10Duke Enterprise release notes

Learn about new features, enhancements, and fixed issues in the most recent 10Duke Enterprise releases.


Release 5.6.2

Release date: November 8, 2024

10Duke Identity Management REST API 2.2.2

Bug fixes:

  • Fixed an issue that could cause the query for a user’s TOTP credentials to fail.

10Duke Entitlement Management REST API 3.5.2

Bug fixes:

  • Querying a user’s or device client’s available licenses or licenses in use now correctly returns information also on the total credit amount and the amount consumed also for use count and use time.

10Duke Login Application

Bug fixes:

  • Minor fixes.

10Duke My Licenses

Enhancements:

  • Minor internal improvements.

10Duke OrgAdmin

Enhancements:

Other changes

  • Fixed an issue that caused the Graph API request to register a user to fail.

Release 5.6.1

Release date: October 24, 2024

The release includes minor security improvements. We recommend updating to this release.

10Duke Identity Management REST API 2.2.1

Bug fixes:

  • Fixed the API reference documentation to remove the incorrect claim that the organization name should be unique.

10Duke Entitlement Management REST API 3.5.1

Bug fixes:

  • Fixed a backward compatibility issue related to license provisioning and updates no longer allowing zero or negative values as quantity in a transaction item. Whether this is allowed is now configurable in your deployment.

    By default, zero and negative values are not allowed. If needed, contact the 10Duke Integration Support team for a configuration change in your deployment.

  • Fixed an issue where retrieving the entitlements to which a group has access only returned a maximum of 10 entitlements. The limit has now been increased to 1000 entitlements.

10Duke Login Application

Bug fixes:

  • Minor fixes.

10Duke My Licenses

Bug fixes:

  • Minor fixes.

10Duke OrgAdmin

Bug fixes:

  • Fixed a page loading issue related to localized licensed item display names.

  • Other minor fixes.

Other changes

Enhancements:

  • Performance improvements in license management and internal event sending.

Bug fixes:

  • Fixed an issue where the system allowed releasing a license reservation even if this was not allowed by the license model.

  • Attempting to release a license lease that has expired or has already been released now correctly returns an error.

    If needed, the earlier behavior where this doesn’t result in an error can be restored with a configuration change. If needed, contact the 10Duke Integration Support team for a configuration change in your deployment.

  • Fixed an issue in the prioritization of licenses in license consumption, which could sometimes lead to unnecessarily using a new seat for a user who was already consuming a license.

  • Fixed an issue that caused a seat reservation to fail if the user was already consuming a seat from the license.


Release 5.6.0

Release date: September 25, 2024

The main enhancements introduced in this release:

  • 10Duke My Licenses, a new UI tool for end users to view the licenses available to them.

  • Localization support for the display names of your licensed items. You define the translations in SysAdmin, and the translations are used in My Licenses and OrgAdmin, and can also be retrieved through 10Duke Entitlement Management REST API.

  • 10Duke Entitlement Management REST API support for managing the activation codes used for license provisioning.

10Duke Identity Management REST API 2.2.1

Enhancements:

  • Clarified the documentation on how the account activation message sending is handled if the query parameter activationMessage is left unspecified or null:

  • Added information on system limits to user queries. By default, you can retrieve users up to the limit of 5000 users, and you need to use values in the offset and limit parameters that don’t extend the query past this limit.

Bug fixes:

  • When the system’s default URL to the welcome page is being used in an invitation to a user or a device client (that is, memberWelcomeUrl is not provided in the API request), the default URL now automatically includes the next parameter containing the URL from invitationCompletedUrl if the request provides it.

  • The email address provided when creating a user is now validated to remove any leading or trailing whitespace.

  • Fixed an issue where some operations returned a plain text error instead of a documented JSON error if the ID of the item was invalid.

10Duke Entitlement Management REST API 3.5.0

Enhancements:

Bug fixes:

  • Fixed the provisioning and updating of licenses for an organization or user to no longer allow setting a transaction item’s quantity value to zero or to a negative value.

  • Fixed an issue where a user’s attempt to consume use count from a license failed on the second time.

  • Fixed an issue where retrieving the transaction for an organization or a user returned an empty transaction response if the provided external transaction ID was not found. An appropriate error response is now returned.

  • Fixed an issue where some operations returned a plain text error instead of a documented JSON error if the ID of the item was invalid.

10Duke Login Application

Enhancements:

  • An email address that is already being used as a user account’s recovery email address can now be set as the primary email address for a new or existing user account. In addition, recovery email addresses no longer need to be unique across user accounts in the system: the same recovery email address can be used in multiple user accounts.

  • New fields added in events: the ForgotPasswordEmailSent, ForgotPasswordReset, UserMfaActivated, and UserMfaDeactivate events now have a userId field, and ForgotPasswordEmailSent also has a validFrom field.

Bug fixes:

  • If the user’s session has been invalidated, the user can now log in again and is correctly redirected to what they were trying to access, instead of always being redirected to the profile page.

  • An error message is now shown if a user tries to activate their user account using an expired account activation code, or tries to reset their password using an expired password reset code.

10Duke My Licenses

10Duke My Licenses is a new web-based UI tool where the end users of your software applications can access information on the licenses available to them. My Licenses is an optional component that is purchased separately.

In My Licenses, an end user (a user in your B2B customer’s organization, or a B2C customer of yours) can view the organization licenses they are authorized to access, as well as their own personal licenses.

My Licenses provides a customizable view to license information such as the license status and validity, seats available and seat reservations, and current license usage. You can also customize the appearance of the UI to match your brand.

My Licenses is fully localizable and provides default UI text translations in 14 languages. My Licenses also supports the new licensed item translation feature introduced in this release.

10Duke SysAdmin

Enhancements:

  • In PRODUCT CONFIGURATION > Licensed items, you can now localize the display names of licensed items.

    On a licensed item’s Details tab, there’s a new Manage localization button. This opens a side panel where you can add the display name translations. For each translation, you specify the locale it applies to.

    The supported locales are based on your deployment configuration. If you need changes to which locales are supported in your deployment, contact the 10Duke Integration Support team.

  • When downloading an organization license token, providing a hardware ID is now only mandatory if the license’ license model anchors license sessions to the hardware ID (using the ConcurrentSessions constraint).

  • When viewing the users of an organization’s user group or when adding users there, the user table filter based on the contact email now uses a “starts with” search, instead of a “contains” search.

  • On the Authorize consumers tab of an organization’s entitlement, the Has access column now uses visual indicators to show whether the group has access to the entitlement (a green check mark icon for access, or a red “X” icon for no access).

Bug fixes:

  • Fixed the creating and editing of a transaction item to no longer allow setting Quantity to zero or to a negative value.

  • Fixed an issue where SysAdmin always used the system’s default redirect page for failed logins due to missing access rights, even if a custom redirect page had been defined.

  • Fixed an error in displaying a role’s permissions after edits in the permission side panel were canceled.

  • After downloading an organization license token for a license that has seats, the view for managing seat reservations for the license no longer incorrectly shows the user as having a seat reservation.

  • After downloading an organization license token for a license that has seats, the Seats column on the license list is now refreshed immediately to show an updated count of seats in use.

  • Improved the error message shown when an administrator cannot download a license token because the license model has ConsumptionLockConstraint defined, and a locking already exists for another device and prevents the license from being consumed.

  • Improved the error messages shown when creating an invitation to a user fails because the given email address is already used in the system by another user account.

  • Fixed a pagination issue on the user list when adding users to a user group.

  • Other minor fixes.

10Duke OrgAdmin

Enhancements:

  • Where licensed item’s display names are shown, OrgAdmin now shows the translation of the display name according to the user’s locale. If no translation is available for the user’s locale, the default display name is used as a fallback.

