Hyland

Chris_O_Connor · ‎09-13-2023

Hyland IdP 4.1.0 (September 2023) brings significant enhancements and critical updates to elevate your identity and access management experience. Notable improvements include support for the Device Code/Device Authorization Flow, automated signing certificate management, and enhanced error handling. The installer's license agreement verbiage has been refined for clarity, and diagnostic troubleshooting is made easier with the ClientIP column in Diagnostic Console logs. Hyland IdP is now more scalable, handling paginated responses for various SCIM endpoints. Additionally, a seamless link to the Documentation Portal and a Splunk Template for log management have been introduced. System health monitoring through "/diagnostics" and "/diagnostics/details" endpoints ensures overall system health and security. Critical updates address issues such as Baseline Mapping, toolbar display, OIDC Token exchange, and external provider sign-out, ensuring a smoother user experience. For a detailed list please see the

Two Major additions:

Device Code Authorization Flow: Hyland IdP now supports the Device Code Authorization Flow, enhancing the authentication process and providing users with a more secure and streamlined access experience. (IAMPRO-175)
Automated Signing Certificate Management: This release enables Hyland IdP to automatically create and manage signing certificates, simplifying the certificate management process and ensuring the security of digital communications. (IAMPRO-9)

A few things to note:

When upgrading and opting into the Automated Signing Certificate, you must manually modify the appsettings.json for: "UseIdPManagedSigningCert": true (listed under "Features") and remove the Signing Certificate Thumprint (Note: an Application Pool recycle is required for both the Hyland IdP and API Server):
- ```
{  "SigningCertificate": {    "Thumbprint": ""  },
```

When opting to retain the configuration files while using the installer to upgrade, the AppSettings file is not being updated to include the newly added features. This is by design at the moment. We are looking into options to update the appsettings.json file in the future. This includes the Device Code Authorization Flow, IdP Managed Signing Certificate, Enabling Health Check Endpoints, and newly added Splunk template. These features are documented in the MRG and can be added manually.

Hyland Logging (Splunk Template):

 "Hyland.Logging": {    "Routes": {      "DiagnosticsConsole": {        "Http": "http://localhost:8989",        "minimum-level": "Error"      },      "ErrorEventLog": {        "HylandLog": "Hyland Identity Provider Server",        "minimum-level": "Error"      },      "SplunkLogger": {        "Splunk": "<splunk_collector_url>",        "SplunkToken": "<splunk_token>",        "minimum-level": "Error"      }    },    "DefaultProfile": "Hyland.Identity.Provider"  },

IdP Managed Signing Certificate (Features):

  "Features": {    "AdminAPI": false,    "AdminAPIDocs": false,    "ScimTestAPI": false,    "ScimTestAPIKey": "some_secure_key",    "AllowInitializationUI": false,    "UseDeprecatedPasswordApi": false,    "UseNewSamlModulePath": false,    "TrimSpacesFromUsernameAndUserId": true,    "AllowWildcardedCorsOrigins": false,    "EnableProviderConfigurationValidation": true,    "UseLegacyUserActiveBehavior": false,    "UseLegacyAPIResources": true,    "EnableFederatedLogout": true,    "TriggerExternalSignOut": true,    "UseIdPManagedSigningCert": false  },

Health Check Endpoint updates (HealthChecks):

  "HealthChecks": {    "Enabled": true,    "DetailedEndpointAuthorization": {      "EndpointEnabled": false,      "RequireKey": true,      "StaticKey": ""    }  }}

Hyland

Hyland IdP v4.1.0 - Autocreation of Signing Keys/Certificates

Two Major additions:

A few things to note:

Helpful Links: