AdminUI Downloads

Bug Fixes

• Claim Value Search bug fix - For some DBProviders, the claim value search function didn't work and didn't work if the claim value contained spaces. 
• Claim Duplication bug - was possible to duplicate claims on user updates and creation
• Dynamic Auth Audit logging bug - only "get all" action was being logged in audit logs
• Fully migrated all options to IAdminUISettings
• NuGet pkg upgrade to the latest possible

• Support for IdentityServer 6.3 schema changes
• Dropped support for IdentityServer4, use version 6.8.x for IDS 4 support

Bug Fixes

• Claim Value Search bug fix - For some DBProviders, the claim value search function didn't work and didn't work if the claim value contained spaces. 
• Claim Duplication bug - was possible to duplicate claims on user updates and creation
• Dynamic Auth Audit logging bug - only "get all" action was being logged in audit logs
• Fully migrated all options to IAdminUISettings
• NuGet pkg upgrade to the latest possible

Features: 

• Dynamic Authentication support for SAML identity providers 
• Configure the AdminUI NuGet package, using service builder options, not relying on appsettings.json 

• Support to configure schema used in OperationalStore and ConfigurationStore in IdentityServer 

Bugs: 

• The identity/Protected Resource claims picker is now sorted 
• Screen reader accessibility Improvements for wizards

Bug Fixes

• SQL Server support in docker broken in 6.7.3 
• User-specific server-side sessions requests failing with  PostgreSQL
• MySQL audit query failing in some scenarios

• Fixes vulnerabilities in external packages
• Introduces app setting of "DisableBootstrap"  for running AdminUI in a redundant pair to prevent race conditions on running migrations
• When DisableBootstrap is true, run adminui with -bootstrap command line argument to initialise database post installation

Update 26.05.23 - Removed installer download SKU. Fix for the installer (.exe) to be released as soon as possible.

Bug Fixes

• Fixed bootstrap bug meaning preventing secret update for AdminUI API resource
• Updated swagger documentation to align with API usage, especially around paginated requests
• Fixed User validation to prevent two users from having the same email address

Bug Fixes

• Docker demo Nginx.conf fix to expand header size of IdS sample to fix an error that occurs when trying to utilise DynamicAuth
• Added placeholder text for all search fields to make it clearer how the query is applied to and how
• Updated documentation screenshots to reflect the latest AdminUI
• Added custom database connection documentation to the documentation navigation sidebar
• Added UserSecretStore to NuGet package configuration to allow use of user secrets during development
• Claim type regex failure message is now only visible when the claim value does not match the regex.
• Checks if the user exists before attempting to add a new user to the SSOUserStore
• Regex validation is now only available on string Claim Types.

Features

• Shared scopes enabled means default scope is no longer created for protected resources.
• Custom Connection Factory for the NuGet package allows connection to databases where a simple connection string will not suffice.

Bugs

• Boolean claim values entered via pull down now a toggle button
• Summary wizard long text overflow
• Docs licence key line for Nuget config

Features:

•  Added support for managing OIDC Dynamic Authentication using the Duende Dynamic Auth Feature. (Duende Enterprise Customers only)
•  Added documentation for Dynamic Authentication Providers
•  Improved Documentation for Azure install options

Minor Changes:

• Improved clarity on display name label.
• Revised Spanish translation to be in keeping with the technical language used.

Bug Fixes

• Fixed Full Access Users unable to view reserved Clients, Identity Providers and Protected Resources.
• Fixed default user check on AdminUI bootup from using optional UserStore.

Bug Fixes

• 6.3.0+ introduced a performance degradation for fetching users, this has now been resolved
• Deploying to Azure resulted in "Unhandled exception. System.IO.FileNotFoundException: Could not load file or assembly 'Microsoft.Extensions.Logging.AzureAppServices, Version=6.0.11.0", issue now resolved

Bug Fixes

• Fixed a bug where user claims were being duplicated when an external login was removed
• Fixed a bug where the properties on a protected resource were being removed when updating the require resource indicator field
• Fixed a bug where Postgres users were getting an error when querying user sessions

Bug Fixes

• Fixed a bug where required claims with an enum claim type were being reset when navigating away from the user details page

Server Side Session Management

AdminUI can now manage users server-side sessions via the UI.