Bug fixes:

  • Fixed an issue that sometimes caused an authentication error to be incorrectly shown to a user when navigating to OrgAdmin.

  • Improved the error message shown when an administrator cannot make a seat reservation from a license because the license model’s limit for seat assignments has been reached.

  • Improved the error message shown when an administrator cannot download a license token because the license model has ConsumptionLockConstraint defined, and a locking already exists for another device and prevents the license from being consumed.

Other changes

Enhancements:

  • Licenses granted using the Graph API now also follow the seat reservation limit defined in the product package when the license model limits seat reassignments.

Release 5.5.0

Release date: July 5, 2024

The main enhancements introduced by this release:

  • 10Duke Entitlement Management REST API support for provisioning licenses directly to a specified entitlement.

  • 10Duke SysAdmin support for transactions in provisioning and maintaining licenses, which brings it in sync with the Entitlement Management REST API. The legacy UI that doesn’t use transactions is available through a configuration option.

10Duke Identity Management REST API 2.2.0

Enhancements:

Bug fixes:

  • POST and PUT requests to the /clients and /organizations/{organizationId}/clients endpoints now correctly require the mandatory clientId to be provided.

  • A minor fix in the OpenAPI document structure.

10Duke Entitlement Management REST API 3.4.0

Enhancements:

  • When provisioning licenses to an organization or user, a transaction item has a new entitlementId parameter for specifying where to store the created licenses. If no entitlement is specified, the licenses are stored in the default entitlement.

    The same parameter is available when updating a transaction’s licenses for an organization or user, where it can be used to specify where any new licenses created by the update operation are stored. The parameter doesn’t affect existing licenses: they’re not moved from their current entitlement.

  • In the license provisioning operations to retrieve a transaction and to suspend or resume a transaction, the transactionId path parameter has been renamed as transactionExternalId to more clearly indicate that it specifies the external ID of the transaction.

  • The EffectiveLicenseModel object, which is returned, for example, when retrieving a user’s available licenses, now includes information on ConsumptionLockConstraint if defined in the license model.

Bug fixes:

  • Fixed a bug that allowed duplicate default entitlements to be created for an organization.

  • Fixed the API reference documentation to provide the missing date-time format specifier for the Created and Modified fields.

10Duke Login Application

Enhancements:

  • It’s now possible to configure redirect URLs for invitations sent from 10Duke SysAdmin and 10Duke OrgAdmin: the URL where the user is redirected after completing the invitation process. A redirect URL is configured separately for invitations to an organization (group) and for invitations to sign up as a user.

  • In the password reset URL included in the email template for “password reset completed” emails, you can now use format arguments for inserting the base URL and the user’s email address.

    An example message in the template where the base URL will be inserted in {20} and the user’s email address in {11}:

    You can now continue using your 10Duke account normally with your new password.\n\nIf you did not request password change, reset your password here: {20}/user/forgot/password?email={11}

Bug fixes:

  • A minor fix in the German translations.

10Duke SysAdmin

Enhancements:

  • SysAdmin provides a new UI for granting and maintaining licenses using transactions, a concept that is also used by the Entitlement Management REST API provisioning operations.

    In the left sidebar in SysAdmin, you now navigate to licenses from under LICENSES, where you first select either Organization or Personal and then select an organization or user.

    The LICENSES view provides two tabs, which work the same way with both organization and personal licenses.

    • A new Transactions tab, where you find all the features related to granting, updating, and suspending licenses for the selected organization or user.

      You grant licenses by creating a transaction that consists of one or more transaction items. Each transaction item specifies the information needed for granting licenses with one product package into a selected entitlement. Any later changes to the licenses are also done through the transaction and the applicable transaction item.

    • The Entitlements tab, which provides the same features as before except for those related to granting and making changes to licenses.

      Here you create and manage entitlements for the organization or user in the same way as before, manage group access and seat reservations for organization licenses, and so on.

    The new transaction-based UI moves your control over licenses to the transaction item level, and makes the product package the core source for license information. Note the following changes:

    • You no longer manually define what type of credit (seats, use count, or use time) to grant in a license: this is now directly determined by the credit type in the licensed item’s settings in the product package. You only define how many product packages are used to grant licenses. This product package quantity acts as a multiplier against the credit amount in the licensed item’s settings to calculate the final license credit.

    • All changes to licenses are now done through a transaction item in a transaction. The changes always apply to all the licenses associated with the transaction item. The old features for editing licenses individually are only available in the legacy UI, such as updating the validity or credit of an individual license, or suspending a license.

    • Licenses can no longer be deleted individually. You can delete a transaction item to delete all the licenses in it. A whole transaction cannot be deleted, but you can suspend a transaction to suspend all the licenses.

    Other things to note:

    • Updating the allowed versions in existing licenses is no longer possible. If needed, you can delete the transaction item from the transaction to delete the old licenses, and add a new transaction item to grant new licenses with the latest information from the product package.

    • You can only update a transaction if all product packages used in it are active and valid.

    • The feature for releasing licenses currently in use (that is, ending the lease) is no longer available from the license list. You can still release a particular user’s leases from their user account, but it’s no longer possible to release all seats being consumed from an organization license in one go, nor to release seats being consumed by device clients.

    • A product package cannot be deleted if it’s associated with a transaction item. You need to first delete any transaction items where it’s used, which in practice means deleting all the licenses granted using the product package.

    See how to manage licenses and entitlements in the new transaction-based UI.

    Taking the new transaction-based UI into use:

    • To switch to using the new transaction-based UI features, contact the 10Duke Integration Support team for a configuration change. If your deployment has licenses created without a transaction, a migration is required to create transactions for them.

    • If needed, you can continue to use the legacy UI features that don’t use transactions for granting licenses. This doesn’t require any actions from you.

    Note: License provisioning integrations that don’t create transactions (such as the Graph API and the event-based integrations) cannot be used side by side with the new transaction-based UI in SysAdmin.

  • SysAdmin now supports defining a lock scope for licenses (or disabling it) when required by the license model. The lock scope is defined in the transaction item (see above) and applies to all licenses granted with the transaction item.

    Setting a lock scope is only supported by the new transaction-based UI features. If the legacy UI is in use, the lock scope can only be set through the Entitlement Management REST API.

    See more about the use of lock scopes for preventing the abuse of trial licenses and the license model’s ConsumptionLockConstraint rule.

  • Deleting a licensed item is no longer allowed if it’s used in a product package or if it’s associated with active licenses. (Earlier deleting a licensed item also deleted all associated licenses.)

  • Fixed editing a custom license model so that an error in the JSON can no longer cause the whole license model to be wiped clean.

  • In a product package, the table on the Licensed items tab now also displays the settings defined for each licensed item in the product package.

  • Fixed minor issues related to making license model changes in the product package.

  • To reduce database load, filtering by a table column in user tables is now applied after pressing Enter instead of immediately after typing.

  • In invitation tables with a State filter, selecting a state now updates the table, and there’s no Apply button anymore.

  • URL fields in OAuth and SAML identity provider connections now also allow local URLs.

  • Added the missing @internal/organizationGroup and @internal/organizationRole local claims to the menus when defining the response attributes for an OAuth or SAML identity provider connection.

  • The “not authorized” page now also shows an option to log out.

Bug fixes:

  • Fixed filtering of groups when adding a user to groups, and filtering of activation code configurations by name.

  • Fixed an issue related to how SysAdmin checked permissions when a user with a custom internal role attempted to view roles in SysAdmin.

    If you’re using custom internal roles with a custom Grants permission, the fix also requires replacing that permission. Contact the 10Duke Integration Support team for support.

  • Other minor fixes.

10Duke OrgAdmin

Enhancements:

  • The license usage dialog now also shows the client application version on which the license is being consumed.

