Release Notes – InAcademia

Adds support for Authorization Code Grant. Implicit flow will continue to be supported, until end of 2023 or until the IETF OAuth Working Group specifies removal from Best Practice (whichever is sooner). Further information can be found in our Implementation Guidelines. Requires no changes to merchant workflows unless the merchant wishes to use this flow. Please contact us if you would like to update your workflow from Implicit to Authorization Code Grant.
Adds support for SATOSA 8.1.1
Scope now returned in the id_token

Adds support for aarc_idp_hint parameter, requiring expression of IdP Hints using URL-encoded entityIDs. Note that support for the idp_hint claim and idp_hint parameter are now scheduled for deprecation and will be removed from support in August 2022.
IdP Hint of the requested IdP will be returned in the id_token by default when expressed using either the idp_hint or aarc_idp_hint parameter.
Add support for pysaml2 v7.1.1
Further enhancements to internal logging and debugging capabilities.

User consent screen has been re-designed for optimised for mobile device responsiveness:
- Action buttons shuffle above the narrative on mobile screens (e.g. portrait view iPhone X, iPhone 6/7/8 Plus, iPhone 5/SE, Galaxy S5, Galaxy S9)
- Merchant logo is removed on very small mobile screens in portrait view (but remains on landscape view)
- This is designed to ensure that users are presented with the most vital pieces of information and are explicitly aware that action is required to proceed.
Handle users that click ‘OK, accept’ multiple times at consent.
Further logging and debugging enhancements.

User consent screen re-designed to present high-level description and affiliation to be verified before an expandable detailed information section.
Improved handling of ‘state lost’ at consent: users that click back after indicating deny/accept consent will now be directed to https://inacademia.org/error-transaction-already-completed/ and encouraged to return to the merchant’s website.
Any uncaught exceptions will now be directed to: https://inacademia.org/unknown-error/ which encourages the user to return to the merchant’s website.
Further enhancements to internal logging and debugging capabilities.

Support for SaToSa v7.0.3
User consent screen translated to Italian and Swedish
Adds support for subject_id (refer to reuse_detection feature released in v2.8.0)
Improved handling of ‘state lost’ at consent.
User consent screen now presents only the claims to be validated, not all claims received.
Further enhancements to internal logging and debugging capabilities.

Updates existing error handling in the event
- that an invalid or mismatching redirect_uri is received or if the redirect_uri is missing
- an invalid client_id is received or if the client_id is missing
- an invalid scope is received
- an invalid or unsupported response_type is received or if the response_type is missing
Introduces the new ‘reuse detection’ feature alongside support for pairwise_id
Now supports affiliations returned in uppercase format
Consent screen now supports French language snd presents only the affiliations to be validated for the merchant
Further enhancements to internal logging, monitoring and debugging capabilities

Improves error handling in the event that an unsupported claim is received
Introduces error handling in the event that a claim in an unsupported format is received
Introduces handling for an entityID error.
Further enhancements to internal logging, monitoring and debugging capabilities

Fixed issue with alias micro service in case the alias was not directing to a known resource
Improved error message in case a request was made for a claim that is not allowed
Updated consent screen and associated translations
Updated service OIDC metadata .wellknown endpoint to better reflect supported configuration(s)
Improved SAML support by accepting both signed assertions or signed responses
Support for ‘affiliate’ verification removed

Adds dependencies to resolve interoperability with Shibboleth 4.0 IdP providing enhanced support for Shibboleth v4 encryption profiles
Improves logging of user flow
Localizes all js and css dependencies for consent screen.

Updated dependencies:

Based on feedback from our pilot partners we have improved the features of the InAcademia service. In addition some issues were fixed.

We consolidated our SAML backend to one and for better interaction with institutions.
We support discovery hinting
We support redirect to a custom error page when the IdP doesn’t release necessary attributes.
We improved support for affiliation attribute handling.
We have improved support for getting the domain claim.
We have improved support for generating persistent pairwise sub.
We support generating transient pairwise sub even if we don’t get one from the institution.
We support Identity Provider blacklisting.
We support offloading audit logs to a log server for statistics.
We have a new UI for the consent screen.
We have improved error messages and handling.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.