• You can view all sessions underneath the “Users” section in AdminUI.
• To see a user’s individual sessions, you can search by a users display name or Id. Alternatively we have included a new session management tab when editing a user.
• This feature is not enabled when targeting IdentityServer 4.
• If you are using Duende but want to disable this feature, you can set the EnableSessionManagement feature flag to false.

"FeatureFlags": {
....
   "EnableSessionManagement": false
....
}

Support for Large Enum Claim Types

6.5 comes with improvements for handling enum claim types with a large amount (> 50) of allowed values.

• Editing a claim type
  • When editing a claim type that has >50 allowed values there is no difference in behaviour unless the claim type has been set to reserved. In this case the UI will display a message detailing the amount of allowed values for that claim type.
• Editing claims on a user
  • When adding/editing a claim that has less than 50 allowed values on a user there are no behavioural changes.
  • If the claim that has greater than 50 allowed values the UI will show a search box instead of a drop down, prompting you for an allowewd value to find. This list will not display any values until there are less than 50 possible values available from your search.

Improvements

• Improved documentation around app configuration
• Improved documentation around migrations in the nuget package
• Clients list is now paginated
• LockoutEnd and LockoutEnabled are now displayed for users in the UI

Bug Fixes

• Duplicate scopes no longer displayed in the client creation wizard when the shared scopes feature is enabled
• Deleting a resource with shared scopes now correctly handles scope removal
• Fixed a bug where docker images were failing to run when connected to a SqlServer database using Kerboros authentication
• Fixed a bug where multiple pages of users would fail to load when looking at users in a given role

Bug Fixes: 

• Fixed a NullReferenceException in the GET endpoint of the Users controller that was caused when no query parameter was passed into the endpoint. 

Features

• Shared Scopes
  • You can turn this feature on by setting the EnableSharedScopes flag under FeatureFlags to

    true in your relevant settings file 

  • The shared scopes feature allows you to share scopes across different Protected Resources rather than restricting them to a single resource

Improvements

• Upgraded to Angular 14
• Moved from momentjs to Luxon, improving datetime support
  
  • All date and times are now displayed in UTC to avoid confusion. Previously some were local time and some where UTC
• Users can now navigate to a client via it's ClientId field in the Audit table if the ResourceIdentifier column in a client audit matches

Bug Fixes

• Required Claims now use Display Name
• Fixed audit dates not showing in 24hr clock

Custom Identity

• IRoleStore - Renamed the FindUsersInRole method to FindUsersWithRoleStatus to clarify purpose of method.
  • This method now returns FindUsersWithRoleStatusResult which consists of a count of all users returned and a list of UserWithRoleStatus which details the user and if they are in the role.
• IUserStore - Removed the  FindUsersWithFieldsAndOrderingMethod.

Bug Fixes:

• Fixed Denial-of-Service vulnerability within the Swagger endpoint
• Fixed NullReferenceException on startup when setting the TargetIdentityServer4 flag to true
• Fixed installer bug where IIS site names were not being updated correctly on update
• Fixed installer bug where IIS site was not being removed on uninstall

NuGet Package

• You can now install AdminUI into your .NET applications using the Rsk.AdminUI NuGet package. 

Custom Identity Store

• When using AdminUI as a NuGet package you are now able to configure a Custom Identity Store for Users, Roles, and Claim Types. This will be beneficial for users who want to use AdminUI but are not using the default ASP.NET Identity schema.

Same Site

• AdminUI is no longer a separate UI and API site. When upgrading AdminUI through the installer, your UI and API sites will be merged into a single site. Your bindings will be merged too, so you shouldn't expect any downtime or post-update configuration. 

Enforcer

• Added support for the Enforcer Authorization Engine, allowing for fine-grained attribute-based authorization written in ALFA. 

For a more comprehensive overview of the 6.3 release, check out our release article

Bug Fixes

• Fixed an issue causing Postgres migrations to fail when schema checking occured even then a valid database was present
• Fixed an issue causing Postgres migrations to fail when migration history was being inserted using the -takeControl flag

Features

• Added database level support for Duende 6.1 features. Running the all migration or the configuration and operational migrations individually will update you to the latest Duende schema.

This will also fix the issue: Invalid column name 'CoordinatelifetimeWithUserSession`.

Features

• Added 2 new optional config values for AdminUI when using Azure for IdentityServer configuration, the must be included in both UI and API config and match.
  
