Safewhere Identify 5.19 Release Notes

New features and improvements

The Language Chooser allows users to change the language based on their preference, rather than relying on the browser's default language setting. This feature is particularly useful when users need to interact with Identify login page in a language different from their browser's default.

This release introduces the following enhancements:

The ability to add the Language Chooser to a login selector page.
Configuration options for the Language Chooser tailored to specific applications.

For more details, refer to Add Language Chooser to Login Selector Page.

Simplify the "sub" value for token exchange flow using refresh_token grant type

In previous versions, when a refresh token was issued, it included all associated claims but lacked information about which claim was the original NameID claim. When requesting a new access token using the refresh_token grant type, the sub claim in the new access token was derived from the original name claim. This could lead to inconsistencies when the original access token's sub claim didn't match the subject information in the refresh token.

Identify has been updated to simplify the sub claim value handling for the refresh_token grant type. The new implementation now consistently uses the subject information directly from the refresh token, ensuring that the sub value remains consistent between the initial access token and any subsequent tokens obtained through the token exchange flow.

Certificate logging optimization on LDAP provider

In previous versions, Identify would log every certificate detail when searching for AD user credentials, creating thousands of log entries for users with numerous certificates. The improved code now implements smarter logging that prevents performance degradation in environments with large certificate collections. Additionally, a new event ID 5008 is used to log the certificate data for the user being validated, ensuring that only relevant information is logged while maintaining performance.

Telemetry client management on Application Insights

Identify resolved a resource leak in error handling where each unhandled exception created a new TelemetryClient instance with a permanent background task. This fix prevents the accumulation of thousands of orphaned background tasks, dramatically reducing memory consumption and improving system stability over time.

Bug fixes

Fixed: #3457 [REST] dependencyConnectionNames returned empty string ("") when invoking GET method on /admin/api/rest/v2/connections
Fixed: #4087 Exception returned: The provided anti-forgery token was meant for user "", but the current user is "{username}". This error occurred when a user logged in, then used ForceAuthn or logged out and logged in again, triggering a second-factor authentication. When the second factor was triggered, the username from the previous authentication session interfered with the CSRF token, causing the error.