24.4 enhancements and patches
Version | SaaS | On premises | Fixed issues | Updates and enhancements |
|---|---|---|---|---|
24.4.02 | ✅️ | None | ||
24.4.01 | ✅️ | |||
24.4.00 | ✅️ | None |
For a list of recent updates and enhancements across multiple versions, see Release-notes-and-notices.
BMC applies upgrades as described in the BMC Helix Upgrade policy. BMC applies upgrades and patches during Maintenance windows.
24.4.02
Ability to encrypt data
Administrators can encrypt the required data to ensure security by using the Admin console. They can encrypt different types of data; for example, database passwords, API passwords.
Learn about encrypting data in Configuring-settings-for-BMC-Helix-SSO-administrators.
Ability to validate SpEL expressions
Administrators can validate a SpEL expression that can be used in different scenarios such as while transforming a user ID and identifying a realm by using a pattern when the server-side MSP is enabled.
This functionality helps administrators to identify any issues in the SpEL expressions.
Learn about validating these expressions in Configuring-settings-for-BMC-Helix-SSO-administrators.
Ability to view additional details in audit records
BMC Helix SSO tracks additional details in the audit records for the following events:
- USER_LOGGED_IN—If an error occurs due to a user ID transformation, the transformation details are tracked in this event.
- USER_LOGIN_FAILED—If an error occurs due to a user ID transformation or a pre-authentication error, those details are tracked in this event.
Learn about viewing the audit records in Reviewing-audit-records.
Use trace IDs to easily locate issue details in logs for troubleshooting OpenID Connect issues
BMC Helix SSO provides trace IDs for issues in the OpenID Connect authentication. Use this trace ID to locate the associated error in the log file.
24.4.01
Retrieve additional user details from an ID token of an OpenID Connect provider
While configuring OpenID Connect authentication, administrators can specify user details that should be retrieved from the OpenID Connect provider's ID token, adding another level of user authorization.
Learn more about this functionality in Configuring OpenID Connect authentication.
Additional scenarios supported for immediate logout sessions
BMC Helix SSO supports immediate logout in the following additional scenarios:
- When a session is invalid due to a change in the application tenant
- When the password of a local user or an AR user has changed
- When a local user is deleted
- When an administrator deletes a session
- When a user is locked out due to a failed login attempt
- When a logout session occurs in a single domain mode
- When a session quota event occurs
24.4
Access the MSP server-side mappings for tenants
Tenant administrators can get insights into the available MSP server-side mappings for their tenants. Additionally, tenant administrators can move the mappings for their tenants.
Learn more about tenant administrator access to MSP in Configuring-realm-identification-for-multiple-service-providers.
Support for Redis cluster
Administrators can configure the BMC Helix SSO server with the Redis server in cluster mode.
Learn more about this enhancement in the following topics:
What else changed in this release
Update | Product behavior in versions before 24.4 | Product behavior in version 24.4 |
|---|---|---|
BMC Helix SSO admin UI | The BMC Helix SSO admin UI used the ADAPT 14.0.0 version. | The BMC Helix SSO admin UI uses the ADAPT 17.12.00 version. |
JWS algorithms for ID tokens | BMC Helix SSO did not accept the following JWS algorithms for ID tokens:
| BMC Helix SSO accepts the following additional signature algorithms for ID tokens:
|