  • AdminUICustomScopeName - The scope that will protect the API of AdminUI - defaults to admin_api
  • AdminUIProfileCustomScopeName - The IdentityResource name that provides user claims for AdminUI. Defaults to admin_ui_profile

Bug Fixes

• Fixed a bug where bookmarked links would not redirect correctly after login.

Improvements

• Improved logic around stale access tokens - users will now be redirected to a login page in cases where a token was deleted or expired

Bug Fixes

• Fixed a bug where AdminUI was showing timezone dependent Audits. These are now displayed as UTC timezones and are labelled as such

Improvements

• Updated logic around assigning users in the User Roles section to allow Enforcer users to utilise more fine grained access

Bug Fixes

• Fixed an issue with automated client creation in the webhook configuration area causing webhooks to fail

Features

• Introduced a new advanced search feature for the users section. You can now search for users by claim values.
• Added support for annual licensing, and expiry information in the UI.
  

Bug Fixes

• Fixed a bug where client secrets created on import were being hashed twice.
• Fixed a bug where cloning a cloned client wouldn’t work before page refresh.

Bug Fixes

• Fixed an installer bug where valid licenses were not being accepted. If you tried a 6.1.0 installer and failed to install or upgrade please use this download.
• Fix a bug where there API dockerfiles were pointing to the wrong location

Features 

• Added support for SAML Artifact Binding. When creating or editing a SAML Service Provider, you are now able to choose the HTTP-Artifact Binding Type for your ACS and SLO Endpoints, as well as configure ARS Endpoints. You can also configure the signing behaviour of ARS endpoints in the Advanced section when editing your SAML client. 
• The AdminUI ClientID can now be made configurable using the AdminUIClientId field in your API configuration. You may need to utilise this functionality within AzureAD, where ClientID's are often GUID's generated by Azure. We recommend you only use this functionality when facing these environment-based issues. 
• Added the ability to create native clients with the Authorization Code + PKCE grant type via the client creation wizard.
• AdminUI will now return an error message if, when searching in the Users area, an error is thrown relating to missing/incorrectly named stored procedures.
• Updated documentation surrounding Access Policies.

Bug Fixes 

• Fixed issue with migration tooling that caused migrations to fail if an invalid DbProvider existed in API configuration but a valid provider was passed in using the -dbProvider CLI argument.
• Fixed API and IdentityServer Healthcheck messages being logged at the wrong level.
• Fixed issue with URL-style scope names (e.g. api://someurl/accounts.read) causing errors when updating from within the protected resource claims tab. 

Experimental Features

• Added support for the Enforcer Attribute-Based Access Control Engine. This will enable you to have finer grain control of AdminUI permissions, e.g. restricting access to certain roles or clients. Please contact [email protected] for more information.

Bug Fixes

• Fixed an installer bug where valid licenses were not being accepted. If you tried a 6.0.X installer and failed to install or upgrade please use this download.

Bug Fixes

• Fixed a bug where PostgreSql SAML migrations were failing. This will fix the error stating that "Migrating from serial to identity is not supported."

Bugs

• Fixed a bug in client export where "CibaLifetime" and "PollingInterval" were not being exported
• Fixed UI bug in client export secrets section

Duende IdentityServer v6 Support

•  Added the ability to choose the new CIBA grant type when creating a machine client. Selecting the CIBA grant type will allow you to specify the CIBA Lifetime and Polling Interval values in a new dedicated CIBA Configuration tab when editing a client.

Features

• AdminUI now targets .NET 6
• Added 'DisplayName' field to Claim Types. When creating a Claim Type, you will now be able to define a friendly name for it. This name will be used within AdminUI when available. When it is not available, AdminUI will display the regular Claim Type name.
• Updated the User Registration Webhook to send across the newly created user's SubjectId

Improvements

• Removed dependency on Azure Container Registry in Docker Demo
• AdminUI now supports the latest SAML schema

Notice: If you are using MySql as a database provider, there is a possibility for users to run into a data truncation error when performing the migrations for AdminUI v6 if they have either a RedirectUri or a PostLogoutRedirectUri that is longer than 400 characters. This is due to a change made by the Duende team to reduce the column length for these fields in order to stop index creation errors in MySql.

Bug Fixes

• Fixed a bug where client secrets created on import were being hashed twice.
• Fixed a bug where cloning a cloned client wouldn’t work before page refresh.

AdminUI 5.6.2 will be the last AdminUI version to support Deunde v5. The next version of AdminUI will introduce support for Duende IdentityServer v6 and we will continue to support IdentityServer 4 until end of life.

