A comprehensive changelog for Identify 5.0


General changes

  • Certificate in database: Safewhere*Identify stores all public keys of all trusted parties in its own database instead of in Windows certificate store now.
  • Drop support for SQL Session state.
  • Multiple certificates for users: a user can have multiple certificates instead of just one like before.
  • Big improvements for performance.
  • More options for caching users in memory: PerRequest, OnDemand, and All.
  • New configurator: we have reworked the configurator to make sure it can handle errors and do rollback more gracefully.
  • An option to disable MSDTC usage.
  • Support for Azure SQL.
  • Various bug fixes for eHerking profile.
  • 2 new settings for authentication connections:
    • AllowedIpAddresses: specifies if an IdP is preferred by a user based on his or her IP address.
    • IssuesRoles: this setting is reserved for a future feature.
  • Identify*Admin has a new page to view license information.
  • Identify*Admin’s Help page now contains a link to REST API’s Swagger help page.
  • In addition to refresh tokens, My REST API keys page can provide access tokens now which you can use to quickly try Identify’s REST API out .
  • Activation times for users, claims and connections.
  • Safewhere*Identify 5.0 is shipped with the new Safewhere logo.


  • Remove the “Single sign on artifact resolution” setting: SAML 2.0 plugin fully supported multiple “artifact resolution Services” and no longer need “Single sign on artifact resolution” so it is removed from SAML 2.0 connection’s configuration from 5.0. More details can be found at here.
  • Full support for multiple “Assertion consumer services”: Identify 5.0 can now support for a use case in which a service provider has multiple Assertion consumer service endpoints and it can specify which endpoint to use to receive responses from Identify by using the AssertionConsumerServiceIndex attribute.
  • Support revocation check modes for WSFederation plugin. It is now possible to enable or disable revocation checks for WSFederation logins.
  • Remove Find type, Store location and Store name settings from public certificate selector control on Identify*Admin pages as they are only stored in database now. This changes is affect to Saml2, Ws-Federation, OAuth 2.0 plugins and LDAPWS settings.
  • Retire the OCES plugin.


  • Full support for all commonly used resources: User, Connection, ClaimDefinition, Claim Transformation, Organization, Group, System setup.
  • Support for SCIM’s GET filters.
  • Mass operations for User.
  • Normalize REST API models: Our REST API models used to be decorated with both DataContract and JsonProperty attributes which was inconsistent and confusing. We now use DataContract attribute for all REST API models.


  • More options to control system logging:
    • Where to log: support logging to flat file and system event log.
    • What to log: support for log levels which you can use to specify what should be logged.
  • Billing log: Log all details of a request and especially time needed to process the request.
  • Security log: Log all raw SAML 2.0 messages. Security log for other plugins will come in a future version.
  • Verification log: Log results of validating SAML 2.0 messages.
  • Revision log: Log all changes made to Identify’s data.
  • User Request log: in addition to Windows Security event log and SQL database, Identify also supports log user requests to the common system log store.