eIDAS-Node version 1.4.5
This page contains a collection of the resources for the eIDAS-Node version 1.4.5, released on 11th April 2019.
Release 1.4.5 of the eIDAS sample implementation for Member States is an all-in-one package for the Java platform including binary distributions for Glassfish, JBoss, Tomcat, WebLogic, WebSphere and the source code (Maven project). This release is based on version 1.1 of the eIDAS technical specifications and includes the following improvements and fixes:
- Bouncycastle dependency was upgraded from v1.52 to v1.60 clearing the following vulnerabilities:
EID-823 CVE-2016-1000338, EID-824 CVE-2016-1000339,
EID-825 CVE-2016-1000340, EID-826 CVE-2016-1000341,
EID-827 CVE-2016-1000342, EID-828 CVE-2016-1000343,
EID-829 CVE-2016-1000344, EID-830 CVE-2016-1000345,
EID-831 CVE-2016-1000346, EID-832 CVE-2016-1000352,
EID-833 CVE-2017-13098, EID-834 CVE-2018-1000613.
- Bootstrap dependency was upgraded from v3.3.5 to v4.3.1 clearing the following vulnerabilities:
EID-802 Vulnerable version of Bootsrap,
EID-818 CVE-2018-14040, EID-820 CVE-2018-14041,
EID-821 CVE-2018-14042, EID-822 CVE-2019-8331.
- This release has been successfully tested for interoperability with previous releases of eIDAS-Node versions of 2.2 and 1.4.4.
- This release successfully tested and works with Middleware version 1.0.7.
Please consult the release notes and the Migration Guide for a more detailed description of the changes introduced with this release.
Member States can either use this release as a sample implementation for demonstration purposes or they can adapt it as a basis for their own eIDAS scheme.
The testing tools (demo SP, demo IdP) and the supplied Specific part, should be used for demo purposes only on your local machine, and should not be deployed in your infrastructure.
With each release, the CEF eID Team strives to improve users' CEF eID experience. Future versions of the eIDAS Technical Specifications will be further improved based on the feedback received on this current version.
Describes how to quickly install a Service Provider, eIDAS-Node Connector, eIDAS-Node Proxy Service and IdP from the distributions in this release package.
Facilitates migration from eIDAS-Node v1.4.4 to eIDAS-Node v1.4.5
Describes the steps involved when implementing a Basic Setup and goes on to provide detailed information required for customisation and deployment.
Describes the installation and configuration settings for Demo Tools (SP and IdP) supplied with the package for basic testing.
Describes the W3C recommendations and how SAML XML encryption is implemented and integrated in eID.
Provides guidance by recommending one way in which eID can be integrated into a national eID infrastructure for cross-border authentication.
Provides information on the eID implementation of error and event logging as a building block for generating an audit trail of activity on the eIDAS Network. It describes the files that are generated, the file format, the components that are monitored and the events that are recorded.
Contains tables showing the error codes that could be generated by components along with a description of the error, specific behaviour and, where relevant, possible operator actions to remedy the error.
Describes the security considerations that should be taken into account when implementing and operating your eIDAS-Node scheme.
European Union Public Licence.