Update Summary for

wso2is - 5.10.0 1594293468633 (full)

This document contains details of 7 update(s) installed into your wso2is-5.10.0 (full) distribution.
Following updates contain instructions. Please read them carefully and apply to your deployment if
necessary.
2020-06-29
2020-07-02
2020-07-03
2020-07-03
2020-07-07
2020-07-08
2020-07-09

2020-06-29

This patch introduces a new event handler to handle events related to User Meta data management.
Currently this handler only updates last logon time and last password update time claims when a related
event happens.

Bug Fixes
wso2/product-is#4515 - User's lastLogonTime should be able to retrieved without enabling Lock Idle Accounts
feature
wso2/product-is#8511 - Last Password Update claim is not getting updated

Instructions

Add the following configuration to <IS_HOME>/repository/conf/deployment.toml to enable the event

handler.

[[event_handler]]
name= "identityUserMetadataMgtHandler"
subscriptions =["POST_AUTHENTICATION", "POST_UPDATE_CREDENTIAL", "POST_UPDATE_CREDENTIAL_BY_ADMIN"]

2020-07-02

When external claims are retrieved from DB, several SQL queries are repeatedly performed with a
different value. These DB transactions induce an overhead. Hence it is better to optimize the process.
Bug Fixes
wso2/carbon-identity-framework#2990 - Repeated DB calls when external claims are retrieved
wso2/product-apim#8505 - ConvertClaimsToConsumerDialect property is not being honoured

Instructions

N/A

2020-07-03

This update fixes an issue where resend confirmation code does not work more than once.

Bug Fixes
wso2/product-is#8587 - Resend confirmation code doesn't work for ASK_PASSWORD scenario

Instructions

n/a

2020-07-03

This fix updates the 'repository/deployment/server/webapps/authenticationendpoint/basicauth.jsp' file in

order to resolve an issue caused by double-submits in the login form.

Bug Fixes
wso2/product-is#8417 - Double submit in the login form redirects to the error page

Instructions

If 'repository/deployment/server/webapps/authenticationendpoint/basicauth.jsp' file is customized,

do the necessary changes to this updated basicauth.jsp file.

2020-07-07

This update fixes the issue of not redirecting to an error page after exceeding the maximum number of
unsuccessful Email/SMS OTP attempts.

Bug Fixes
wso2/product-is#8600 - Show account locked message upon exceeding maximum unsuccessful attempts - Email
OTP

Instructions

By applying this update, when the user account gets locked after exceeding the maximum number of
unsuccessful Email/SMS OTP attempts, the user will be redirected to an error page with an error
message "Authentication Failure. Retry Later".

If you want to prompt the authentication failure reason (eg: "User account is locked. Please retry
later."),
navigate to <IS-HOME>/repository/conf/deployment.toml and add "showAuthFailureReason = true"
configuration under the relevant authenticator configs as follows. (Make sure not to duplicate the
line with square brackets if they already exist in your deployment.toml)

[authentication.authenticator.email_otp.parameters]
showAuthFailureReason = true

[authentication.authenticator.sms_otp.parameters]
showAuthFailureReason = true

2020-07-08

Fix the issue local roles are not deleted in JIT provisioning flow when the federated IDP roles are
removed

Bug Fixes
wso2/product-is#8629 - Initially, a user is JIT provisioned with a single role, and later on, in the federated IDP the
corresponding role is removed. When the user logs out and logs back in, the local role is not removed from the JIT
provisioned user.

Instructions

N/A

2020-07-09

Server startup error when oracle DB is used.

Caused by: Error : 933, Position : 133, Sql = SELECT CLAIMS.ID, PROPERTY.
PROPERTY_NAME, PROPERTY.PROPERTY_VALUE, CLAIMS.CLAIM_URI, RESOLVED.
CLAIM_URI AS MAPPED_URI FROM IDN_CLAIM AS CLAIMS LEFT JOIN
IDN_CLAIM_PROPERTY AS PROPERTY ON PROPERTY.LOCAL_CLAIM_ID=CLAIMS.ID
AND CLAIMS.TENANT_ID=PROPERTY.TENANT_ID INNER JOIN IDN_CLAIM_MAPPING AS
MAPPING ON MAPPING.EXT_CLAIM_ID=CLAIMS.ID AND CLAIMS.TENANT_ID=MAPPING.
TENANT_ID INNER JOIN IDN_CLAIM AS RESOLVED ON RESOLVED.ID=MAPPING.
MAPPED_LOCAL_CLAIM_ID AND RESOLVED.TENANT_ID=MAPPING.TENANT_ID WHERE
CLAIMS.DIALECT_ID=(SELECT ID FROM IDN_CLAIM_DIALECT WHERE DIALECT_URI=:1
AND TENANT_ID=:2 ) AND CLAIMS.TENANT_ID=:3 , OriginalSql = SELECT CLAIMS.ID,
PROPERTY.PROPERTY_NAME, PROPERTY.PROPERTY_VALUE, CLAIMS.CLAIM_URI,
RESOLVED.CLAIM_URI AS MAPPED_URI FROM IDN_CLAIM AS CLAIMS LEFT JOIN
IDN_CLAIM_PROPERTY AS PROPERTY ON PROPERTY.LOCAL_CLAIM_ID=CLAIMS.ID
AND CLAIMS.TENANT_ID=PROPERTY.TENANT_ID INNER JOIN IDN_CLAIM_MAPPING AS
MAPPING ON MAPPING.EXT_CLAIM_ID=CLAIMS.ID AND CLAIMS.TENANT_ID=MAPPING.
TENANT_ID INNER JOIN IDN_CLAIM AS RESOLVED ON RESOLVED.ID=MAPPING.
MAPPED_LOCAL_CLAIM_ID AND RESOLVED.TENANT_ID=MAPPING.TENANT_ID WHERE
CLAIMS.DIALECT_ID=(SELECT ID FROM IDN_CLAIM_DIALECT WHERE DIALECT_URI=?
AND TENANT_ID=?) AND CLAIMS.TENANT_ID=?, Error Msg = ORA-00933: SQL command not
properly ended

Bug Fixes
 wso2/carbon-identity-framework#3009 - External claim retrieval oracle query issue

Instructions

N/A

Updated Files
repository/components/plugins/org.wso2.carbon.identity.application.authentication.framework_5.17.5.jar
repository/components/plugins/org.wso2.carbon.identity.claim.metadata.mgt_5.17.5.jar
repository/components/plugins/org.wso2.carbon.identity.event_5.17.5.jar
repository/components/plugins/org.wso2.carbon.identity.recovery_1.4.1.jar
repository/deployment/server/webapps/authenticationendpoint/basicauth.jsp
repository/deployment/server/webapps/emailotpauthenticationendpoint.war
repository/deployment/server/webapps/smsotpauthenticationendpoint.war

Added Files
repository/components/dropins/org.wso2.carbon.extension.identity.authenticator.emailotp.connector-3.0.5.jar
repository/components/dropins/org.wso2.carbon.extension.identity.authenticator.smsotp.connector-3.0.4.jar

Removed Files
repository/components/dropins/org.wso2.carbon.extension.identity.authenticator.emailotp.connector-3.0.4.jar
repository/components/dropins/org.wso2.carbon.extension.identity.authenticator.smsotp.connector-3.0.3.jar