Bug fixes:

  • Blocking a license is now correctly enforced also when the license model contains AssignedLicenseConstraint with allowLazyReservation set to true.

  • Other minor fixes.

Other changes

Bug fixes:

  • A lease refresh can no longer shorten the lease.

Release 5.4.0

Release date: May 27, 2024

10Duke Identity Management REST API 2.1.1

Enhancements:

  • The default welcome URLs are now configured separately for user and device client invitations.

    If you need a different default welcome URL defined for device client invitations in your deployment, contact the 10Duke Integration Support team for a configuration change.

Bug fixes:

  • Fixes in the API reference documentation:

10Duke Entitlement Management REST API 3.3.1

Enhancements:

  • When provisioning licenses to an organization or user, the new productName parameter enables identifying the product package to be used by the product package’s name instead of the unique ID.

    Provide either productId or productName to identify the product package, but not both.

  • License provisioning operations now send events.

Bug fixes:

  • Fixed an error that caused retrieving the license usage for a user or a device client to fail if the license model’s ConcurrentSessions constraint uses any other anchor type than Hardware in sessionAnchors or leaseAnchors.

  • Fixed the response to moving a license to another entitlement, which was missing the license properties.

  • Fixed the documentation on how licenses can be deleted when updating the licenses for an organization or a user. The operations never delete licenses if license items have been removed from the product package, and if a transaction item is not included in the request and allowDeleteLicenses is false, the operation fails.

10Duke Login Application

Enhancements:

  • To reduce the risk that a user enters their email address wrong when registering, the registration page can now be configured to display a second email address input field so that the email address must be entered twice.

    To enable the second field in your deployment configuration, contact the 10Duke Integration Support team.

  • When the user has clicked a link to send an email to validate their email address, the notification text displayed on the page now shows the email address where the email was sent.

  • To support the need to use a shorter than standard key length when verifying ID token signatures with the JWT bearer token authorization grant flow, it’s now possible to disable the key length check in the configuration.

    Contact the 10Duke Integration Support team for a configuration change if needed.

  • When a client application connects to 10Duke Enterprise using the authorization code grant flow with PKCE, and its SysAdmin configuration specifies a client secret, it’s now configurable whether the secret is required also when requesting an access token, instead of only when requesting the refresh token.

    This is related to an enhancement in release 5.0.0, which changed the behavior with this authentication flow so that the secret is always required also when requesting an access token. In most cases, a client secret is not used together with this flow.

    If the client secret must not be required when requesting an access token in your deployment, contact the 10Duke Integration Support team for a configuration change.

Bug fixes:

  • A minor fix in drop-down menu behavior.

10Duke SysAdmin

Enhancements:

  • Changes to the default JSON when you’re creating a custom license model:

    • Behaviors now includes the allowLeaseExtension and allowLeaseRelease rules, both set to true, and the licenseLockingBehavior rule with lockMode set to LOCK_LICENSE.

    • Constraints now includes ConsumptionLockConstraint that can be used for trial abuse prevention, with consumptionLockAnchor set to Hardware.

      IpAddressConstraint has been removed.

  • To improve page loading, the SysAdmin home page no longer displays by default the summary cards on users, invitations, organizations, and sessions. They continue to be displayed on the Identity Dashboard.

    To display the cards in your deployment, contact the 10Duke Integration Support team for a configuration change.

  • The top toolbar now provides a link to the documentation site.

Bug fixes:

  • Fixed an error that caused creating an OAuth identity provider to fail.

  • Fixed errors in granting or viewing licenses when the license model uses LicensedItem in sessionAnchors in the ConcurrentSessions constraint.

  • Defining Token signature public key is no longer erroneously mandatory when creating an OAuth identity provider.

  • The Valid until field is also now shown in the invitation summary when creating a new invitation to user group.

  • Other minor fixes.

10Duke OrgAdmin

Enhancements:

  • Support for adding custom links in OrgAdmin:

    • As options in the user menu in the top toolbar

    • As action buttons above a table (like the existing Create button above the user group table)

    • As options in the Tools menu on table rows

    To add custom links, contact the 10Duke Integration Support team.

Bug fixes:

  • Fixed the Expired status label in the invitation table.

  • Other minor fixes.

Other changes

Enhancements:

  • Changes in the license model’s ConcurrentSessions constraint:

    • A new Version option is available for use as either a session anchor or a lease anchor. If used, the software version must be provided in the version parameter in the license consumption request.

    • The Hardware and LicensedResource options can now also be used as lease anchors.

  • A license consumption request for a user now returns HTTP 401 Unauthorized if the user account has been deactivated.

Bug fixes:

  • The LicensedProcess option is again supported as a session anchor in the ConcurrentSessions constraint in the license model.

    The option was removed in release 5.0.0.

  • Added missing fields to events.

  • Other minor fixes.


Release 5.3.0

Release date: April 2, 2024

This release provides support for trial abuse prevention, which enables you to prevent a customer from using the same trial license repeatedly on the same device. The feature introduces a new license model constraint and the ability to define a lock scope when provisioning trial licenses. See more about the trial license constraint.

The release includes minor security improvements. We recommend updating to this release.

10Duke Identity Management REST API 2.1.1

Bug fixes:

  • Fixed examples in API reference documentation that use the application/x-www-form-urlencoded content type.

10Duke Entitlement Management REST API 3.2.0

Enhancements:

Bug fixes:

  • Fixed an error that could cause retrieving a user’s license usage to fail if the user had old license assignments.

10Duke Login Application

Enhancements:

10Duke SysAdmin

Enhancements:

  • You can now define a validity end date for an invitation to a user or device client, after which the invitation can no longer be accepted (or declined).

  • In the settings of a license provisioning configuration for activation code-based licensing, the field for defining a validity time for the provisioned licenses is now more clearly labeled as License validity period.

Bug fixes:

  • When changing the credit of a license (the number of seats, use count, or use time), the credit can no longer be changed to a value lower than zero.

  • You can now select multiple users for removing them from a user group.

  • Fixed occasional page rendering issues when creating or viewing SAML external identity provider connections.

  • In Response attributes of a SAML external identity provider connection, cleaned up unsupported values from the menu for defining the source data for a mapping.

  • Other minor fixes.

10Duke OrgAdmin

Enhancements:

  • Updated UI translations to fully cover all supported languages.

  • Fixed a styling issue caused by long words in Dashboard card titles and sidebar navigation items.

  • Fixed a styling issue in notifications when the UI is displayed in dark mode.

Other changes

Enhancements:

  • To support trial abuse prevention, a license model supports a new constraint ConsumptionLockConstraint. The constraint can be used for creating a locking that ties a (trial) license to the hardware ID of the device on which the license is first consumed.

  • Other minor fixes.

Release 5.2.1

Release date: March 21, 2024

Bug fixes:

  • Fixed an error that created extra license leases if the license model’s ConcurrentSessions had an anchor set in sessionAnchors and LeaseTrackingMode was not set. This could result in the user not being allowed to release the consumed license seat.

  • Fixed an error where if the license consumption request specified licenseId and the user or device client had access to the specified license, license consumption was allowed even if the license didn’t allow consuming the requested licensed item.

  • Fixed an error that could cause the maxConcurrentSessionsExceed error to be returned if the license model had the number of concurrent license sessions allowed set to a value greater than 2.

  • Related to the 5.0.0 fix on storing the hardware name in the license consumption request in rare cases where the same hardware ID is used by two different devices, maxConcurrentSessionsExceed errors may occur during the migration period, the length of which depends on the maximum lease time.

  • The 10Duke Identity Management REST API now correctly sends events when a user is created, updated, or deleted, a user’s password is created or changed, or two-factor authentication (2FA) is activated or deactivated for a user.

  • Performance improvements in the 10Duke License Consumption API.

  • Other minor fixes.