Improvements

• Enabled partial and full search by User ID in the users list when using SqlServer databases.

• Added a new string configuration option in the API  StoredProcedureSchemaPrefix which enables SqlServer users to use a different database schema and still keep the search and filter by user functionality. Defaults to the default AdminUI schema dbo
  

• Removed references to the old Azure Container Registry in our docker-compose files in favour of the new Docker Hub images.
  

Bugs

• Fixed a bug where AdminUI was not correctly hashing secrets on client creation

Features

• AdminUI now has a dedicated settings page for Webhooks. You can now manage the password reset, reset MFA and user registration webhooks under the settings tabs. This new feature allows you to easily set the webhook URL, enable and disable webhooks separately and define their protecting scope. In addition, if you have an existing webhook configuration, AdminUI will migrate the settings. For more information, see the webhook documentation.
• Introduced the Reset MFA webhook, used to initiate an MFA reset flow.

• In line with good security practices, we have removed our default credentials from AdminUI. If you login with info@rocksolidknowledge, you will be asked to create a new superuser. When logging in with a different superuser, AdminUI will now prompt you to remove the existing [email protected] account, and we strongly recommend that you do so.

Improvements

• Improved the user experience around failing migrations in the installer for MySql users. Previously the migrations would hang in the installer. They now fail gracefully with the correct error messages.

Bugs 

• Fixed a bug in the installer was adding a new IIS binding in certain upgrade scenarios. After previous install scenarios IIS websites would not start after upgrade due to a duplicate binding.

• Fixed a bug where the migration tooling was not correctly getting MySql schema. This was causing the error “The table ApiResources already exists” when migrating a database that did not have the schema in server that had another AdminUI database.

Bugs 

• Fixed a bug where AdminUI was not correctly hashing secrets on client creation.

Bugs

• Fixed a bug where Protected Resource secrets were being hashed twice causing introspection to fail.

Bugs

• Fixed a bug where CORS, Redirect and Signout URLs for Clients had to include a scheme
  
  • Now able to add URLs like "url.app/path"
• Fixed an installer issue where upgrades to 5.5.0 were not working
  • This is a fix for those seeing the following error message on running the API: A fatal error was encountered. The library 'hostpolicy.dll' required to execute the application was not found in '....\AdminUI\Api\'.

Features

• AdminUI now supports both IdentityServer4 and Duende IdentityServer in a single version. By default, AdminUI will support Duende IdentityServer. To switch to IdentityServer4 mode, set the “TargetIdentityServer4” config setting to true
• Read-only mode: you can now use AdminUI in read-only mode using the new permissions levels of:
  • IdentityServer Manager Read Only
  • User Manager Read Only
  • All Read Only

Improvements

• All Docker images now use an Alpine base image. This reduces the attack surface of the container and significantly reduces image size
• All Docker images are now available on dockerhub. These images will eventually replace our private Docker registry. New links are:
  • UI: rocksolidknowledge/adminui
  • API: rocksolidknowledge/adminui-api
  • IdS: rocksolidknowledge/identityserver-demo
• Added support for creation date on API secrets

Bugs

• Fixed AdminUI removing signing algorithm choices when new algorithms were selected
• Fixed culture selection ignoring browser choice
• Protected resources can now be saved without a description
• Fixed styling issue in modals
• Local documentation is now searchable
• Updated to latest .NET Core and NPM dependencies
• Updated schema checker to support more edge cases

Bug Fixes

• Fixed a bug where integer required claim types were being sent to the API incorrectly

Bug Fixes

• Fixed a bug where saving a Protected Resource would not save its scopes correctly
• Re-introduced support for query strings and hash fragments in application URLs
• Installer: Fixed a bug where the default certificate option was using "http" instead of hostname
• Installer - Fixed a bug where certificates were being generated when selecting a certificate

Bug Fixes

• Fixed a bug where correct labels weren't showing when adding an identity resource
• Re-introduced support for query strings and hash fragments in application urls

Bug Fixes

• Fixed a bug where reserved claim types couldn't be set to required
• Fixed a bug where the migration tool was not running under certain scenarios
• Fixed a bug where API Scopes were not correctly removed from the database

Features

• Read-only view of current signing keys available in the settings area
• Enumerated claim types: you can now create a claim type with a value of “Enum”, allowing you to enforce a list of allowed values for that claim type
• Added support for ASP.NET Identity “TwoFactorEnabled” option for a user. Depending on how your IdentityServer uses ASP.NET Identity, this may not do anything

