Org Identities Support Extended Types
Registry v4.1.0 enables Extended Types for Org Identities. This does not require any special consideration for most deployments, however deployments that are still relying on Organizational Identity Pooling cannot use this feature, and may encounter issues with related operations. As Organizational Identity Pooling has been deprecated since v3.1.0, and will be removed entirely from v5.0.0, deployments using Organizational Identity Pooling should migrate away from it before upgrading to this release.
Data Filter Plugin Contexts
Registry v4.1.0 adds an additional context to Data Filter Plugins. Existing plugins must be updated to define $supportedContexts.
HttpServer Authentication Type
Registry v4.1.0 adds an Authentication Type field to HttpServer configurations. By default, all HttpServer configurations will be updated to use Basic Authentication. Any existing HttpServer that does not use any authentication should be manually set to Authentication Type None.
Font Awesome Removed
In an effort to use only Apache "Category A" licenses, Registry v4.1.0 has removed Font Awesome and is using Material Icons exclusively for our icon set. If you have used Font Awesome in a plugin, either switch to using Material Icons or include Font Awesome directly in your plugin.
You can browse and search for Material Icons at https://fonts.google.com/icons?icon.set=Material+Icons, and switching from Font Awesome to Material Icons would look something like this:
<span class="fa fa-sign-out"></span>
becomes
<em class="material-icons" aria-hidden="true">logout</em>
Match System of Record Label Configuration Moved
Registry v4.1.0 moves the System of Record Label configuration used for Integrating With ID Match from the Match Server to the Organizational Identity Source or Enrollment Flow configuration. (This allows support for Match Resolution Notification Configuration.) Note that each configuration must have a unique System of Record Label, another change from earlier versions.
Additionally, API Source no longer maintains its own System of Record Label, but instead uses the parent Organizational Identity Source label.
These configurations must be manually migrated, be sure to note any existing labels before upgrading.
Kafka Configuration Changes (ApiSource)
The Kafka interface in Registry v4.1.0 now uses the low level consumer, and attempts to read messages in batches. Certain Kafka configuration options that were set via ApiSource's poll mode configuration have moved to the KafkaServer configuration instead. These configurations must be manually migrated, be sure to note any settings before upgrading.
Changes to Presentation of T&C During Enrollment
During an Enrollment Flow, if Petitioner Enrollment Authorization is set to None or Authenticated User, Terms & Conditions will now be presented immediately after Petitioner Attributes.
Self Service Authenticator Reset Moved to Recovery Dashboard Widget
The Self Service Password Reset mechanism has moved from the Password Authenticator Plugin to the new Recovery Dashboard Widget. There is no automatic migration of this configuration, the Recovery Dashboard Widget must be instantiated and configured to enable Authenticator Reset functionality.