Release 5.2.0

Release date: March 6, 2024

The release includes minor security improvements. We recommend updating to this release.

10Duke Entitlement Management REST API 3.1.0

Enhancements:

  • The License object, returned by API operations such as listing an organization entitlement’s licenses, contains a new properties object that contains any additional license properties defined for the license.

  • Added Cache-Control headers for responses that should not be stored by intermediate caches.

10Duke Login Application

Bug fixes:

  • A fix in applying only the UI languages allowed by the deployment configuration.

  • The Login Application now correctly sends an event when an invitation is accepted or declined.

10Duke SysAdmin

Bug fixes:

  • Fixed an error in saving changes to the permissions of a role or an organization role template.

  • The creation of product packages is now disabled if no license models have been created.

  • Fixed missing labels in the column selection menu in the product package and licensed item tables.

  • In Activation code configurations, the button for removing the association to an organization is now labeled Remove organization.

  • Other minor fixes.

Other changes

Enhancements:

  • When requesting to consume a license or to renew a lease through the 10Duke License Consumption API:

    • The request supports a new ownerUserId parameter for specifying a user ID to only consume that user’s personal licenses, if multiple license options are available for the requested licensed item.

    • When the request only specifies only one licensed item, the request can now specify the ownerOrganizationId parameter at the request level, in the same way as the entitlementId and licenseId parameters.


Release 5.1.0

Release date: February 21, 2024

The release includes minor security improvements. We recommend updating to this release.

10Duke Login Application

Enhancements:

Bug fixes:

  • Fixed an issue that caused the registration page to not display the postal code field even if it was enabled.

  • Other minor fixes.

10Duke SysAdmin

Bug fixes:

  • Performance improvements in page loading when there’s a large number of licenses.

  • The External identity providers table is now automatically refreshed after creating a new external identity provider.

  • Trying to create a custom license model with incorrect JSON formatting no longer saves the erroneous license model.

  • Improvements to error messages.

  • Improved error handling in the case of a duplicate value for Identity provider name ID (OIDC) or Identity provider ID (SAML) for external identity providers.

  • Other minor fixes.

10Duke OrgAdmin

Enhancements:

  • The <locale> in the URL now supports ICU locales. See more on OrgAdmin localization.

  • An apostrophe ' and a grave accent (backtick) ` are now allowed characters in email addresses. Single quotation marks and are not allowed.

  • The description of a user group or a device client group is now an optional field.

Bug fixes:

  • Clicking a column header no longer prevents clicking links in the column.

  • Releasing a license lease in the Usage dialog no longer opens a blank page.

  • Other minor fixes.

Other changes

Bug fixes:

  • Fixed support for using LicensedItem as a leaseAnchors value in the license model’s ConcurrentSessions constraint.

  • Fixed the handling of license overusage for use count based licenses based on the license model’s UtilizationConstraint.

  • The license consumption error unallowedClientVersion now correctly returns also the allowed version range for the license.

  • The locale tag “no” is now accepted.

  • The Graph API QueryLicenseUsage now correctly returns HTTP error 500 for use time and use count licenses.

  • Other minor fixes.


Release 5.0.0

Release date: February 6, 2024

10Duke is pleased to announce the new major release 5 for 10Duke Enterprise, which introduces:

  • A great collection of new features and improvements in functionality, including:

    • Full support for device licensing in 10Duke Enterprise, including REST API, 10Duke SysAdmin, and 10Duke OrgAdmin features for inviting device clients and authorizing their access to licenses using groups.

    • Support for defining additional license properties during license provisioning and extending the claims in the JWT token to include them.

    • License consumption information included on the license lists in SysAdmin.

  • Significant changes that break compatibility with the previous major releases, including changes in API endpoints.

    Please review the release notes marked with the Breaking label.

  • A 10Duke SysAdmin version that provides significant improvements to overall consistency in user experience and application stability.

  • A 10Duke OrgAdmin version with UI themes updated to Bootstrap 5, offering easier and more extensive possibilities for UI customization.

  • Bug fixes and performance related improvements.

Check out the comprehensive list of breaking changes and new features under each solution component below.

10Duke Identity Management REST API 2.1.0

Enhancements:

  • New endpoints for managing the association of device clients with device client groups:

  • To support use cases where a new user account is created in the system with no password defined, the API provides new features for sending the user an email that requests them to activate their user account by setting a password:

    When the user clicks the link in the email, this opens the account activation page in 10Duke Enterprise where the user defines a password for themselves. After this, the user is sent a confirmation email about setting the password.

    Two new email templates are available for customizing the content of the emails.

    See example usage of the feature when creating a new consumer customer.

  • A new API operation POST /users/byEmail for retrieving a user based on the primary contact email address in their user account. (This email address is typically the same as the email address used as the username, if 10Duke Enterprise is used for user authentication.)

  • When updating a user’s details, you can no longer change the user’s email address if it has been validated.

  • Breaking: Consolidated the API endpoints for retrieving user invitations based on invitation status.

    • The GET /organization-group-invitations and GET /user-invitations API operations provide a new invitationState query parameter to allow filtering the results based on invitation status.

    • The specific API endpoints for retrieving user invitations by status have been removed:

      • Removed endpoints for invitations to join an organization: /organization-group-invitations/open, /organization-group-invitations/accepted, /organization-group-invitations/declined, /organization-group-invitations/revoked

      • Removed endpoints for invitations to sign up: /user-invitations/open, /user-invitations/accepted, /user-invitations/declined, /user-invitations/revoked

  • Breaking: In API operations related to organization and user invitations, the invitationState field includes a new value open that applies to invitations that haven’t been accepted, declined, or revoked.

    The values created, updated, and deliveryRequested have been removed.

  • Breaking: The memberStatus field and the deprecated recipientIsNewUser field have been removed from the UserInvitation and OrganizationGroupInvitation resources.

    10Duke Enterprise now resolves internally whether a user is a new or existing user when an invitation is sent, and this information is no longer returned by API operations.

Bug fixes:

  • Setting up a new organization now returns the details of the created “employees” group even when createDefaultEntitlement is set to false.

  • Retrieving an organization’s client group invitations (list and read) now correctly returns only the specified organization’s invitations.

  • Retrieving or replacing user or organization properties now correctly returns only the fields key and value.

  • Fixes in the API reference documentation related to inherited permissions in organization roles. Also added information on the possibility to use the organization role designator in place of the ID in certain API operations.

  • Other minor fixes.

10Duke Entitlement Management REST API 3.0.0

Enhancements:

Bug fixes:

  • Fixed an issue that prevented creating a seat reservation to a license that has a version constraint.

  • Other minor fixes.

10Duke Login Application

Enhancements:

  • The link in a device client invitation now opens a browser page that provides instructions for the invitation recipient on how to proceed and connect the device.

    This helps to avoid situations where an email client doesn’t allow opening a link that would use a custom URL scheme for opening the welcome page in your client application. Now the email link opens the redirect page, which displays a link that uses a custom URL scheme defined in your deployment configuration to open the welcome page.

    To customize the page content and configure the custom URL scheme used, contact the 10Duke Integration Support team. See also more information on how to invite device clients.

  • Support added for the new user account activation page where a new user can activate their user account by setting a password. See more information on the new account activation features in the Identity Management REST API section above.

  • Support added for OAuth token introspection (see RFC 7662) to allow the client application to request additional information on an access token or refresh token granted by 10Duke Enterprise.

  • Breaking: When 10Duke Enterprise returns an access token to your client application after authentication, the new refresh_token_expires_in response field contains the amount of time until the OAuth session expires.

    The refreshable_until field that contained the OAuth session expiry has been deprecated. If this legacy field still needs to be returned, contact the 10Duke Integration Support team for a configuration change.

  • For added security, the system now informs a user by email about a password change and about two-factor authentication (2FA) being activated for their user account.

