Greater clarity, control and confidence for modern IAM
We’re thrilled to announce the release of PAS 6.1.0, building on the major technical foundation from version 6.0 with smarter tools that make identity management more transparent, flexible and intuitive than ever.
This release transforms core areas of the platform: SAML metadata handling, ADCS workflows, authentication logic and overall configuration visibility. The result is a simpler, clearer and more powerful administrator experience.
A new era of SAML Metadata management
In PAS 6.1.0, we introduce a completely rebuilt engine for SAML metadata handling. The goal is simple: more transparency, more control and fewer limitations.
Highlights:
- Full metadata status page in the admin GUI
See overall SAML module status, detailed metadata source status, load times, validity windows and more. - Per-entity insights
Understand which repositories have loaded a specific entity, certificate expiration details and additional metadata signals. - Advanced configuration options
Custom refresh intervals, cache durations, validity enforcement and signature rules. - Metadata Repositories
Configure subsets of trusted metadata tailored for specific integrations. - Direct trusted entity configuration
Add individual SAML entities even without a file or URL source. - New metrics for even deeper operational insight.
New valves for seamless ADCS integration
A frequently requested capability is now here: smoother integration with ADCS directly inside your pipes. PAS 6.1.0 adds several new valves that enable certificate generation workflows, including PDF signing scenarios.
New valves:
- AdcsRequestCertificateValve
- CSRGeneratorValve
- DNCombinerValve
- KeyPairGeneratorValve
- PKCS12GeneratorValve
- PKCS12ToTemporaryKeystoreValve
An example configuration demonstrating PDF signing with ADCS-generated certificates is now available.
Smarter Selectors, Dispatch and SSO
This release brings powerful new conditional logic to authentication selectors, making it easier to build dynamic user journeys and fine-tune SSO behavior.
New capabilities:
- Expression-based conditions controlling which authentication options appear
- Shorthand rules for allowed issuers (SPs, RPs, etc)
- forceAuth and useAssertionProfile support in both Selectors and Dispatch
- Improved SSO logic ensuring SSO only triggers when the original authentication method is available
Example configurations, including LoA-based SSO flows, are now included in the documentation.
Interactive authentication flowcharts
Complex authentication sequences can be difficult to visualize. PAS 6.1.0 solves this with interactive flowcharts directly in the configuration GUI.
You can now:
- See full authentication flows at a glance
- Drill into sequences, branches and sub-flows
- Print complete flowcharts (including sub-charts) as PDFs
- Access this visualization at each SAML IdP, OIDC Provider and internal auth endpoint
This gives administrators a clearer understanding of how everything fits together.
Additional improvements
PAS 6.1.0 includes a long list of enhancements across the admin GUI, authentication frontend, SAML, OIDC, certificate handling and more. A few highlights:
- Upload new certificates directly to existing keystores in the WebUI
- New PropertyExtractValve for RegEx-based property extraction
- New internal signature flows for internal auth endpoints
- Updated guides, including a new PRISM FedSigning configuration scenario
- Configurable client authentication methods in RPBroker
- Improved frontend accessibility, icons and focus states
- Updated default BankID API version to 6.0
- Extended handling of OneID, Nias, Freja and mobile authenticator flows
A full list of improvements is available in the release notes below.
Bug fixes
This release also resolves issues across mobile authenticators, admin GUI, OIDC discovery, SAML flows, legacy browser handling, keystore inspection and more. The fixes ensure greater stability and a smoother user experience.
Included improvements and fixes from PAS 5.1.9
PAS 6.1.0 also includes all improvements and bug fixes from PAS 5.1.9, such as:
-
Better UX for relay session login
-
EC key support in OIDC integrations
-
Updated OneID logo
-
Stability improvements in DynamicAuthenticator, legacy relay, and OIDC discovery
-
Fixes for SMS/Mail OTP masking, Freja OrgID, WindowsSSO fallback and more
See the full list in the detailed notes below.
Summary
PAS 6.1.0 expands the capabilities introduced in PAS 6.0 and brings major upgrades to metadata handling, authentication visualization, selector logic and ADCS workflows. With clearer insight, stronger control and improved user experience, this release helps organizations manage secure access even more effectively.
