire "exec sp_prepexec" statement, including its parameters, in the database event log. This allows you to view the parameter values and copy and run the SQL statement into your SQL Server Management Studio or Azure Data Studio without having to define the parameters yourself.
Performance improvements
In some situations, Indicium must validate whether a parent record is still available. In this release, we improved the performance of the associated SQL queries. The performance improvement depends on several factors, but we now ensure that only the required columns are selected. The performance improvements will be most noticeable when working on detail screens in the Universal GUI.
Scheduled license refreshes
A few weeks ago, our license server went down during the weekend, which made it impossible for instances of Indicium to automatically extend licenses. This by itself is not an issue, because Indicium will start extending licenses long before they actually expire. However, it came to our attention that whenever Indicium is unable to extend a license, it retries this so frequently that it causes considerable load on the database server. In this release we have greatly reduced the frequency of retries in order to prevent such performance issues in the future.
Minor fixes and tasks
- If the Indicium root URL contained a base path segment such as
/indicium, the returning@odata.contextmetadata URL in several Indicium responses was incorrect. The extra segment would then be missing from the metadata URL. This has been fixed. - When Indicium is running in Production mode (default), it will not send all database errors/messages to the client, because they might contain sensitive information about the architecture of the database or the network. Nearly all of these messages could be found in the error log, but there were a few that were not logged anywhere. This has now been fixed.