    Two new email templates are available for customizing the content of the emails. If you want customizations or wish to disable the emails in your deployment, contact the 10Duke Integration Support team.

  • Breaking: The same additional authentication methods are now by default used with the legacy OAuth password grant flow (resource owner password credentials grant) as with other OAuth authentication flows.

    • If a user has two-factor authentication (2FA) enabled (or if 2FA is globally enforced), 2FA is now enforced also when the user is being authenticated with the password grant flow. Because the flow doesn’t support 2FA, authentication will fail in this case.

    • If email verification is enforced in the system, it is now enforced also with this flow, so authentication will fail for users who haven’t verified their email address.

    You can override the additional authentication method configuration for the password grant flow, for example, if 2FA authentication should not be enforced with this flow. For a configuration change, contact the 10Duke Integration Support team.

  • The name field is now included in the ID token and the OIDC userinfo response even if the user’s display name is not available. In that case, the field contains the user’s first and last name.

  • The ID token header now also includes the typ field that specifies the token type JWT.

  • The timestamp of the user’s last login is now updated every time the user receives an access token, instead of only when they have logged in to the Login Application UI.

    This improves, for example, the accuracy in OrgAdmin for showing which users have been active within the past 30 days.

  • When a new user has accepted an invitation and registered as a user, the email address they used for the registration is now automatically marked as validated, instead of the user having to take an extra step to validate it.

  • Support added for a redirect through 10Duke Enterprise before initiating authentication in order to provide 10Duke Enterprise with the user’s email address and the ID for an external identity provider’s SysAdmin configuration.

Bug fixes:

  • Breaking: When a client application connects using the authorization code grant flow with PKCE, if its SysAdmin configuration specifies a client secret, the secret is now correctly required already when requesting an access token, instead of only when requesting the refresh token.

    In most cases, a client secret is not used together with the authorization code grant flow with PKCE. If your client application is using this flow, we recommend that you confirm that you have defined the client secret setting in its SysAdmin configuration correctly for your use case.

  • The user’s “remember me” selection now works correctly in redirects.

  • Fixed an issue that caused email sending to sometimes fail.

10Duke SysAdmin

Enhancements:

  • SysAdmin provides new features to support device-based licensing:

  • Even if the license model doesn’t allow releasing seat reservations, you can override this restriction and release a seat reservation in SysAdmin if needed, for example, to support a customer who made a wrong seat reservation in OrgAdmin.

    When you’re about to release seat reservations for an organization license, the SysAdmin side panel now shows a notification text if the license model has this restriction, and provides a toggle for overriding it.

  • In the organization and personal license tables:

    • The table now also shows either the number of seats in use (seats being consumed and reserved seats) or the use count or use time that has been consumed, depending on the type of credit available in a license.

    • You can view any custom properties that have been created for the licenses through the Entitlement Management REST API.

    • Improvements to viewing the status of the license: The Status icon now indicates if a license is about to expire, its validity start date is in the future, or there is an error in the license’s configuration, and the Active column that indicates if the license is active is now shown right next to Status.

  • There’s a new optional Designator field available for organization role templates, which allows you to define a unique identifier for each template, for example, for integration purposes.

  • The organization and product package tables now show the unique ID of an organization or a product package and provide a button for copying it. You can also filter and sort each table based on the ID.

  • An organization’s device client group table and the details tab now show the unique group ID and provide a button for copying it. You can also now filter and sort the table based on all the column values.

  • In the product package table, the Type column is now hidden by default. You can show and hide it from the Columns menu like before.

  • The client role table now also displays the OAuth client application, if a client role is set to only apply to that application.

  • In the settings of an OAuth external identity provider connection, the Identity provider details tab has a new field OAuth endpoint ID that shows the ID of the identity provider’s configuration in SysAdmin.

  • In the settings of both OAuth and SAML external identity provider connections, Assertion consumption mode is now correctly marked as a mandatory field.

  • Updated JSON samples available when creating a new custom license model.

  • Usability improvements:

    • When you navigate to organization entitlements or to organization roles, the organization selection dialog now opens automatically.

    • You can adjust the column width in tables.

    • When you change how many rows are displayed in a table view, that change also applies in other table views that you navigate to.

    • A confirmation dialog has been added to some actions, such as deactivating or deleting a license, revoking credit from a license, and deleting a role or an organization role template.

    • Label clarifications in the UI.

      Note especially in the left-hand navigation:

      • In IDENTITY, the Single sign-in menu option is now Client applications, and the Federation menu option is now External identity providers.

      • The configurations for provisioning licenses with activation codes are now in ACTIVATION CODES > Configurations.

    • Page titles are now available on all UI pages.

    • Various improvements have been made to input validation and warning messages when creating and editing items in the UI.

  • Breaking: In a SAML external identity provider connection, the deprecated Signatures and Encryption sections have been removed.

    The Client identifier field has also been removed from the connection’s client details. The entity ID of 10Duke Enterprise is read from the SAML Service Provider metadata document of your 10Duke Enterprise deployment like before.

Bug fixes:

  • Fixed an issue where the dialog for adding licensed items to a product package had items selected based on the previous operation.

  • Fixed a pagination issue on the Users page.

    Due to performance reasons, if you have a large number of users and if pagination on the Users page is enabled, the pagination options may now indicate a lower page count than what your actual total number of users is.

  • Trying to grant a license without any kind of credit now shows an error message instead of failing with an exception.

  • Fixed missing labels in the column selection menu in several UI tables.

  • Other minor fixes.

10Duke OrgAdmin

Enhancements:

  • Features to support device-based licensing. Now the OrgAdmin user can:

    • Create and manage device client groups for their organization, and authorize the groups to access the organization’s licenses.

    • Invite device clients to their organization’s device client groups, and view and manage the device clients.

    • Reserve, block, and release seats from their organization licenses also for device clients.

  • Updated UI themes to Bootstrap 5.

    This also provides easier and more extensive possibilities for UI customization based on Bootstrap 5 themes.

    Note: If you have existing OrgAdmin customizations, these may no longer work after this update.

    Contact the 10Duke Integration Support team if you have existing customizations to be updated or if you want customizations to the new themes provided by this OrgAdmin version.

Bug fixes:

  • The license usage dialog no longer shows the features for handling seat reservations when the license has only use count or use time.

  • On the license list, the Use time: consumed column now correctly displays the consumed use time.

  • The entitlement details dialog now displays correctly all the groups that have access to the entitlement.

  • Other minor fixes.

Other changes

Enhancements:

  • Changes in license model behaviors and constraints:

    • Breaking: A license model can now restrict license consumption only based on one type of credit, using either SeatCountConstraint, UseCountConstraint, or AggregateUseConstraint.

      If the license model contains a restriction for more than one type of credit, the license consumption request fails with HTTP error 500.

    • Breaking: The AggregateUseConstraint in the license model has a new trackingMode field for enabling or disabling the tracking of license consumption based on use time. The earlier incrementModel field has been removed.

      When tracking is enabled with the TRACK_BY_LEASE value, the aggregation of the use time consumed works in the same way as with the earlier “fair” model that incrementModel provided. The “append” model is no longer available.

      The incrementModel field has also been removed from the LeaseTimeBehavior rule.

    • Breaking: In the ConcurrentSessions constraint in the license model, the name of the additionalAnchors field has been changed to leaseAnchors.

    • License locking is now used by default unless the license model contains the LicenseLockingBehavior rule to disable it.

  • Changes in license consumption:

    • The license consumption response now includes a new licenseProperties claim, which returns the license properties defined for the license as custom name-value pairs.

      To enable the license property feature in your deployment configuration, contact the 10Duke Integration Support team.

    • Breaking: License consumption requests now by default ignore licenses that have expired over one year ago (365 days).

