Safewhere Identify 5.15 Release Notes

New features and improvements

UserAdmin access management improvement

We're making enhancements to access management for UserAdmin. From now on, any user with the Administrator role of the 'Identify REST API Role' claim type will be treated as a Super user, and they will undergo special authorization checks. Here are the processing rules:

Token Types	Administrator Role with the User ID Claim	No Administrator role, only User Contributor, Configuration Contributor, or similar roles, along with the User ID claim
View (GET) Administrator users	Yes	Yes
Making changes (Create/Update/Delete/Reset Password/Reset MFAs...) to Administrator Users	Yes	No
Assigning groups containing the Administrator role to normal users	Yes	No
Making changes (Create/Update/Delete) to groups containing Administrator role	Yes	No
Can access all roles of the 'Identify REST API Role' claim type in the My Profile page	Yes	No
Making changes (Create/Update/Delete) to the 'Identify REST API Role' claim type	Yes	No

Additionally, we've made the following enhancements:

Enabled the Restrict Elevation setting for the REST API claim type to prevent privilege escalation issues.
Hidden the 'Identify REST API Role' claim type from the User Template section of the authentication connection edit page in the Identify Admin interface.

Improved timestamp assignment during data load

We've refined the timestamp assignment process by moving it after data loading and assignment. This change addresses the issue of 'Connection not found' incidents occurring during timeouts while loading cache data for application resources. Additionally, a new event ID 8011 has been added to log exceptions during data loading.

Bug Fixes

Fixed: Issue #103975 [OAuth] DNS queries are performed on the 'request_uri' when the authorization request includes a 'request_uri' parameter.
Fixed: Issue #103577 [IdentifyAdmin] Users is occasionally directed to the My Profile page after reauthentication.