Skip to main content

Hello everyone,

In this sprint, we updated the IdentityServer component, we added some query string and template parameters, Azure Active Directory can be used as a pool user, and you can now set the initial password with the Forgot Password function.

You can read more about Indicium's features in the Indicium user manual.

We will keep you updated regularly about Indicium's progress.

About Indicium

Two types of the Thinkwise Indicium Application Tier are available:

Contents of this release

Breaking

IdentityServer component updated

The IdentityServer component is updated to the latest version. This component is used when you have configured OpenID clients in IAM. There should be no noticeable changes. The refresh and access tokens generated with the previous version will remain valid after the update.

Due to license changes for the external IdentityServer component, a maximum of five OpenID clients are allowed after this update. Please contact Thinkwise if you need more than five clients.

Indicium - New

New two-factor authentication query string parameter

For two-factor authentication, we added a new query string parameter. This allows the two-factor authentication flow to be automated through links in the emails sent.

The Indicium /account/ui/twoFactor two-factor authentication page has a new twoFactorToken query string parameter. The two-factor authentication email template already had a {twoFactorToken} parameter that sent the token to the user by email, but adding this parameter to the query string allows you to turn it into a hyperlink:

/account/ui/twoFactor?twoFactorToken={twoFactorToken}. Using this URL, the user does not need to copy and paste the token.

New email template parameters for password reset

The Indicium /account/ui/resetPassword password reset page has two new query string parameters: username and resetToken. The password reset email template already had a {resetToken} parameter, and we added a username parameter. Now, you can turn it into a hyperlink:

/account/ui/resetPassword?username={username}&resetToken={resetToken}.

Using this URL, the user does not need to enter these two parameters.

Use Azure Active Directory as a pool user

We have implemented the ability to use Azure Active Directory users as the database pool user for Indicium. There is one drawback to this feature at the moment: it cannot be used to create a new database using the creation screen in the Software Factory.

To use this feature, in the appsettings.json configuration file, set the UseAzureActiveDirectory setting under MetaSourceConnection to true. Optionally, you can set the PoolUsername and PoolPassword parameters as well.

If the PoolUserName and PoolPassword are not set, Indicium will use the managed identity which is running the App Service in Azure as the pool user (similar to how it would use the Application Pool Identity for IIS). To enable using the managed identity of the App Service on your Azure SQL Database, add the App Service as a user to the database using the following statements:

CREATE USER {APP_SERVICE_NAME} FROM EXTERNAL PROVIDER;
ALTER ROLE db_owner ADD MEMBER {APP_SERVICE_NAME};

Set the initial password with the Forgot Password function

If you have not yet configured a password a user in IAM, the user can now set their own initial password using the Forgot password feature of Indicium. This feature allows you to reset your password via email.

Indicium - Changed

Logging in the Indicium database event log improved

We have improved the logging of SQL statements for SQL Server in the Indicium database event log. You can access this Indicium database event log from the Indicium landing page. As of this version, we log the entire "exec sp_prepexec" statement, including its parameters, in the database event log. This allows you to view the parameter values and copy and run the SQL statement into your SQL Server Management Studio or Azure Data Studio without having to define the parameters yourself.

Performance improvements

In some situations, Indicium must validate whether a parent record is still available. In this release, we improved the performance of the associated SQL queries. The performance improvement depends on several factors, but we now ensure that only the required columns are selected. The performance improvements will be most noticeable when working on detail screens in the Universal GUI.

Scheduled license refreshes

A few weeks ago, our license server went down during the weekend, which made it impossible for instances of Indicium to automatically extend licenses. This by itself is not an issue, because Indicium will start extending licenses long before they actually expire. However, it came to our attention that whenever Indicium is unable to extend a license, it retries this so frequently that it causes considerable load on the database server. In this release we have greatly reduced the frequency of retries in order to prevent such performance issues in the future.

Minor fixes and tasks

  • If the Indicium root URL contained a base path segment such as /indicium, the returning @odata.context metadata URL in several Indicium responses was incorrect. The extra segment would then be missing from the metadata URL. This has been fixed.
  • When Indicium is running in Production mode (default), it will not send all database errors/messages to the client, because they might contain sensitive information about the architecture of the database or the network. Nearly all of these messages could be found in the error log, but there were a few that were not logged anywhere. This has now been fixed.

Hello everyone,

We have fixed an issue with the handling of certain input parameters for the List Folder (Recursive input parameter), Copy Folder (Target folder name input parameter) and Move Folder (Target folder name input parameter) process actions, that use storage locations (i.e. the new versions of these process actions). When using these input parameters a message would be logged indicating that they were not supplied with a value or that the value was invalid.

The fix for these issues has been released as version 2022.2.16.2, which is available for download in TCP.

We apologize for any inconvenience caused by these issues.


Hello everyone,

We have released another hotfix for this version Indicium, which is available in TCP as version 2022.2.16.3. This hotfix fixes an issue that could cause users in the Universal GUI to receive many “Application model expired” messages, even though the application model had not changed at all. We recommend everyone with a recent version of Indicium to update to 2022.2.16.3.

We apologize for any inconvenience caused by this issue.