Improvements

• AdminUI bootstrap will now rollback on failure to avoid inserting unnecessary data
• AdminUI will now detect and escape redirect loops during authentication
• Improved UX when AdminUI is calling a slow external webhook

Bug Fixes

• Fixed a bug where integer claim types were unable to be saved

Migrations Improvements

• Added migration support for Duende IdentityServer’s new IdentityProviders table
• Removed support for “RunIdentityMigrations” and “RunIdentityServerMigrations”. Additional flags now cover these in the migration tool. Run -migrate help for more information
• Added the ability to allow AdminUI to take over migrations of the Identity and IdentityServer tables by using -takeControl flag when running the specific migrations

Installer Improvements

• The installer can now handle the insert migration history functionality from the migration tooling
• The installer now maintains additional config in the UI/API on upgrade, such as data protection
• Fixed a bug where the installer was not checking for the .Net Core Hosting Bundle

Improvements

• Updated authorization policy to support JWT-based access tokens using a collection of scopes or a space-delimited string

Bug Fixes

• Fixed a bug where the Identity Resource page wasn't loading

Bug Fixes

• Fixed a bug where running AdminUI on a path was causing 404s​

Improvements

• Improved documentation surrounding Azure Installation and configuring AdminUI to run on different default ports.

Features

• Introducing the schema checker - the migration tool will now check your Identity and IdentityServer tables for any missing tables required by AdminUI. This tool can also be used separately. Check out the docs for more info
• Properties on Identity and Protected Resources are now editable using AdminUI
• Added a new installer screen to configure TLS certificates to run AdminUI over HTTPS

Improvements

• Removed env.js configuration file - AdminUI will only use the config from your main config source (e.g. UI/web.config or UI/appsettings.json)
• Added field "EFLoggingMinimumLevel" in the API settings to configure the Entity Framework logging level. Entity Framework logging is now separate from the core web app logging
• AdminUI now returns a warning if you are not running over HTTPS
• Added a new flag to the migration tool to let AdminUI insert fields into migration history enabling us to take over migrations. Check out the docs for more info

• Improved error handling for expired license keys
• Improved error handling for missing AdminUiClientSecret
• Fixed logout button returning 404 when end session endpoint is unavailable
• Switched to native DateTime picker

• Added test connection string functionality to installer
• Upgraded to Angular 11
• Security updates for dependencies
• Fixed issue with invalid license error messages​

Notes:

• Duende IdentityServer support
• Improved health check error messaging
• Improved error logging for installer migrations
• Fixed issue with HTTP 405 errors not being reported correctly
• Added troubleshooting docs

Bugs

• Fixed a bug where applications urls were not able to be added without a scheme.

Bug Fixes

• Fixed a bug where saving a Protected Resource would not save its scopes correctly
• Fixed a bug where integer required claim types were being sent to the API incorrectly

Bug Fixes

• Fixed a bug where correct labels weren't showing when adding an identity resource
• Re-introduced support for query strings and hash fragments in application URLs
• Installer: Fixed a bug where the default certificate option was using "http" instead of hostname
• Installer: Fixed a bug where certificates were being generated when selecting a certificate

Bug Fixes

• Fixed a bug where reserved claim types couldn't be set to required
• Fixed a bug where the migration tool was not running under certain scenarios
• Fixed a bug where API Scopes were not correctly removed from the database

Features

• Enumerated claim types: you can now create a claim type with a value of “Enum”, allowing you to enforce a list of allowed values for that claim type
• Added support for ASP.NET Identity “TwoFactorEnabled” option for a user. Depending on how your IdentityServer uses ASP.NET Identity, this may not do anything

Improvements

• AdminUI bootstrap will now rollback on failure to avoid inserting unnecessary data
• AdminUI will now detect and escape redirect loops during authentication
• Improved UX when AdminUI is calling a slow external webhook

Bug Fixes

• Fixed a bug where integer claim types were unable to be saved

Migrations Improvements

• Removed support for “RunIdentityMigrations” and “RunIdentityServerMigrations”. Additional flags now cover these in the migration tool. Run -migrate help for more information
• Added the ability to allow AdminUI to take over migrations of the Identity and IdentityServer tables by using -takeControl flag when running the specific migrations

