eIDAS-Node PRE- RELEASE version 2.6

Pre-release

This page contains a collection of the resources for the eIDAS-Node RELEASE version 2.6, released on 15th April 2022

Description

Release 2.6 of the eIDAS sample implementation for Member States is an all-in-one package for the Java platform including binary distributions for WildFly, Tomcat, WebLogic, WebSphere and the source code (Maven project). This release is based on version 1.2 of the eIDAS Technical Specifications.

Main changes

• Addition of the support for PKCS11 AKA "HSM"
• Removal the in-code enforcement of the usage of the BouncyCastle provider
• Upgrade of OpenSaml dependencies from version 3.4.3 to version 4.1.1.
• Seeing as the migration to OpenSaml 4 requires an upgrade to Java 11 (11_0_20), the supported list of servers has been changed with server that can support java 11.
• The supported list of servers is now the following :
  • Tomcat v9.0.58
  • Wildfly 23.0.2 Final (Servlet Distribution)
  • Weblogic 14.1.1.0.0
  • WebSphere Liberty 21.0.0.5 (WebProfile 8)
• Removal of Hazelcast support
• Simplification of the eIDAS-Node default parameters
  • Most of entries in external configuration do not need to be explicitly defined anymore.
  • SAML Engine has now default configuration.
• Removal of stork's QAA related code
• Improvement of (default) configuration for SAML engine
• ConfigurationSecurityBean code cleaning
• Replacement of JKS keystores by PKCS12 keystores inside the sources
• Disabled support for TLSv1.0 & TLSv1.1 in Java 11 revision 11
• New metadata signature algorithm configuration entry
• New key encryption Agreement Method algorithm configuration Entry
• Use SHA-256 as Digest method with RSA-OAEP encryption
• Error page adaptation to include contact details
• Remove validation of 2 maximum number of MDSs
• Junit tests coverage improvements

Improvements from PRE-RELEASE 2.6:

• Upgrade dependencies:
  • BouncyCastle: to version v. 1.70
  • Logback-classic: to v. 1.2.9
• BORIS sector specific attributes are configured/supported in the default configuration
• Further restricted allowed HTTP codes
• Fixed RSA decryption 2.6 pre-release limitation

Limitations:

• Using NIST Curve P-521 (aka secp521r1) results in different signature sizes

Other changes

• Bug fixes
• Security fixes
• Source code fixes
• Documentation fixes
• Updates in dependencies

Interoperability

• This Release  has been successfully tested for interoperability with previous releases of eIDAS-Node versions v2.5.0 and v1.4.5
• This Release  was successfully tested and works with Middleware version 2.2.6
• For a more detailed description of the changes introduced with this release please consult the section “3 Changes” found in the eIDAS-Node Migration Guide.
• Member States can use this release as a sample implementation for demonstration purposes or they can adapt it as a basis for their own eIDAS scheme.
• The testing tools (demo SP, demo IdP), the supplied Specific part and the Simple Protocol, should be used for demo purposes only on your local machine, and should not be deployed in your infrastructure.
• Member States may report any issue or bug related to the eIDAS-Node release v2.6. They can do so by raising a ticket at the CEF EID Support (https://ec.europa.eu/digital-building-blocks/tracker/plugins/servlet/desk/portal/7)

Data integrity

MD5

SHA-256

Release note

Useful documentation