Skip to main content

FPX Plateau

Released: 2023-12-08

Core Feature Updates

By default, users are shown a consent screen when authorizing each incoming client request. For services that are considered ‘trusted’ (as deemed by the administrator of the network) and have previously been authorized, administrators can allow users to skip future consent screens for these services. For these services, consent screens are no longer presented to the user after the first authorization.

In addition to the above strict skip policy, for a given service provider, the administrator may apply a rule/policy that determines under what conditions will the consent screen be shown or not. The Wallet Client (e.g. Wallet Web UI) must support functionality for these rules for them to be executed. For example, the administrator can configure (via the Wallet Admin API) to skip the consent screen for a specific duration of time after the first authorization has been granted for an incoming request from a Service Provider.

Improved Defaults and Cascading Configuration Files for FPX

Simplified YAML, requiring a minimum of values to be configured to run the standard FPX through improved defaults and cascading configuration files, while preserving all configuration points.

General Improvements and Bug Fixes

  • General vulnerability fixes across Authorization Server, Wallet, RSA-OIDC and RSA-FHIR.
  • Added a configuration parameter to the Wallet server that allows an administrator to set a maximum time for a user to complete a federated request. If the user fails to return from the IDP or Resource Server in this period, the Wallet server will not accept the login or connection and will instead display an error.
  • Performance issue fixed where lookup of ROTs was unacceptably slow once a user reached a certain amount of permissions created in Wallet Server
  • Wallet Server returns the localized data source name through the organizations API
  • Fixed 500 error occurring in Wallet Server due to accessing immutable set when syncing resources during data source connection.