      If you wish to change the threshold in your deployment, contact the 10Duke Integration Support team.

  • The consumed use count and use time are now included in the license consumption event from the 10Duke License Consumption API.

Security:

Bug fixes:

  • A fix in event sending for the 10Duke License Consumption API and Graph API.

  • Fixed an issue where all anchors in the license consumption request affected how lease consumption was counted, instead of only using the ones defined in the license model used by the license.

  • Fixed a permission issue that could cause a license consumption request for a use count-based license to fail.

  • In rare cases where the same hardware ID is used by two different devices, the hardware name provided in the license consumption request is now stored separately for the users, when earlier the same hardware name was stored for both.

  • Other minor fixes.

Open issues


Release 4.0.0 (LTS)

Release date: October 25, 2023

This is the first 10Duke Enterprise release labeled LTS, which stands for Long Term Support. Releases labeled LTS will be supported and maintained with security updates and bug fixes over an extended period over regular releases. This release will be supported until October 2026.

See patch release notes for release 4 on that release’s documentation site.

10Duke Identity Management REST API v1.10.0

Enhancements:

  • API definition migrated to OpenAPI 3.

10Duke Entitlement Management REST API v2.9.2

Enhancements:

  • A new endpoint /organizations/{orgId}/entitlements/{entId}/consuming-users for querying which users have access to the licenses in a specific entitlement.

  • Documentation improvements in API reference.

Bug fixes:

  • Deleting an organization now correctly deletes also all the information on the license transactions related to the organization’s licenses.

  • When provisioning a new license, the id value for the transaction or a transaction item wasn’t stored if it was provided in the API request, and the system generated an ID instead.

  • In provisioning operations, the processed timestamp was not generated for a license transaction even if it was not provided in the API request.

10Duke Login Application

Security:

  • The version includes minor security improvements. We recommend updating to this version.

10Duke SysAdmin

Enhancements:

  • In the user’s account details, the Active license leases tab has a new column that shows the name of the hardware that the lease applies to.

Security:

  • The version includes minor security improvements. We recommend updating to this version.

Bug fixes:

  • An organization’s “employees” user group is no longer automatically granted access to a new entitlement.

  • The Release seat feature for an organization license only released one seat reservation if the user had multiple ones.

  • An entitlement’s license list didn’t show allowed versions for a license with use count that had been granted using SysAdmin.

10Duke OrgAdmin

Bug fixes:

  • Minor fixes.

Other changes

Bug fixes:

  • Breaking: The 10Duke License Consumption API and Graph API operations now correctly return HTTP error 401 Unauthorized when the request is unauthorized, instead of a successful response 200.

    If needed, the earlier behavior can be restored by a configuration change in your 10Duke Enterprise deployment. Contact the 10Duke Integration Support team.


Release 3.30.1

Release date: April 8, 2024

The release includes minor security improvements. We recommend updating to this release.


Release 3.30.0

Release date: October 9, 2023

10Duke Login Application

Enhancements:

  • 100% localization in all supported languages.

  • The base font has been updated to Source Sans 3 (sans-serif).

10Duke OrgAdmin

Enhancements:

  • 100% localization in all supported languages.

  • The base font has been updated to Source Sans 3 (sans-serif).


Release 3.29.1

Release date: September 29, 2023

This release provides backend fixes:

  • A fix in event sending: read events were sent even when not enabled in the deployment configuration.

  • Releasing a seat reservation now correctly releases also a blocking made for the seat.


Release 3.29.0

Release date: September 15, 2023

10Duke Identity Management REST API v1.8.1

Enhancements:

  • New configurations to control how user data can be queried from the system:

    • The maximum number of users who can be retrieved with a single query is now configurable. The default limit is 250.

      If the API request’s limit header parameter exceeds the configured value, an error is returned.

    • There is also a configurable maximum user count up to which users can be queried. The default limit is 5000.

      For example, if the API request’s limit header parameter is set to 250 and offset to 4750, the request is allowed, because the last returned user is the 5000th in the sorting order. If you increase the offset value, the last returned user goes past the 5000 limit and an error is returned.

    If you need configuration changes, contact the 10Duke Integration Support team.

  • Improvement in the event sending configuration. If event sending is currently enabled in your 10Duke Enterprise deployment, now events will be sent also from the Identity Management REST API.

  • API reference documentation improvements.

10Duke Entitlement Management REST API v2.8.0

Enhancements:

10Duke SysAdmin

Enhancements:

  • Backend support for device licensing in SysAdmin.

  • The users table now also displays the unique ID of the user, which is needed in the API path when calling some of the 10Duke API endpoints. You can show and hide the column from the Columns list, and filter the table based on the ID.

  • Improvement in the event sending configuration. If event sending is currently enabled in your 10Duke Enterprise deployment, now events will be sent also from SysAdmin.

10Duke OrgAdmin

Enhancements:

  • The OrgAdmin user can now release a user’s license leases for licenses they are currently consuming. If they’re removing a user from the organization using the Remove from organization feature, they can also select whether to release that user’s license leases to the organization’s licenses.

    Releasing a license lease may be useful with seat-based licenses, for example, if there’s a need to make a seat available to other users. With licenses that have either use count or use time credit, releasing an active license lease doesn’t impact the license availability, and no credit is returned.

    In the same way as when releasing a license lease using SysAdmin, the client application is able to continue using the license token until it expires or the client application tries to refresh it. This means another user is able to start consuming the same license seat at the same time.

    The feature requires extra permissions to be defined for the OrgAdmin user.

    The license lease release feature in OrgAdmin is by default disabled in the 10Duke Enterprise configuration. If you want this feature enabled, contact the 10Duke Integration Support team.

Bug fixes:

  • A fix in the Remove from organization feature that failed in some cases (depending on the license model), for example, if the user had an active license lease but no seat reservation.

10Duke Login Application

Enhancements:


Release 3.28.1

Release date: July 7, 2023

This release fixes an issue that prevented configuring permissions for device licensing in organization scope.


Release 3.28.0

Release date: July 6, 2023

This release introduces API support for device licensing.

With device licensing, you can allow end users to access your licensed software application without having to register. The license is consumed by the device (a machine or PC) on which the software is running, and the end users using the software don’t need user accounts in the system.

In practice, each device is defined in the system as an OAuth client that belongs to a specific organization and has authentication credentials specific to the device hardware. The device client authenticates itself to 10Duke Enterprise using the OAuth client credentials grant flow to get an access token for authorizing API access.

Device clients are created in 10Duke Enterprise by invitation, and you authorize them to consume licenses using device client groups, in the same way as users are authorized using user groups.

The release also includes minor security improvements addressing false positives. We recommend updating to this release.

10Duke Identity Management REST API v1.8.0

Enhancements:

10Duke Entitlement Management REST API v2.5.0

Enhancements:

Bug fixes:

  • User profile data has new validFrom and validUntil fields that indicate the validity of a user profile.

  • Querying the user’s license usage now correctly returns also the user’s email address.

Other:

  • The version query parameter has been removed from the /users/{userId}/available-licenses endpoint for querying a user’s available licenses, because it is not yet fully supported.

10Duke SysAdmin

Enhancements:

Bug fixes:

  • Creating a new client role no longer fails with an error.

  • Other minor fixes.

10Duke OrgAdmin

Enhancements:

  • There’s a new configurable filter options menu available in the user, invitation, and license tables for filtering items by status. All the filters can be configured to be on or off by default, or filters can be disabled to remove them from the view.

  • The invitation table has new columns that display the start and end dates of the invitation validity. Like other columns, they can be configured to be shown or hidden by default, or disabled to remove them from the view.

  • A new status “Expired” is now used for invitations that are no longer valid and haven’t been accepted, declined, or revoked.

