25.4 enhancements and patches
Version | SaaS | On premises | Fixed issues | Updates and enhancements |
|---|---|---|---|---|
| 25.4.02 | ✅️ | NA | 25.4.02 | |
| 25.4.01 | ✅️ | Known and corrected issues | 25.4.01 | |
25.4.00 | ✅️ |
| Known and corrected issues |
For a list of recent updates and enhancements across multiple versions, see Release notes and notices.
BMC Helix applies upgrades as described in theBMC Helix Upgrade policy. BMC Helix applies upgrades and patches duringMaintenance windows.
25.4.02
Improved self-service for domain management
Tenant administrators can manage application domains directly within their tenant realms, including adding, updating, or removing application domains. The feature is disabled by default and can be turned on through the tenant configuration settings. An ability to modify application domains helps establish smooth integration with other BMC Helix applications and simplifies URL management within a self-service portal. For more details, see Self-service configuration for BMC Helix SSO Tenant administrator.
Extended information in OpenID Connect and SAML audit records
Audit records for the USER_LOGIN_FAILED event include trace IDs. Additional data is available for the OpenID Connect and Security Assertion Markup Language (SAML) methods. This feature helps administrators and support teams diagnose authentication issues, eliminating the need to investigate logs. To read more about audit, see Reviewing audit records.
Enforced password policy for admin and local users
The minimum password length is increased from 8 to 14 characters for all admin users. For local users, this policy applies only if the Federal Information Processing Standards (FIPS) mode is detected. Overwise, their password policy does not change. To learn more about password management for local users, see Managing local users and passwords.
25.4.01
Enhanced Auth Proxy support for AR JWTs and IMS JWTs
Auth Proxy supports special authentication use cases by handling Action Request JSON Web Tokens (AR JWTs) and Identity Management Service JSON Web Tokens (IMS JWTs). BMC Helix SSO token validation by the BMC Helix SSO agent is no longer required. This enhancement helps the Converged Server to transition from the BMC Helix SSO agent to Auth Proxy. Configuration options added:
- excluded_authorization_scheme_names
- excluded_cookie_names
For more details, see Configuring Auth Proxy for deployment with BMC Helix SSO.
25.4.00
Enhanced end-user audit logging
As an administrator, obtain greater visibility and traceability of end users' authentication activities. In addition to the source IP address, you can view the authentication method, its position in the authentication chain, and a 128-bit Universally Unique Identifier (UUI) of the identity provider. For more information about audit logging, see Reviewing audit records.
What else changed in this release
The following table lists the changes in the product behavior:
| Update | Product behavior in versions earlier than 25.4 | Product behavior in version 25.4 and later versions |
|---|---|---|
| Increased backend idle timeout. | The default backend idle timeout was 16 minutes, which caused unexpected logouts in the BMC Helix Digital Workplace administrator console. | The default backend idle timeout is 60 minutes. |
| Localization of the copyright text. | Incorrect or missing translation of copyright text. | Correct localization of copyright texts in all supported locales. |
| Login page usability. | The login page was not pre-populated with the user ID hint when accessing an integrated BMC Helix application through OpenID Connect or SAML authentication, as detected by the Multiple Service Provider (MSP) page. | Provided a user ID hint for users accessing the application by the Open ID Connect or SAML authentication flows identified by the MSP functionality. |
| SAML. | When invalid data was detected for a SAML certificate, the system logged an exception. | When invalid data is detected for a SAML certificate, the system logs a WARNING. |
| Token invalidation upon session removal. | When a session was deleted, the administrator had to manually remove the associated tokens. | When a session is deleted, its associated tokens are automatically removed. |