Previous changes and fixes - Intergraph Smart API Manager - 6.0 - Release Notes/Bulletin

Intergraph Smart API Manager Release Bulletin
ft:locale
en-US
Product
Intergraph Smart API Manager
Search by Category
Release Notes/Bulletin
Smart API Manager Version
6.0

SHARED Tip For features and improvements in the latest release, see Latest changes and fixes.

Hardware and software recommendations

Breaking changes:

Other changes and fixes:

  • We no longer certify the Smart API Manager web client for use on tablets. For device certification information, see Smart API Manager web client.

Bundled Third-Party Components

  • In Version 5 Service Pack 3, the following third-party packages were upgraded to resolve vulnerabilities:

    • AngularJS - Upgraded to supported version 1.9.6 from XLTS.dev provider

    • IdentityServer - Upgraded to supported version 4.1.2

    • Sustainsys.Saml2 - Upgraded to supported version 2.9.2

    • Microsoft - Multiple packages upgraded to supported versions

    • NLog - Multiple packages upgraded to supported versions

  • In Service Pack 2, the following third-party packages were upgraded to resolve vulnerabilities:

    • AngularJS - Upgraded to supported version 1.9.1 from XLTS.dev provider

    • jQuery - Upgraded to version 3.6.4

    • Lodash - Upgraded to version 4.17.21

  • We now install Microsoft .NET Core runtime and C++ runtime, Oracle ODP.NET, and the Sustainsys.Saml2 library. For a list of bundled third-party components and the versions installed, see What's Installed.

Database Configuration

  • If you are using an Oracle database, the sam runtime user must be:

    • Created before running the configuration tool

    • Granted create session privileges. For instructions, see Configure Oracle users

  • If you choose to install the bundled version of SQL Server Express LocalDB but already have an older version installed, the newer version is not installed. For the currently bundled version, see What's Installed.

Smart API Manager Installation and Configuration

Breaking changes:

  • In the appsettings.json file, if you allow the wildcard setting for CORS (*), the origin value is no longer echoed back for /oauth/ endpoints. Instead, only the asterisk (*) is returned. This might affect clients sending withCredentials requests.

  • A separate executable is now used for silent configuration, Hexagon.Sam.Configuration.exe.

  • For silent configuration, the /h parameter has been added (run health diagnostics only). For a list of parameters, see Silent configuration.

  • The JWKS endpoint changed:

    • From: https://<server name>/<application name>/oauth/.well-known/jwks

    • To: https://<server name>/<application name>/oauth/.well-known/openid-configuration/jwks

  • The SAM IWA endpoint changed:

    • From https://<server name>/<application name>/iwa

    • To: https://<server name>/<application name>

Other changes and fixes:

  • In Version 5.0 Service Pack 3, we have made the following updates:

    • Fixed a stored cross-site scripting vulnerability in the Admin UI Logs page.

    • Added support for Windows Server 2022 and SQL Server 2022.

  • Version 5.0 Service Pack 1 fixes an issue that caused the installer to fail if the server already had NET Core 3.1 Hosting Bundle or NET 6 Hosting Bundle installed.

  • The Upgrade option on the installer is now disabled as we currently do not provide an upgrade process.

  • The name, type, and location of the configuration file has changed. The file is now here:

    [Smart API Manager Install Folder]\appsettings.json

  • The executable for interactive configuration has been renamed to Hexagon.Sam.ConfigurationTool.exe.

  • If multiple instances of Smart API Manager are configured for load-balancing, such as in a web farm, you are no longer required to set consistent machine keys on all the Smart API Manager instances to prevent security errors.

  • The Join existing domain (existing database) option has been removed from the configuration utility. The same goals can be accomplished using the Reconfigure option. For more information, see Step 1: Choose your configuration option.

Identity Provider Configuration

Breaking changes:

  • Smart API Manager is no longer pre-configured for use with the CA SiteMinder Identity Provider, and we no longer include the optional CA SiteMinder Authentication (SM) Service.

  • For an OIDC identity provider, the logout redirect URI has changed. For information and instructions, see Define settings in Smart API Manager and Your Identity Provider.

  • We no longer support malformed requests to Smart API Manager OAuth endpoints, for example:

    https://<server name>/<application name>/oauth/.well-known/openid-configuration type URIs.

  • We have upgraded the security token service to IdentityServer. For more information, see IdentityServer.

Other changes and fixes:

  • When you configure an external identity provider, we no longer pre-populate the list of provider claims or validate the configuration when you complete. Instead, you must supply the claims and make sure that they are valid. For more information and instructions, see Map identity provider claims to Smart API Manager claims.

Smart Client Registration and Configuration

  • A client secret is no longer required for Smart Clients that uses one of the following authorization flows: authorization code, authorization code + PKCE, hybrid, and hybrid + PKCE authorization flows.