Release Notes

Document contains release notes for EMS Authorization.

Package: com.bluefletch.ems.auth

Binaries can be found on the EMS Portal Downloads page.

Release 3.8.9

Released April 8, 2021

Highlights

Changes around logout from Profile Manager and OKTA.

Details

Added application version to the log file.
Changed the ACS Refresh timer flow, fixed the building of the Pending intent
Added Notification to the ACS Refresh token service and made Sticky.
Updated OKTA Token refresh to NOT rebuild the session, but to update the Provider extended Attributes.
Within ACS Token refresh, logged out the condition where ACS Refresh token is not returned from ACS endpoint
Updated logic to NOT send a REFRESH Token message to launcher
Moved the ACS Auth Activity finish logic to the onPause method, in order to allow CCT to start up
Look for user information PARAMS, if there, add to the extended attributes
Adding new com.bluefletch.ems.auth://logout redirect url for Okta logout
Ensure that stopForeground applies to all OS versions.
Fix the HOME button press during PIN Training. Will now log the user out of current session if home button pressed during training and secondaryAuthRequired is true.

Release 3.8.8

Released April 7, 2021

Highlights

Changes for closer integration with Zebra Profile Manager (PFM) during Login flow.

Details

Changes to support BlueFletch Browser with PFM ACS login
Updates to build pipelines.
Fixed incorrect checking for null pfm_acs_browser config
Use the browser specified during login to perform ACS profile manager authentication.
In the event the configuration changes, removes the auth browser shared preference.
Fixed issue where cancelled PIN training is resulting in previous session being reused if secondaryAuth is required.
Will call PFM logout first then call the logout URL if it is available.
Fixes issue on PFM logout where stored ID token was getting cleared before the logout occurred. General logic cleanup, will now logout PFM before clearing ACS cookies.
Prevents auth crashing if specified browser is not installed (falls back to CCT).
Added self-contained token refresh alarm and service for PFM's ACS server.
Added a default refresh timeout of 45 minutes, and changed to perform refresh 15 minutes from expiration.

Release 3.8.4

Released February 24, 2021

Highlights

Changes for closer integration with Zebra Profile Manager (PFM) during Login flow.

Release 3.8.0

Released February 22, 2021

Highlights

Fixes for screen rotation within AppAuth, and updates to formatting of PIN/NFC when in landscape.

Release 3.7.0

Released February 12, 2021

Highlights

OKTA updates to session object.

Details

If 'custom_fields' exist in OTKA user object, will place a copy in the Session Objects Extended Attributes

Release 3.6.2

Released February 11, 2021

Highlights

PIN code enhancements

Details

Set a fixed # of PIN digits
Prevent usage of more than 3 consecutive digits
Prevent usage of more than 3 sequential digits
Prevent usage of PINs that belong in a user configured comma-delimited list.
Forcibly log out currently logged in user if # of maximum PIN retries were exceeded.

Release 3.5.1

Released January 13, 2021

Highlights

Bug Fixes related to OKTA Token refresh and improved Profile manager integration.

Details

During logout of LOCAL ADMIN, OKTA Logout is not completing. As not logged into OKTA, logout logic is now bypassed.
Launcher properly notified of OKTA Refresh token update.
OKTA code to allow login by authenticating directly with Profile Manager ACS server.

Release 3.4.7

Released December 2020

Highlights

Bug Fixes

Details

Fixes issue with Okta error message on logout
Fixes issue where PIN entry fails using a different language
Okta groups now supported within the AppAuth module

Release 3.4.1

Released December 2020

Highlights

Support for Zebra Profile Manager integration.

Details

Per Launcher configuration setting, upon login or logout, will notify Zebra Profile Manager of action.
Fix for auto token refresh.
Fix for OKTA Session Auth when only one multi factor auth requirement option is available.
Support for Android 10 Device Id.

Release 3.3.6

Released November 2020

Highlights

Common logging support and start of Internationalization.

Details

Internationalization for Auth apk
Update German translations from external review
Passing the cookie retrieved from login
Okta Session support for Multi Factor auth question, sms, okta verify
Passing of Access Token to Profile Manager
Fix Okta auth setting within Pref utils, to support Profile Manager

Release 3.2.2

Released September 8, 2020

Highlights

NFC as secondary authentication, MSAL fix

Details

Officially supports NFC tags as secondary auth, useSecondaryAuth="nfc"
Fix issue for MSAL auth in Android 9 devices preventing logout/cleanup.