Bug fixes:

  • The license table now correctly shows the total number of seats as unlimited when applicable, instead of showing an empty value.

  • Fixed resolving the license model as floating or named.

  • Improved the data loading of licenses.

  • Minor fixes.

10Duke Login Application

Bug fixes:

  • Overriding flow default setting for grant refresh token allowed confidential clients to refresh token without providing the client secret.

Release 3.27.2

Release date: June 27, 2023

10Duke Login Application

Bug fixes:

  • User agreement acceptance bug fixes.

  • Other minor fixes.


Release 3.27.1

Release date: June 9, 2023

The release includes minor security improvements. We recommend updating to this release.

10Duke Entitlement Management REST API v2.3.0

Bug fixes:

10Duke OrgAdmin

Bug fixes:

  • Minor fixes.

10Duke Login Application

Bug fixes:

  • Changing the language no longer requires the user to accept user agreements again.

Release 3.27.0

Release date: June 5, 2023

10Duke Identity Management REST API v1.7.0

Enhancements:

  • When retrieving a user’s user groups (GET /users/{userId}/organization-groups), you can use the new query parameter organizationId to limit the query to a specified organization’s user groups.

  • The API operation for retrieving permissions (GET /permissions) provides a new query parameter domain. By specifying domain=organization, you can limit the query to permissions that are used in the organization domain and can be managed by 10Duke OrgAdmin users.

  • API reference documentation improvements

Bug fixes:

  • Minor fixes.

10Duke Entitlement Management REST API v2.2.0

Enhancements:

Bug fixes:

  • When retrieving a user’s available licenses (GET /users/{userId}/available-licenses), the onlyValidLicenses query parameter now correctly filters out also invalid licenses.

  • Updated permissions required for calling GET /users/{userId}/available-licenses/ to query a user’s available licenses.

  • Session anchors are now correctly returned in the response when retrieving the current usage of a license (GET /organizations/{orgId}/entitlements/{entId}/licenses/{licenseId}/usage).

10Duke SysAdmin

Enhancements:

Security:

  • The version includes minor security improvements. We recommend updating to this version.

Bug fixes:

  • When you’re granting use time for a license in seconds, the granted time is now calculated correctly in seconds instead of milliseconds.

  • In ROLES AND PERMISSIONS > Organization roles, the search now works correctly when using uppercase letters.

  • In IDENTITY > Federation, the client key in the table now has the correct label Client key.

  • Other minor fixes.

10Duke OrgAdmin

Enhancements:

  • The OrgAdmin user can now hide inactive and invalid licenses in views that list licenses.

  • The OrgAdmin user can now also specify the allowed software version when they download a license token. If you want this feature enabled, contact the 10Duke Integration Support team.

  • The license management view now shows a license with status “Scheduled” if the validity start date is in the future.

  • OrgAdmin now autodetects the user’s language based on the browser settings, if the language isn’t requested as part of the URL and the user hasn’t selected a preferred language in OrgAdmin. The autodetection is by default enabled in your 10Duke Enterprise configuration. Contact the 10Duke Integration Support team if needed.

    OrgAdmin also now stores the user’s selection of the preferred language in the browser and remembers the selection for future sessions.

  • Improved the error message when the OrgAdmin user tries to release a seat reservation and the license model doesn’t allow it.

Security:

Bug fixes:

  • Consumption data is now correctly displayed for licenses that are being consumed.

  • Other minor fixes.

10Duke Login Application

Enhancements:

Bug fixes:

  • Minor fixes.

Release 3.26.0

Release date: May 2, 2023

10Duke Login Application

Enhancements:

  • Support added for the OIDC login_hint parameter for client applications and external identity provider redirects.

    This allows the party requesting authentication to provide the user’s email address in the login_hint parameter, and the system providing the authentication service can use it to automatically populate the email address field so the user doesn’t have to fill it in again.

    The parameter is not available for JWT bearer token authorization grant and password grant flows. The parameter can also be used by client applications authenticating using SAML.

  • Support added for a flow parameter for client applications requesting authentication using OIDC and SAML. (Not available for the JWT bearer token authorization grant and password grant flows.)

    This allows the client application to request whether to open the login or registration page for the user. If not specified, the login page is opened.

Bug fixes:

  • Fixed a client login redirect loop when the client application’s OIDC connection in SysAdmin has an incorrectly configured login callback URL.

  • If the user has logged in with SAML using an external identity provider, and they are then logged out from the identity provider as part of a single logout (SLO) process started from the client application, the user is now correctly redirected back to the client after the logout instead of the 10Duke Enterprise login page.

  • Fixed the performance of agreement handling in larger user databases.


Release 3.25.1

Release date: April 19, 2023

10Duke Login Application

Bug fixes:

  • A fix related to the login session not being cleared correctly when removing authentication by an external identity provider.

Release 3.25.0

Release date: April 14, 2023

10Duke Identity Management REST API v1.6.3

Enhancements:

  • The recipientIsNewUser field in user invitations has been deprecated. The memberStatus field is used instead to indicate if the user is a new user.

10Duke Entitlement Management REST API v2.0.0

Enhancements:

  • Breaking: The schema of effectiveLicenseModel has changed. If the includeEffectiveModel parameter is included on the client side, the schema must be regenerated for client-side validation.

  • The includeEffectiveModel query parameter can be used to include license model details in the response for the following operations that return licenses:

  • GET /users/{userId}/available-licenses also provides a new onlyValidLicenses query parameter for filtering out expired and invalid licenses.

Security:

  • The version includes minor security improvements. We recommend updating to this version.

Bug fixes:

  • Minor fixes.

10Duke SysAdmin

Enhancements:

  • The Identity dashboard has a new look and feel and the displayed data has been updated.

Bug fixes:

  • Minor fixes.

10Duke OrgAdmin

Enhancements:

  • Updated to take into use the Entitlement Management REST API v2.0.0.

10Duke Login Application

Enhancements:

  • The user cannot skip optional agreements anymore, they have to either accept or decline them.

  • If you have implemented your own custom Login Application, you can now request data from 10Duke Enterprise on how the user has handled the user agreements. For information on custom implementations, contact the 10Duke Integration Support team.

  • When external identity providers are used for user authentication, your client application is now able to request which specific external identity provider the authentication request should be redirected to. This requires an update in your system configuration. Contact the 10Duke Integration Support team for more information.

Security:

  • The version includes minor security improvements. We recommend updating to this version.

Bug fixes:

  • The JWT bearer token authorization grant flow didn’t allow multiple values in the ID token’s aud claim.

  • Fixes related to user agreements.


Release 3.24.4

Release date: March 21, 2023

10Duke Login Application

Enhancements:

  • Support added for prompting the user to accept required and optional agreements (for example, terms and conditions, or a newsletter preference) as part of the registration flow.

  • Support added for prompting the user to accept new, updated, or pending agreements as part of the login flow.

  • Support added for end users to view and manage their consent to agreements in the User Profile views.

  • Added an I have already validated my email button to enable the user to continue from the the email validation screen. This is to better support use cases where the user validates their email address, for example, using a different browser from the one where they started the registration and email validation process.

  • When customizing the Login Application UI, you can now enable or disable all animations.

  • The user can now toggle the visibility of their password input in different views, for example, during registration or when resetting their password.

Bug fixes:

  • Minor fixes

Release 3.24.3

Release date: March 9, 2023

The release includes minor security improvements. We recommend updating to this version.

10Duke Identity Management REST API v1.6.2

Enhancements:

  • If you create a new organization role using the createOrganizationRole operation (POST /organizations/{organizationId}/organization-roles) and use impliedOrganizationRoleId to grant permissions based on an implied role, you can now also specify an organization role ID, and not only a template ID.

10Duke SysAdmin

Enhancements:

  • You can now also include the software version information before downloading a license token.

