This documentation supports the 24.3 and consecutive patch versions of BMC Helix Single Sign-On.To view an earlier version, select the version from the Product version menu.

24.2 enhancements and patches


Review the BMC Helix SSO 24.2 enhancements and patches for features that will benefit your organization and to understand changes that might impact your users.

Version

SaaS

On premises

Fixed issues

Updates and enhancements

24.2.02

✅️


None

24.2.01

✅️


None

24.2.00

✅️


For a list of recent updates and enhancements across multiple versions, see Release-notes-and-notices.

BMC applies upgrades as described in the BMC Helix Upgrade policy. BMC applies upgrades and patches during Maintenance windows.


24.2.02


Use Trace IDs to easily locate issue details in logs for troubleshooting SAML issues

The Trace ID is displayed on the error page for SAML authentication issues. To troubleshoot issues, use this Trace ID to locate the error details in the log files. To troubleshoot the issue, use this Trace ID to easily locate the error details in the log files.

24.2.02_SAML_ID.png

24.2.02_ajax_request.png

BMC Helix SSO sends 401 response with a special header for Auth Proxy requests

If a session timeout occurs when accessing a Realm by using Auth Proxy, BMC Helix SSO responds to the request with a special header and the 401 HTTP code. Application developers can use this header and the response for their applications.

For more information about enabling 401 responses with a special header, see Configuring-Auth-Proxy-for-deployment-with-BMC-Helix-SSO.

24.2.01


Log records to track requests related to consumer keys

Log entries to track the status of requests related to consumer keys are available so that you have an audit record of these requests.

For more information about viewing audit records, see Reviewing-audit-records.

24.2


Including additional attributes retrieved from the Identity Provider to ID tokens during authentication

BMC Helix SSO allows you to include additional attributes to the ID tokens from an identity provider (IdP) request. Map the attributes extracted from the IdP request to custom claims in a user response so that this information is available to consuming applications during the authentication process. 

For example, you can define a group attribute, and map it as a claim for the ID token response to use it as an authentication parameter. 

For more information about adding attributes and claims for ID tokens, see Configuring-attributes-for-the-userinfo-endpoint-and-ID-token-for-OAuth-clients.

What else has changed in this release

In this release, note the following significant changes in the product behavior:

Update

Product behavior in versions earlier than 22.4

Product behavior in version 22.4 and later

BMC Helix SSO Admin console login page has been updated to use ADAPT 17.2.0

The Admin Console login page didn't follow ADAPT 17.2.0 standards.

(Version 24.2.02 and later) The Admin Console login page has been updated as per ADAPT 17.2.0 standards.

UI enhancements for read-only SAML template view. 

.

The button to view the SAML template was labeled Edit, and admin users with read-only permissions could edit the content displayed in the text box with the template details, but the changes made were not saved.  

The button to view the SAML template has been renamed to View, and admin users with read-only permissions can no longer edit the content displayed in the text box with the template details. 

Feature flags for features that do not require to be enabled manually have been removed from the UI.  

The following feature flags were displayed when viewing tenant configuration:

  • User ID transformation to convert AR alias to login
  • Multiple certificates in SP Metadata
  • Enable attribute extraction from SAML IdP
  • CSP Headers
  • Fetch AR user info
  • Cookie SameSite Strict
  • Admin console access control

The following feature flags are enabled by default and are not displayed when viewing tenant configuration:

  • User ID transformation to convert AR alias to login
  • Multiple certificates in SP Metadata
  • Enable attribute extraction from SAML IdP
  • CSP Headers
  • Fetch AR user info
  • Cookie SameSite Strict
  • Admin console access control

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*