Installer Improvements

• The installer can now handle the insert migration history functionality from the migration tooling
• The installer now maintains additional config in the UI/API on upgrade, such as data protection
• Fixed a bug where the installer was not checking for the .Net Core Hosting Bundle

Improvements

• Updated authorization policy to support JWT-based access tokens using a collection of scopes or a space-delimited string

Bug Fixes

• Fixed a bug where the Identity Resource page wasn't loading

Bug Fixes

• Properties on Identity and Protected Resources are now editable using AdminUI
• Fixed a bug where running AdminUI on a path was causing 404s​

Improvements

• Improved documentation surrounding Azure Installation and configuring AdminUI to run on different default ports.

Features

• Introducing the schema checker - the migration tool will now check your Identity and IdentityServer tables for any missing tables required by AdminUI. This tool can also be used separately. Check out the docs for more info
• Properties on Identity and Protected Resources are now editable using AdminUI
• Added a new installer screen to configure TLS certificates to run AdminUI over HTTPS

Improvements

• Removed env.js configuration file - AdminUI will only use the config from your main config source (e.g. UI/web.config or UI/appsettings.json)
• Added field "EFLoggingMinimumLevel" in the API settings to configure the Entity Framework logging level. Entity Framework logging is now separate from the core web app logging
• AdminUI now returns a warning if you are not running over HTTPS
• Added a new flag to the migration tool to let AdminUI insert fields into migration history enabling us to take over migrations. Check out the docs for more info

• Improved error handling for expired license keys
• Improved error handling for missing AdminUiClientSecret
• Fixed logout button returning 404 when end session endpoint is unavailable
• Switched to native DateTime picker

• Added test connection string functionality to installer
• Upgraded to Angular 11
• Security updates for dependencies
• Fixed issue with invalid license error messages

Notes:

• Improved health check error messaging
• Improved error logging for installer migrations
• Fixed issue with HTTP 405 errors not being reported correctly
• Added troubleshooting docs

• When picking protected resources on a client, the list now shows all scopes and not just protected resources.
• Refresh Tokens are now renewed correctly upon them expiring or becoming invalid
• Fixed a bug where IssuerName was being compared to the Authority

• User search now compatible with SQL Server 2012
• Fixed issue with Lockout Enabled not updating​

Bug Fixes:

• PostSQL migration fix 

Bug Fixes:

• Modified forwarded headers to work with NGINX

Docker:

•  The docker demo now creates a self-signed certificate to run the demo over SSL. For more information on the docker installation, check out our documentation

Features:

• AdminUI now supports IdentityServer4 v4
• Changes to API resources and scope behaviour
• Changes to downloading & installing AdminUI

Read the release notes here

30/09: 

• When picking protected resources on a client, the list now shows all scopes and not just protected resources.
• Refresh Tokens are now renewed correctly upon them expiring or becoming invalid
• Fixed a bug where IssuerName was being compared to the Authority

• User search now compatible with SQL Server 2012
• Fixed issue with Lockout Enabled not updating

Bug Fixes:

• Modified forwarded headers to work with NGINX

Docker:

•  The docker demo now creates a self-signed certificate to run the demo over SSL. For more information on the docker installation, check out our documentation

Bug Fixes:

• Reduced BFF cookie size
• PostgreSQL fix  

Features:

• The ability to clone an existing client
• Two new client secret types (RFC 7523 & mTLS)
• No more tokens in the browser
• New installer
• Client settings have been simplified
• User Search improvements (first name + last name)
• Changes to using Docker

Read the release notes here

Bug Fix:

• Fixed SAML migrations failing when using PostgreSQL

Bug Fix:

• Updated csp rules to fix Audit and Export file downloads failing in Chrome

Important:

• AdminUI 3.0 no longer supports: Internet Explorer 11 (IE11) and SQL Server 2008
• AdminUI now runs on .Net Core 3.1

Features:

• New Wizard type for creating web application clients using PKCE
• Improved UI Consistency during import of client configuration

Bug Fix:

• Fixed inconsistent UI inside the Import wizard.

Features:

• Import and Export your client configuration (in-depth details in the documentation)
• Redesigned splash, loading and home page alongside a new login animation

• Improved /swagger endpoint metadata, with response codes and object models.

Read release notes here

Bug Fix:

• Fixed CORS parsing in SPA wizards for templated URL

Bug Fix:

• Fixed a bug with Password Reset Webhook button not functioning as intended when in non-demo use. 

