What's new in this release

The appliance now uses a new update notification service to notify administrators about available firmware updates using the Dashboard and System Events framework. The existing online update capabilities, including update scheduling and support license management, have been removed from the appliance.

The Reverse Proxy can now be configured to process requests by using the ModSecurity rules processing engine. The appliance also includes an embedded copy of the OWASP ModSecurity Core Rule Set. For more information about the new web application firewall capabilities, see Web Application Firewall.

IBM Security Verify Access no longer hosts images on Docker Hub after 31 December 2022. All images are accessed from their new location on IBM Cloud® Container Registry.

This change is a breaking change to many automated deployment pipelines, and administrators must validate and modify their container deployment routines to source these containers from their new location.

The Policy Directory Java™ library (PD.jar) has been updated to support both IBM® Java 1.8 and OpenJDK 11. Previously, administrators were required to use the legacy version of PD.jar for versions of Java lower than 11. Now administrators are no longer required to move to Java 11 to use the latest version of PD.jar. For more information about using PD.jar to retrieve information from the runtime user registry/policy server, see the Administration Java classes overview.

Support for SafeNet hagroup configurations was added to Verify Access. Administrators who install the SafeNet HSM Extension from IBM App-Exchange can group one or more SafeNet devices into an HA group. For more information about configuring HSM devices, see Configuring network Hardware Security Module (HSM).

A new API was added to the Local Management Interface (LMI) that represents AAC Authentication policies as JSON. Previously, the policy itself was represented solely as XML. For more information about the API and usage examples, see the WebServices documentation that is available from the appliance LMI. Apply the filter “Full JSON API” to show the appropriate pages for the new API.

A new API was added to the Local Management Interface(LMI) that represents AAC Access Control policies as JSON. Previously the policy itself was represented solely as XACML 2.0. For more information and usage examples, see the WebServices documentation that is available from the appliance LMI. Apply the filter “Full JSON API” to show the appropriate pages for the new API.

It is now possible for a user to change their password by using the SCIM API without the need for a two-phase update process. See User password change and recovery.

A new scenario is now available in the Example Branching Policy Scenarios wizard, called Identifier First Authentication. This scenario initially prompts the user only for their username. The user is then able to choose between FIDO2/WebAuthn authentication, MMFA authentication, or standard username and password authentication. For more information, see Scenarios.

In the FIDO2 custom mediator, two new properties can be accessed from the registration object backupEligibility and backupState. Both relate to the backup of the public key credential source of a registration. For more information, see FIDO2 Mediation.

In the available JavaScript classes, two new methods are available in the following two classes com.tivoli.am.fim.registrations.local.FIDORegistration and com.tivoli.am.fim.fido.mediation.FIDO2Registration. They both now provide getter methods for backupEligibility and backupState. For more information, see JavaScript whitelist.

In the management of template files, directories can now be created at the root level. For more information, see Managing template files.