  • When changing the allowed versions for an organization’s license, the dialog also now allows editing the display name for the versions.

Bug fixes:

  • You can no longer create a product package with a name or display name that only contains whitespaces. Any leading and trailing whitespaces are also now removed from the values.

  • Other minor fixes


Release 3.24.2

Release date: February 28, 2023

10Duke Login Application

Enhancements:

  • When the user logs out in one browser window, they’re now automatically logged out also in the other windows they have open.

  • Updated UI translations to fully cover all supported languages.

10Duke OrgAdmin

Enhancements:

  • When the user logs out in one browser window, they’re now automatically logged out also in the other windows they have open.

  • The option to download a license token is now enabled for all valid licenses and users. Earlier the logic that determined when a license token download can be attempted was linked to license seat availability, which includes seat reservations. This meant that when no seats were available, you were unable to download a license token for a user who had a seat reservation.

  • If a user group is deleted, a user’s seat reservations are now released for the licenses they lose access to.

  • Updated UI translations to fully cover all supported languages.

Bug fixes:

  • Fixed issues with updating user listings after a user has been removed from an organization as a result of an API call.

  • Small bug fixes, and some updates related to deprecated dependencies.


Release 3.24.1

Release date: February 3, 2023

10Duke SysAdmin

Bug fixes:

  • This release fixes a number of small bugs

Release 3.24.0

Release date: January 26, 2023

10Duke Identity Management REST API v1.6.1

Enhancements:

  • Extended the /organizations/organization-setup operation to support the creation of a default Entitlement and related LicenseConsumerRelations.

Bug fixes:

  • A success response not specified for the getOtpCredential operation.

  • QR code expansion fails with the createOtpCredential operation.

  • Updating the email value of an existing user using the /users/import operation with the parameter "allowUpdateExisting": "true" returns "error": "resource_already_exists". The error response has been updated to "error": "invalid_argument" with "error_description": "Cannot change email address using this API", because this operation doesn’t allow updating the user’s email. Use the user operation /user/changeEmail instead.

10Duke Entitlement Management REST API v1.3.0

Security:

  • The release includes minor security improvements. We recommend updating to this version.

10Duke SysAdmin

Bug fixes:

  • Editing the name of an organization group on the entitlements page cause the group to be deleted.

Release 3.23.4

Release date: January 18, 2023

10Duke SysAdmin

Bug fixes:

  • Fixed a multiselect error on the organization licenses page.

Release 3.23.3

Release date: January 11, 2023

10Duke Login Application

Bug fixes:

  • Fixed an issue with an unconfigured redirect URI error handling for the PKCE flow.

Release 3.23.2

Release date: January 4, 2023

10Duke SysAdmin

Bug fixes:

  • Fixed how the partial search works on the users page.

Release 3.23.1

Release date: January 2, 2023

10Duke Login Application

Enhancements:

  • Updated the build target from Java 8 to Java 11.

  • The insufficient_authentications error allows continuing the user login after authentication has been completed.

  • Added OpenAPI info.

  • Disabling the access token request rate limiter doesn’t work. Improved the parsing of invalid redirect URIs when using wildcards for the port number.

  • Update json-path to version 2.7.0.

  • Added support for alternative emails and changing the login email.

  • Added version information to build output.

  • Added a runtime API version compatibility check.

  • Added a spinner for external redirects.

  • Added error handling to login.

  • Added configurable auto logout for idle users.

  • Blocked external redirects for login processes where the browser is switched mid-process.

  • Improved the usability in email validation.

  • Updated the configuration version and added configuration version migration.

  • Updated the German translation.

  • Moved the monospace font to the branding CSS.

Security:

  • The release includes minor security improvements. We recommend updating to this version.

Bug fixes:

  • Logout from the profile page with a federated login if no single sign-out URL has been configured.

  • A GET request to resource owner password grant exposes the stack trace.

  • NPE with invalid device_code when accessing the OAuth 2.0 token endpoint.

  • Fixed the UI for resetting the password when already logged in.

  • Fixed an issue with a page not found route.

  • Fixed issues with sourcemaps.

  • Fixed page transition animations.

  • Fixed issues with invitations.


Release 3.23.0

Release date: January 2, 2023

10Duke Identity Management REST API

Enhancements:

  • Support for reservation cleanup when deleting organization groups.

  • jaxb-api dependency convergence (Java 11 update).

  • Updated the build target from Java 8 to Java 11.

  • Updated the user-group connection deleting operations to return a flag if no more groups within the organization are left.

  • Invitations were unusable if validFrom was left out of invitations.

Security:

  • The release includes minor security improvements. We recommend updating to this version.

Bug fixes:

  • Empty sections by tag in the OpenAPI spec.

  • Updating the user’s phone number with /organizations/{organizationId}/users/import failed.

10Duke Entitlement Management REST API

Enhancements:

  • jaxb-api dependency convergence (Java 11 update).

  • Updated the build target from Java 8 to Java 11.

Security:

  • The release includes minor security improvements. We recommend updating to this version.

Bug fixes:

  • DELETE /api/entitlement/v1/management/permission-cache was broken.

  • Updating the user’s phone number with /organizations/{organizationId}/users/import failed.

10Duke SysAdmin

Enhancements:

  • Updated the build target from Java 8 to Java 11.

  • Updated the Personal Entitlements label to singular form.

  • Changed the applicable dialogs to modal.

  • Fixed inconsistencies in error messages and certain UI items.

  • Added a warning message when changing Name of a licensed item.

  • Renamed the internal role GinOverGin to Super Admin in the SysAdmin configuration setup.

Bug fixes:

  • The organization invitation dialog doesn’t shown a confirmation after saving.

  • Fixed the select all text alignment in the invite member dialog.

  • Incorrect character in the select internal roles dialog.

  • The code dialog shakes on error.

  • A duplicate error on the licensed items page.

  • The organization group create dialog doesn’t show an error inside the dialog.

  • Multiple error messages were shown when editing OIDC provider.

  • A floating license model opens on the last page when creating a model for the second time.

  • The create organization role dialog closes on error.

  • The organization role template dialog closes on error.

  • The organization entitlements/set allowed versions dialog doesn’t work.

  • Corrected the dialog title when adding use count to a license.

  • A duplicate error message when adding an organization role template with an empty name.

  • Clear selection count is not cleared after removing licensed items.

  • Exception when trying to create a licensed item with an already existing name under a product package.

  • The Title field is empty for other OIDC/SAML providers if emptying the field and changing the provider.

  • Activation Code Configuration - Assign Organization dialog sizing enhanced.

  • The Name field is empty for other packages if emptying the field and changing the package.

  • Error when changing an internal role’s name to an already existing name.

  • Error when changing a product package name to an already existing name.

  • Error when changing a licensed item’s name to an already existing name.

  • Error when adding an internal role with an already existing name.

  • Error when trying to create a product package with an already existing name.

  • Error when adding an organization custom property twice with the same key.

  • Error when adding a user custom property twice with the same key.

  • Error when trying to add a client role that already has been added.

  • Enforce product package validity when it comes to granting licenses.

  • Don’t allow only whitespace in the licensed item name and display name.

  • Deleting all organization user groups fails.

  • The organization name link in organization_manage_groups view not working as expected.

  • The product packages/change license model doesn’t clear references.

  • The Product Configuration > License Models > Create/edit license model dialog doesn’t scroll.

  • The organization creation should use a different service.

  • A seat remains reserved when an organization group is removed.

  • Organization Role details - Organization field should be read-only.

  • The details view not closed when saving an edited licensed item.

  • An organization cannot be deleted if it has at least one device group.

  • Cannot filter or sort client app roles in the User > Client App Roles > Add view.

  • The date picker widget moves down from the input field when navigating from one month to another.

  • Switch to use allowedVersions defined in license credit.