October 18, 2023

Maintenance release – PhenixID Authentication Services (PAS) 4.7.1

This new release includes defect fixes and addition of minor functtions for the 4.7 release, and is recommended for all 4.7 installations.

Bug fixes


The 4.7.1 release includes the following fixes

  • PHX-2963 resp_attributes type 6 (Service-Type) value returned incorrectly

    Service-Type attribute in RADIUS always returned the wrong value.
    Now updated and the Service-Type attribute can now be set using PropertyAddValve

  • PHX-3030 Wrong language is show in PSS if brower is set to Swedish

    If Chromium based browser have Swedish as default language, the Password Selfservice service would show a mix of English and Swedish

  • PHX-3068 Signing, OCSP/CRL: Incorrect validation

    Validation of OSCP/CRL tokens failes since wrong value is compared

  • PHX-3110 BankID – 400 response when signing gives Java error

    BankIDSignValve and BankIDCollectValve woudl generate a java error if BankID returns a 400 response.
    The solution also includes an update where the errorcode of the 400 response is forwarded to the application

  • PHX-3122 IOS redirect to native browser when using non native browser

    Independent of which browser is used when initiating a BankID authentication, iOS devices will redirected back to default web browser

  • PHX-3170 Add loginhint to OIDC to auth-request

    Support for “login_hint” in OIDC auth-request is missing

  • PHX-3188 Clear “SAMLSignApproved” with the rest of the SAML attributes on a new SAMLRequest

    Attribute SAMLSignApproved is not cleared

  • PHX-3189 validateSchema for SAML SignMessage causes freeze/crash in some environments

    validateSchema function in SAMLAuthRequestDecoder freezes/chrashes, preventing SignMessage to be parsed


New/updated features


  • PHX-3021 Add support for basic authorization in bankid proxy module

    Support basic authorization header in BankID proxy/api

  • PHX-3102 SithsEidCollectAuthenticationStatusValve that returns Inera response intact as json

    Return the intact Inera response as json

  • PHX-3108 BankID 6.0 Phoneauth via proxy/api

    Phoneauth endpoint according to BankID 6.0 added in BankID proxy/api

  • PHX-3112 OpenID Connect Session Management 1.0

    Support for OpenID Connect Session management 1.0 implemented

  • PHX-3126 Add BankIDPhoneSignValve

    Add BankIDPhoneSignValve according to BankID 6.0

  • PHX-3127 Make it possible to expand requirement from request in BankIDAuthenticateValve and BankIDSignValve

    Add the possibility to add requirements in a request when using HTTP API with BankID valves

  • PHX-3171 BankID 6.0 Phonesign via proxy/api

    Add Phonesign endpoint according to BankID 6.0 to BankID proxy/api

  • PHX-3187 Make AssertionConsumer strict scoped attribute validation option

    Let the administrator decide by config if AssertionConsumer should use strict scoped valdiation or not

See patch release information for 4.7.1 and read the full release notes for PhenixID Authentication Services 4.7 here: