Announcement | This website is no longer being updated

The CEF Digital programme 2014-2020 has concluded. The CEF Digital platform ( is no longer being actively updated. A new website will be coming soon.

Page tree

CEF DIGITAL home page

eID Services

eIDAS-Node software releases

All releases

Current releases

VersionRelease dateFeatures

Main changes

  • Technical Specifications 1.2:
    • Extension of Connector’s and Proxy-Service LOA validation to non-notified scheme LOAs
    • Extension of  Simple Protocol request to allow support to non-notified scheme LOAs
    • Implementation of support for 1.1 and 1.2 eIDAS specification for Gender attribute
    • Align allowed signature algorithms to eIDAS specification 1.2
    • Appropriate extensions to support RequesterID
    • Restriction of the node configuration to the use of TLSv1.2
    • Publication of the NodeCountry
    • Remove “No Specified” from Gender possible values
    • Extend Light Response to allow support of SAML consent values
  • Break of the LightRequest / LightResponse interface:
    • Add SP Country Code to Light Request interface
    • Generation of LightMessage model  from XSD
    • Extend Light Response to allow support of SAML consent values
  • eIDAS Default parameters configuration
  • Jcache support for the eIDAS Node
  • Logging of messages eIDAS Node 2.x branch
  • Bug fixes
  • Security fixes
  • Source code fixes
  • Documentation fixes
  • Bouncycastle dependency was upgraded from v1.52 to v1.60 clearing vulnerabilities
  • Bootstrap dependency was upgraded from v3.3.5 to v4.3.1 clearing vulnerabilities

  • This release has been successfully tested for interoperability with previous releases of eIDAS-Node versions of 2.2 and 1.4.4.
  • This release successfully tested and works with Middleware version 1.0.7.

Past releases

VersionRelease dateFeatures

Main changes:

  • Added key agreement support
  • Added support for Brainpool curves for SAML signing
  • LightRequest - Passing the Country Code of the Destination
  • Bugs and security fixes
  • Improvement of code quality

Main updates in dependencies:

Updates in dependencies in order to avoid reported related vulnerabilities or to get the need functionality.

  • logback from 1.1.2 to 1.2.0
  • BouncyCastle from 1.60 to 1.64
  • Shibboleth from 7.3.0 to 7.5.0
  • Opensaml from 3.3.0 to 3.4.3

Added dependencies:

  • swedenconnect.opensaml:opensaml-security-ext 1.0.5

Main changes:

  • Added fix for a critical reported vulnerability.


  • This release was successfully tested for interoperability with previous releases of eIDAS-Node v2.3 and v1.4.5
  • This release was successfully tested with Middleware v1.1.0

Main changes:

  • Improvement in logging for better traceability of messages
  • Support of JCache: Ignite as default implementation
  • Migration to Java 8
  • Updated list of supported Web application servers:
    o   Glassfish 4: Full Platform replaced by Web Profile
    o   Dropped Tomcat 7, introduced Tomcat 9
    o   Dropped JBoss7, introduced Wildfly 15
  • Bugs and security fixes

Main updates in dependencies:

Updates in dependencies in order to avoid reported related vulnerabilities

  • BouncyCastle dependency was upgraded to v1.60
  • Bootstrap dependency was upgraded to v4.3.1
  • jQuery dependency was removed from the node (i.e., from the Generic parts)



The following main fixes were introduced:

  • Usage of simple DSI keys in SAML messages is implemented for encryption.
  • Allow SAML response for failed authentication with or with-out SAML assertion, based on request's application identifier.
  • Correction of wrong character encoding in metadata.
  • Support of Sub-CA for Metadata Signer to allow eIDAS Service to validate metadata.
  • Dependencies were refactored.
  • Security fix for processing authnrequest no longer allows for manipulation of issuer element.

The release successfully tested and works with Middleware versions 1.04 and 1.06.



  • Change in Gender allowed values : Allow temporarily "Not Specified"

  • Add protocol versioning elements to metadata

  • Support of Sub-CA for Metadata Signer

  • Implement usage of simple DSI keys in SAML messages

  • Use of SingleSignOnService instead of hardcoded URLs

  • Build separation between Demo and Node modules

  • Update copyright headers and remove authorship



  • There are now two deployment approaches; Standard (independent Specific and Generic applications) and Monolithic (single WAR file).
  • Architecture improvements are introduced to enable seamless upgrades of the eIDAS-Node in the future. MS Specific module has been split into Specific Proxy Service module and Specific Connector module.
  • Simple Protocol has been defined between the demo Service Provider 2.0 tools and the Specific Connector, and between the Specific Proxy Service and the demo Identity Provider 2.0 tools.
  • OpenSAML has been upgraded to version 3.0 in the eIDAS-Node core part.
  • A new look and feel.
  • EID-667 - Improved the logging trail to address gaps with respect to message id and node id for entities with which the eIDAS-Node interacts, e.g., SP and IdP.
  • EID-652 - Problem in validation of entityID of SP
  • EID-658 - Interference with audit trail
  • EID-671 - Exposure to host header poisoning
  • Upgraded the dependencies listed below to avoid the vulnerabilities (CVEs) corresponding to their previous versions:
    1. Spring Framework to v4.3.18 from v4.1.0.
    2. Xerces to v2.12 from v2.11.
    3. JQuery to v3.3.1 from v1.11.3
  • This release has been successfully tested for interoperability with previous releases of eIDAS-Node versions of 2.2 and v1.4.3.
  • This release successfully tested and works with Middleware versions1.0.6 and 1.0.7.
  • EID-617 - Error responses contains assertions with a false identity
  • EID-630 - Missing Assertion in failed authentication response should be OK
  • EID-643 - Wrong character encoding in ConnectorMetadata
  • Removal of vulnerability EID-631: Issuer URL in SAML AuthnRequest can be manipulated
  • German MW integration: Correction of the exception when parsing German metadata;
  • Addition of the protocol versioning elements to metadata;
  • Correction of Junit test for which metadata were expired;
  • Correction of Gender allowed values : Addition of temporarily "Not Specified" in Gender values validation;


  • Support for the WebLogic 12.2 family;
  • Propagation of SPType to Proxy Service/IdP;
  • Correction to LegalPerson data set attributes;
  • Limiting the size of IdP supplied attribute values;
  • Improvements and fixes for several bugs; and
  • Documentation enhancements and improvements


  • Better alignment with the requirements coming from the eIDAS technical specifications (e.g. support for natural and the Legal person MDS representation, removal of the validation of the OneTimeUse and SubjectLocality attributes, etc.)
  • Externalisation of configuration files for the eIDAS-Node, demo SP and demo IdP
  • This release is based on version 1.0 of the eIDAS technical specifications.

  • This release includes stability improvements.

  • definition of an abstraction and clear conformity of light Request/Response (in the module EIDAS-Light-Commons). These light objects (SAML agnostic) are designed to be used in the eIDAS-Node (SP to Connector) and also in the country specific modules (Proxy Service to IDP);

  • definition of an abstraction and a clear conformity for the country specific modules (in the module EIDAS-SpecificCommunicationDefinition). With this abstraction the dependency with the SAML Engine is no longer needed in the country specific modules;

  • improvements to the SAML Engine for complete independence and to able to be configured separately from the eIDAS-Node (metadata configuration, white list of signature and encryption algorithms);

  • definition of an attribute registry used by the SAML Engine to provide clear definition, conformity of the attributes supported (configuration based) and enforcing validation;

  • full coverage of the transliteration at the attribute and attribute registry level;

  • hardening to ensure immutability when necessary on the classes used in the SAML Engine (builder pattern)

v1.0 25.11.2015
  • Improved modularity 
  • Code refactoring
  • New look & feel
v0.9 21.09.2015
  • Support to eIDAS message format and extension of eIDAS metadata (eIDAS Technical Specificaitons)
  • Security improvements
  • Extension of the sample applications (Service provider, Identity provider and Attribute provider) to provide a sample of use of the EIDAS Regulation features 
  • Additional feature selector enforcing eIDAS Regulation compliance