IDM 8.1 supports several new encryption options. (ID-16979, 17789)
For encryption of server encryption keys, added support for PBE with AES (ECB mode) using a 256-bit key. This new option is similar to the existing PBE with DES mechanism but uses AES as the underlying cipher.
For both data in the repository and for gateway communications, added support for AES with 128-, 192-, and 256-bit keys (ECB mode).
Changed the "Manage Server Encryption" task as well to accommodate this new functionality.
Some of these new options require additional install and/or configuration steps as detailed in the Administrator's Guide.
Added a new "Login Recovery" authentication alternative to the "Forgot Password" security questions based login. (ID-18052)
Identity Manager now supports XMLDSIG format signed approvals. Previously, signed approvals were stored in the Identity Manager audit log in a proprietary format. This enhancement allows such approval records to be stored in an XMLDSIG standards compliant format thus offering better interoperability. Also supported is the ability to include an RFC 3161 compliant digital time stamp retrieved from an external time stamp authority. (ID-19011)
When pass through authentication is enabled, the change password functionality works correctly when a user's resource password has expired and the Identity Manager account ID and resource account ID are different. (ID-19218)
Fixed multiple cross-site request forgery (CSRF) vulnerabilities. (ID-19280, 19659, 19660, 19661, 19683, 20072) Any customizations to the includes/headStartUser.jsp and user/userHeader.jsp files must be manually updated.
Improved performance for dynamic organizations. The Waveset.properties file now contains several properties that define how Rule-Driven Members lists cached. (ID-19586)