Release 3.1.2

Released August 30, 2020

Highlights

Pin changes, MSAL and OAuth2 Enhancements/Fixes, UI improvements, BF Browser support, Logging

Details

Changed MSAL token generation to allow third party signature validation
Updated MSAL to use $top parameter to retrieve large group memberships
Secondary Auth may now be set to required
Fixes group retrieval for some LDAP configurations
Add option to perform a logout if the user cancels the secondary auth training.
Add option to change the minimum pin length (minimum of 4, default of 6).
Pin pad now follows the font style and light/dark theme set in the configuration
Fix AppAuth issue where user receives an invalid code error if the user cancels the secondary auth pin creation screen.
Fix AppAuth issue where the user is not prompted to re-enter credentials if they cancel the pin reauth screen.
Added configuration option to use BF Browser instead of CCT

Release 3.0.3

Released June 23, 2020

Highlights

Custom CA support, support for https redirect, Android X, bug fixes

Details

OAuth2 auth changes to support use of a self-signed/custom CA user certificate installed on the device
Ability to support https callback redirect URL (for some IDPs that require https protocol)
Fixes for losing pin credentials in some scenarios when using Okta auth
Upgraded code to use Android X libraries

Release 1.8.1

Released March 30, 2020

Highlights

Null pointer checks during Secondary Authorization flow

Details

Null pointer checks during Secondary Authorization flow

Release 1.7.1

Released February 20, 2020

Highlights

OKTA Pie Bug fix.

Details

Tweaks to OTKTA Auth check on PIE OS
Logic checks when starting the service broker

Release 1.6.2

Released February 18, 2020

Highlights

Enhancements to PIN secondary auth functionality and bug fixes.

Details

PIN Re-authentication now does not require a separate binary, and is now built into the base Auth apk.
Set minimum pin entry to 6 digits.
Fixes issue where LDAP Auth would crash if no groups were returned.
Fixes for OKTA Groups within OKTA Rest.
Android 9 foreground service fix

Release 1.4.3

Released January 22, 2020

Highlights

Builds for OKTA Rest APK's now going to production. After OKTA Logout, go to HOME Launcher.

Details

Start building OKTA REST Auth Clients. Our pipeline has been building them, but we have been removing prior to deploying to GCP.
Use correct logout function for demo auth.
After Logout, force to go to HOME launcher

Release 1.3.7

Released December 2, 2019

Highlights

Added Force Logout support for OKTA logouts. This is to ensure clearing the cookies within Chrome.

Details

Force OKTA logout URL Support
Added a Flag to stop onResume processing during LOGOUT Tab display

Release 1.3.5

Released November 19, 2019

Highlights

Changes to the Session Token Refresh logic and updates to OKTA Auth, including warming up the Custom Tab browser for quicker logoff.

Details

Updated the app icons
Support for new OAUTH field within Session object
Hide the OKTA logout page
Modified the code to WARM UP the Chrome tab browser.
Updated logic to warm up the browser before logout. seems to fix the display of the error message
Additional changes for Session Token Refresh

Release 1.2.1

Released November 5, 2019

Highlights

Additional changes for Session Activity.

Details

Changed Session activity to better support Velocity
If an Error dialog is being displayed, do not attempt to display another one

Release 1.1.4

Released November 5, 2019

Highlights

Updates to the Session Activity and UI / Theming changes.

Details

Changed Session activity to better support Velocity
If an Error dialog is being displayed, do not attempt to display another one
Updated the OKTA Rest Logic to allow for Overriding Client Info via Config or * Strings in custom APK's
Updated logic to make startLogin abstract.
Added providerSettingsAvailable method that needs implemented. Have changed all the auth providers to implment providerSettingsAvailable
More UI tweaks. Default Login input text now follows accent color, and can use new transparent/wallpaper functionality from Launcher.
Fixed NFC background issue. added error message dialog within one Login update positioning of alert. changed text
When detecting an Error condition within OKTA / ONE LOGIN, display a message
Removed NFC Background
Added ROLE logic
For Okta, display a default background if not provided from new launcher
Added new Session Activity. Purpose is to allow for getting the Session Data from the start Activity for Result.
Fixed Background and Banner display
Updated logic and added new Logo Image. fixed display of the logo
OKTA Cache busting logic on User info

Release 1.0.60

Released October 8, 2019

Highlights

Initial release of ADFS support

Details

Removed the Configuration setting overrides within the AUTH logic.
Added Store Manager login . store, stpass
Initial check-in for using ADAL on ADFS 3.0
Added a way to default the Domain
Fixed issue where user taps on home button to cancel
Added trust all SSL option for LDAP authentication; updated to newer unboundid ldap sdk.
Added support for new Auth settings
Added backward compatibility for ADAL with older launchers.

Release 1.0.57

Released August 7, 2019

Highlights

Fix for building User Session Groups.

Details

Changed the comma to a BAR, which is what Launcher is looking for in the groups separation