Features:

• New Role User Management feature providing a faster and more efficient method to add and remove multiple users from a role

Improvements:

• Refreshed landing page text & layout
• Added SQL guidance link to the installer
• User code generator type now defaults to a null value
• Modals no longer close when you click off them
• User page now refreshes when filtering
• AdminUI set password will be always be set to true when using a demo license key
• Clearer error messaging for configuration validation on startup
• Fixed bug where AdminUI installer would crash on first-time setup

Please be aware that this version changes how database migrations are performed in AdminUI, offering a simpler, more secure approach going forward. You can read more about this in our documentation. 

Features:

• PKCE Spa client wizard and configuration
• WS-Federation Rely Party wizard and configuration. Docs
• SAML Service provider wizard and configuration. Docs
• New installer with optional IdentityServer4 quickstart example. Docs

Minor Features:

• Added the option to add a different connection string for the persisted grants DbContext by adding the field "OperationalConnectionString" to the API web.config. If OperationalConnectionString isn't added, the behaviour will remain unchanged
• Enabled logging configuration to allow users to change the log level and the logging template. Click here for the documentation for further details on using LoggingMinimumLevel and LoggingOutputTemplate.

Bug Fixes

• Added .NetFramework 4.7 as a requirement to the installer, fixes issues with the installer crashing on operating systems less than 4.7.x
• Fixed issue with legacy SqlServer user paging.

Bug Fixes

• Sensitive data leakage in Audit records when combined with the un-recommended AdminUI password reset feature

Bug Fixes

• Uses IdentityServer database connection string for Audit if no explicit audit database connection string defined universally

Features:

• Full system audit, IdentityServer and AdminUI audit events in one place
• Audit views for users and clients
• Hyperlinks from audit records to users and clients
• Permission to access audit records
• Filter audit records by Source, Subject, Action, Resource and Outcome
• Bookmarkable audit queries
• CSV export of audit records
• Compatible with our free audit library available on Nuget ( RSK.Audit.EF )
• Improved usability on client wizard splash screen
• Device Flow client wizard
• Advanced Device Flow configuration page
• Improved accessibility (Thanks to Sean Farrow for his help!)

Bug fixes:

• Fix compatibility issues with .Net Core hosting bundle
• Corrected typos
• Fixed hard refresh on certain pages
• Improved load times by upgrading to Angular 6
• Fixed missing translations
• Minor UI and UX tweaks

Bug Fixes

• Fixed issue with deleting the wrong client secret
• Add User Password not being interpreted correctly in docker

Features

• Configurable AdminUI administrator permissions, managed within AdminUI
• Added UI for managing user external login data
• Landing page redesign, including an RSS feed to stay up to date with the latest AdminUI news
• Added internationalization for Spanish & French based on browser culture
• Updated licensing functionality to show license type within UI screens

Bug Fixes

• Added error message when creating API scopes with duplicate names
• Added error handling for client applications with duplicate display names
• Fixed redirect after deleting an identity resource
• Fixed an issue where Boolean values were being submitted using browser language
• Fixed ability to add multiple scopes one after another
• Improved regex check when adding claims
• Fixed client display when non-OpenID Connect client applications are manually added to the database
• Fixed reported missing translations
• Fixed issues on the user settings endpoint And a whole host of other minor UI and UX tweaks!

Minor feature enhancements and bug fixes

• Replaced CDN usage with locally-hosted libraries. 
• Adding multiple protected resources and scopes no longer retain data across creation screens
• Fixed an issue where only the top protected resource scope could be edited
• Added missing translations
• Client creation now correctly uses scopes instead of resources
• Improved resiliency of silent refresh
• Fixed UserSettings endpoints erroring when a user had missing required claims

• Multi-Language Support: English, German, Chinese (Taiwan), and Chinese (Simplified)
• Improved Support for IE11
• Soft deletion now scrubs user credential from the database
• Default user & password policy settings can now be modified New overloads to IdentityExpressDbContext to improve extensibility
• Now includes support for setting client claims prefix value

Bug Fixes

• Re-enabled support for SQL Server 2008
• Improved performance for role searching
• Fixed typo in Postgres database provider
• Fixed labels on Client:Advanced:Tokens
• Fixed always send claims checkbox never updating
• Fixed issue with 2.0 not running on a path

First version to support IdentityServer4 v2.x